Therefore a web site's identity and the integrity of online transactions cannot be truly trusted unless the SSL private keys are kept absolutely secret. The problem is that many sites still store their cryptographic keys in the memory of their web servers. But because of the inherent very random nature of the data that makes up these keys, a quick memory scan will easily identify where they are stored - making them vulnerable to attack. The most effective means of protecting private keys therefore is to store and process them in a secure hardware device or hardware security module (HSM) that will ensure that private keys are always protected from compromise.
The tamper-resistant security modules integrate directly with a web server and store all the private keys and host all cryptographic functions. The most secure devices - such as nCipher's nShield HSM - are validated to FIPS 140-2 Level 3, the most widely recognised security benchmark for secure cryptographic modules.
The importance of securing keys in hardware has also been recognised by VeriSign, the world's leading provider of digital certificates. For the first time a commercial SSL certificate has been created specifically for organisations that wish to protect their website with hardware.
VeriSign and nCipher have joined forces to counter the threat of web site spoofing and online data theft with a new premium grade VeriSign SSL certificate that is protected in a FIPS 140-2 certified HSM throughout its lifecycle.
Companies implementing VeriSign's Hardware Protected SSL Certificate will be able to display a distinct VeriSign Secure Site Seal on their websites that will giver users greater confidence in doing business online.
Beyond the web server
With hardware security, SSL is capable of authenticating the website and securing data as it travels between a browser and a web server - but what risks lay beyond the web server? After all, if an SSL session is terminated on a web server and sensitive information - such as a password and PIN for example - is unencrypted and left exposed, the point of weakness is simply shifted. This is in fact a common scenario, as authentication information often needs to be stripped and compared with data stored in a back-end database for validation.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.