Welcome to Ewon's Blog

Discover how Ewon solutions can turn your IIoT ambitions into reality!

Cybersecurity, a step further : Secrets, vaults and key ceremonies

by Jean-David Epaillard | Jul 06, 2021



Hardware based security raises the bar of confidentiality, authenticity, and integrity capabilities at a new level by immutably storing keys used in hardware root of trust, secure boot and code signing. However, three new challenges must be handled:

  • Safe creation of the secrets
  • Safe storage, access, and usage of the secrets
  • Safe provisioning on the devices.

Indeed, if the secrets are leaked, the entire solution falls.

Secret creation & Electronic vault

First of all, the needed keys used by the device to operate must be created during the development phase. Best type of cryptography and keys size are selected according to the usage of each key. In a zero-trust security environment, the creation of these secrets cannot be entrusted to a human but are rather centrally created and stored in an electronic vault according to the specification chosen.

If this vault and the secrets it contains are so sensitive, how can it be ensured that its configuration and access cannot be tampered, that secrets have been produced according to the chosen specifications? How to ensure that secrets have not been made visible during a single second before being locked into the safe? It is the purpose of a key ceremony.

What is a "Key Ceremony" ?

In cryptography, the key ceremony is a session that oversees the modalities of generation and preservation of the secrecy of cryptographic objects.

In a key ceremony, a quorum of selected actors, let us call them keys masters, have, jointly, the possibility to open the safe, change its configuration or its content. No single actor can do these operations without the help of the minimum threshold of keys masters. Indeed, you would not let the key to the kingdom to a single person.

A key ceremony follows a bullet proof scenario, has witnesses, and is documented. Secrets are created inside the vault and are never revealed publicly even to the keys masters. The smallest incident during a key ceremony (something not planned by the scenario) would lead to a doubt about the confidentiality or integrity of secrets. It therefore invalidates the whole ceremony, that must be restarted.

All operations concerning secrets related to the Ewon Cosy+ are handled through Key Ceremonies

The vault tightly controls access to secrets and only identified processes or applications can request tokens, passwords, certificates, and encryption keys. It can also perform cryptographic operations.

As an example of kept secrets in the vault, we mentioned in a previous post that on the Cosy+, every firmware update was signed before being released. It is of the utmost importance to ensure that firmware updates are signed at Ewon before being publicly released and authenticated by the device before being installed.

We know that a signature process involves the usage of a private key. This private key is typically one of the secrets kept in our vaults and not know by anyone but that can be accessed by the firmware signature process. The device itself holds the public key used to confirm the signature.

Secrets implementation during manufacturing

Secrets generated during development phase must be implemented in the devices during manufacturing, while ensuring the chain of trust is not broken.

This is usually done by dedicated partners with strong security maturity and quality insurance whose task is to pre-provision secrets in the secured locations of the device. Once again, transmission of secrets from one secure safe to another one without exposing it at any moment is made through a key ceremony.

Discover Ewon's professional cybersecurity approach

Security is our first priority - Security

Industrial Routers

Ewon Industrial Routers for Easy and Secure Connectivity

Enjoy the benefits of on-demand remote access, collect and aggregate industrial operations data locally or centrally in the cloud.
Your machine portal

Web Dashboard: M2Web

The free white label web portal of Talk2M providing secure mobile access to your remote HMI, web server, PC and panels.
Remote Access VPN client

Smart VPN Client: Ewon eCatcher

The Talk2M Remote Connectivity software enabling you to connect within a high secure environment to all your devices.
Connectivity as a Service

Industrial Cloud: Ewon Talk2M

Discover Talk2M, a scalable, reliable, and fully redundant Industrial Cloud.