Securing digital identities: from the deployment to the analysis of a PKI ecosystem with virtual HSMs leveraging open-source tools

Alessandro Loconsolo

Securing digital identities: from the deployment to the analysis of a PKI ecosystem with virtual HSMs leveraging open-source tools.

Rel. Antonio Lioy. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2024

Preview	PDF (Tesi_di_laurea) - Tesi Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (2MB) \| Preview
	Archive (ZIP) (Documenti_allegati) - Altro Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (67kB)

Abstract

The objective of this work is to implement a PKI using exclusively open-source tools, with a particular focus on the integration of EJBCA CE with a virtual HSM. The primary goal is to establish trust between the Authorities and the End Entities within the ecosystem and then to identify the principal challenges that might be encountered during the deployment, from a security, performance and management point of view. The system has been implemented within a containerised environment, with Docker Compose orchestrating the modules of the infrastructure. The designed architecture comprises two EJBCA CE instances, which have been configured as the CA and the VA, respectively.

Each instance is equipped with its own database and virtual HSM, and its functionalities are subject to RBAC, thereby ensuring that the principle of least privilege is upheld for the entities within the organisation