•
Softcard protected application keys
•
Module/Module Pool protected application keys
Recovery Action
Revoke application key and destroy the Security World, since all application keys in this
Security World must now be considered as compromised.
Destruction of the Security World is achieved by erasing/destroying the ACS.
Destroy the HSM as its integrity can no longer be guaranteed.
Create a different Security World on new/different HSMs (with a new ACS).
Note that erasing the ACS will prevent a lost/stolen backup being reloaded on to a new
HSM.
11.3.3. Compromised Key or Secret: Pass phrase for softcard is
compromised
Compromise Type
Lost or observed
Impact
The application keys protected by the softcard are under the control of the attacker
Recovery Action
Revoke application key protected by softcard. If unable to revoke the key, isolate the
HSM so that no system can use it.
Erase all copies of blobs associated with the application key protected by softcard in
kmdata/rfs/backups to prevent attacker trying to use keys with stolen pass phrase.
Create replacement application keys under new softcards.
11.3.4. Compromised Key or Secret: A quorum of OCS cards is
compromised
Compromise Type
Lost or stolen
Impact
The application keys protected by the OCS are under the control of the attacker
nShield® Security Manual 72 of 90
To Next Page
Loading...
