Is there any security best practice regarding using a HSM to store the private key of the Token Signing Certificate? Microsoft state that the "Federation servers require token-signing certificates to prevent attackers from altering or counterfeiting security tokens in an attempt to gain unauthorized access to federated resources. The private/public key pairing that is used with token-signing certificates is the most important validation mechanism of any federated partnership because these keys verify that a security token was issued by a valid partner federation server and that the token was not modified during transit"
So if the private/public key is that important would it make sense that the private key is stored on a HSM? We are planning to have a network attached HSM, so all AD FS servers could access it, but I'm assuming that everytime a token is signed in our large environment the private key will have to be retrieved from the HSM. We are using AD FS for SSO on Office 365.
So to summarise my questions:
- Is there any security best practices regarding the storage of the Token Signing Certificate's private key?
- Can we store the private key on a HSM?
- If we use a network HSM would they be a large amount of network traffic generated between the AD FS servers and the networked HSM?
I'd be keen to know if anyone else has used a HSM for the storage of the Token Signing Certificate's private key and what their experiences are.
I'm not sure there are any documented best practices out there at the moment for this sort of thing. Maybe someone from the support team can chime in with a more specific answer, but this is how I see it.
1. Yes you can store the private keys in an HSM. I believe it requires some manual configuration though as you have to fiddle with Certificate Stores and CSPs.
2. I think ADFS internally caches the keys (just an observation though) so ADFS won't call into the HSM every time a signature needs to be created. In the event that the HSM offloads the actual crypto work then there would be a ton of network traffic as ADFS would have to call the HSM every time a token needs to be issued.
Developer Security MVP | www.syfuhs.net
Notwithstanding Steve's comments concerning in-memory processing of signatures, I'd be interested in seeing whether a similar mechanism is available using a the TPM via a CSP to store private keys. This is likely to be vendor/server specific, but if anyone has any experience of this, would appreciate any feedback.