The Chicken & Egg Secret Protection Problem in Micro-services
Dec 23, 2019
Alice keeps all her passwords in an Excel file on her desktop. However, she was told it is a very bad practice, since Eve can easily get access to the computer, read the file,and access Alice passwords and accounts. To enhance her security, Alice got a password protection software, KeePass, and she now saves all her passwords safely there – except for her KeePass password, which Alice keeps in an Excel file on her desktop.
Good news for Eve . . .
Switch Alice with any micro-service in your environment, Password with your application secrets, certificate private keys, encryption keys, and KeyPass with any enterprise KMS. And you realize you have Alice’s problem in your production environment.
It’s an often over looked and underrated cryptographic problem called secret-zero. It happens when you use one secret to protect another secret. Naturally, you must now protect the new secret. This concept of nesting secrets always leaves one last secret to protect. Your secret-zero.
The secret-zero problem has much bigger effect in computer systems, data centers, and cloud environments, where credentials allow access among systems and there’s a need to ensure that malware or hacking attempts fail in accessing data or moving laterally within an organization.
Protecting these credentials is not trivial, even though it is sometimes perceived as such. According to the Verizon Data Breach Investigation Report, 81% of all hacking-related breaches used compromised credentials.
The problem arises again when companies attempt to secure their data by encrypting it, under the impression that stolen encrypted data is useless to the attacker. That is true,of course, if the attacker did not also steal the decryption key; and the vicious cycle starts again. Just ask Alice.
Several common ways exist to try to secure secrets; most make the secret harder and harder to steal, but it only shifts the problem toward the secret-zero. These solutions include systems like Hashicorp Vault,Key Management Systems (KMS) and Hardware Security Modules (HSM). Using a combination of these tools make your secret-zero harder to steal, but at the end of the day, how do those systems decide who to give the secret to? Why wouldn’t they give it to Eve? The common solution is for workloads to authenticate themselves against these services via a token or another secret (and by now you get it, how do you protect this new secret?).
To solve the secret-zero problem,Cyber Armor has developed a unique approach to zero trust and workload authentication which is based on code-DNA of workloads. Using this authentication is like using Alice retinal scan instead of a password. We use moving target defense that makes the secret-zero key disappear, providing it only to strongly authenticated workloads in such a way that the key never exists in memory.
Hope you found our content interesting. We always appreciate getting feedback and discussing our ideas, please feel free to drop us a line, we make sure to answer everyone [email protected]