Development of a secure key management system for the SEcube Security Platform

The massive digitization of services and the widespread use of electronic devices pose important problems in terms of privacy and data security, leading to significant investments by governments, companies, and organizations in cybersecurity solutions. Cybersecurity is a complex topic covering many issues; one of the most addressed of these is cryptography. The purpose of cryptography is to transform data into a form that is not intelligible by anyone except those who know a special value called “key”, whose role is like that of the key of a padlock which closes a box. The process of closing the box with the padlock is called encryption, while the reverse action is called decryption; the internal mechanism of the padlock is called algorithm. Just as in the case of a padlock, also in cryptography protecting the key is very important. This issue is known as key management, any flaw in handling the keys could make the entire encryption process useless. In most environments, the quantity of keys that must be handled is so significant that manual management is unfeasible and not secure. In order to address this issue, special solutions called Key Management Systems (KMS) are constantly being developed. This thesis aims at developing a simple KMS, called SEkey, based on the SEcube security platform. The SEcube is a hardware security module (HSM) used to execute security primitives such as encryption and decryption. SEkey is particularly focused on distributed environments where every actor resorts to a SEcube device as his security-oriented coprocessor. SEkey targets the management of the life cycle of encryption keys, the administration of users and of their groups and the supervision of multiple security policies. Leveraging open-source libraries such as SQLite, and the pre-existing SEcube software ecosystem, consisting of the device firmware and a set of computer-side APIs, the KMS was developed to be as compliant as possible with the best security standards. SEkey resorts to algorithms such as AES-256 and SHA-256 to guarantee confidentiality, integrity and authentication. The encryption keys are physically protected inside each SEcube device, whose access is limited according to the policies established by the administrator. The KMS is compatible with Windows and Linux, and it offers APIs that are easy to integrate in third-party software. SEkey can be used out-of-the-box with native SEcube applications, moreover it can be customized in order to meet ad hoc specifications. Because of specific requirements and SEcube hardware/software limitations, trade-offs were made, such as the mandatory ownership of a SEcube HSM for every user of the system. Additionally, the development of the KMS led to substantial improvements in the pre-existing SEcube software stack and to the creation of a library to manage encrypted SQL databases with the HSM. SEkey allows developers to create security configurations where the keys are automatically and safely distributed to the entitled users, moreover the users can be organized in groups with different properties, security policies and privilege levels, in order to enforce the physical and logical separation of the actors operating in a certain environment. Thanks to SEkey, the SEcube offers a solution to deal with the key management issue without requiring a deep knowledge of cybersecurity.