Hardware security module

Last updated
An HSM in PCIe format NCipher nShield F3 Hardware Security Module.jpg
An HSM in PCIe format

A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. [1] These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips. [2] [3]

Contents

Design

HSMs may have features that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the HSM inoperable, or tamper responsiveness such as deleting keys upon tamper detection. [4] Each module contains one or more secure cryptoprocessor chips to prevent tampering and bus probing, or a combination of chips in a module that is protected by the tamper evident, tamper resistant, or tamper responsive packaging. Some of the HSMs are also using secure multi-party computation to protect the keys they manage [5] . A vast majority of existing HSMs are designed mainly to manage secret keys. Many HSM systems have means to securely back up the keys they handle outside of the HSM. Keys may be backed up in wrapped form and stored on a computer disk or other media, or externally using a secure portable device like a smartcard or some other security token. [6]

HSMs are used for real time authorization and authentication in critical infrastructure thus are typically engineered to support standard high availability models including clustering, automated failover, and redundant field-replaceable components.

A few of the HSMs available in the market have the capability to execute specially developed modules within the HSM's secure enclosure. Such an ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The modules can be developed in native C language, .NET, Java, or other programming languages. Further, upcoming next-generation HSMs [7] can handle more complex tasks such as loading and running full operating systems and COTS software without requiring customization and reprogramming. Such unconventional designs overcome existing design and performance limitations of traditional HSMs while providing the benefit of securing application-specific code. These execution engines protect the status of an HSM's FIPS or Common Criteria validation. [8]

Certification

Due to the critical role they play in securing applications and infrastructure, general purpose HSMs and/or the cryptographic modules are typically certified according to internationally recognized standards such as Common Criteria (e.g. using Protection Profile EN 419 221-5, "Cryptographic Module for Trust Services") or FIPS 140 (currently the 3rd version, often referred to as FIPS 140-3). Although the highest level of FIPS 140 security certification attainable is Security Level 4, most of the HSMs have Level 3 certification. In the Common Criteria system the highest EAL (Evaluation Assurance Level) is EAL7, most of the HSMs have EAL4+ certification. When used in financial payments applications, the security of an HSM is often validated against the HSM requirements defined by the Payment Card Industry Security Standards Council. [9]

Uses

A hardware security module can be employed in any application that uses digital keys. Typically, the keys would be of high value - meaning there would be a significant, negative impact to the owner of the key if it were compromised.

The functions of an HSM are:

HSMs are also deployed to manage transparent data encryption keys for databases and keys for storage devices such as disk or tape.

HSMs provide both logical and physical protection of these materials, including cryptographic keys, from disclosure, non-authorized use, and potential adversaries. [10]

HSMs support both symmetric [11] and asymmetric (public-key) cryptography. For some applications, such as certificate authorities and digital signing, the cryptographic material is asymmetric key pairs (and certificates) used in public-key cryptography. [12] With other applications, such as data encryption or financial payment systems, the cryptographic material consists mainly of symmetric keys. [13]

Some HSM systems are also hardware cryptographic accelerators. They usually cannot beat the performance of hardware-only solutions for symmetric key operations. However, with performance ranges from 1 to 10,000 1024-bit RSA signs per second, HSMs can provide significant CPU offload for asymmetric key operations. Since the National Institute of Standards and Technology (NIST) is recommending the use of 2,048 bit RSA keys from year 2010, [14] performance at longer key sizes has become more important. To address this issue, most HSMs now support elliptic curve cryptography (ECC), which delivers stronger encryption with shorter key lengths.

PKI environment (CA HSMs)

In PKI environments, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle asymmetric key pairs. In these cases, there are some fundamental features a device must have, namely:

On the other hand, device performance in a PKI environment is generally less important, in both online and offline operations, as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

Card payment system HSMs (bank HSMs)

Specialized HSMs are used in the payment card industry. HSMs support both general-purpose functions and specialized functions required to process transactions and comply with industry standards. They normally do not feature a standard API.

Typical applications are transaction authorization and payment card personalization, requiring functions such as:

The major organizations that produce and maintain standards for HSMs on the banking market are the Payment Card Industry Security Standards Council, ANS X9, and ISO.

SSL connection establishment

Performance-critical applications that have to use HTTPS (SSL/TLS), can benefit from the use of an SSL Acceleration HSM by moving the RSA operations, which typically requires several large integer multiplications, from the host CPU to the HSM device. Typical HSM devices can perform about 1 to 10,000 1024-bit RSA operations/second. [15] [16] Some performance at longer key sizes is becoming increasingly important. Specialized HSM devices can reach numbers as high as 20,000 RSA operations per second. [17] To address this issue, some HSMs [18] now support ECC.

DNSSEC

An increasing number of registries use HSMs to store the key material that is used to sign large zonefiles. OpenDNSSEC is an open-source tool that manages signing DNS zone files.

On January 27, 2007, ICANN and Verisign, with support from the U.S. Department of Commerce, started deploying DNSSEC for DNS root zones. [19] Root signature details can be found on the Root DNSSEC's website. [20]

Blockchain and HSMs

A Trezor model T hardware wallet Trezor Model T.jpg
A Trezor model T hardware wallet

Blockchain technology depends on cryptographic operations. Safeguarding private keys is essential to maintain the security of blockchain processes that utilize asymmetric cryptography.

The synergy between HSMs and blockchain is mentioned in several papers, emphasizing their role in securing private keys and verifying identity, e.g. in contexts such as blockchain-driven mobility solutions. [21] [22] Cryptocurrency private keys can be stored in a cryptocurrency wallet on a HSM. [23]

Cryptographic operations performed by Fabric nodes in the Hyperledger framework support delegation to a Hardware Security Module. [24]

Client-side encryption with HSM

Cloud providers (eg. Google announced its client-side encryption solution in 2023) introduced different methods for allowing customer data stored on their servers to be encrypted (and decrypted) with HSM devices owned or controlled by the customer.

See also

Notes and references

  1. Sommerhalder, Maria (2023), Mulder, Valentin; Mermoud, Alain; Lenders, Vincent; Tellenbach, Bernhard (eds.), "Hardware Security Module", Trends in Data Protection and Encryption Technologies, Cham: Springer Nature Switzerland, pp. 83–87, doi: 10.1007/978-3-031-33386-6_16 , ISBN   978-3-031-33386-6 , retrieved 2023-09-12
  2. Ramakrishnan, Vignesh; Venugopal, Prasanth; Mukherjee, Tuhin (2015). Proceedings of the International Conference on Information Engineering, Management and Security 2015: ICIEMS 2015. Association of Scientists, Developers and Faculties (ASDF). p. 9. ISBN   9788192974279.
  3. Gregg, Michael (2014). CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-002. John Wiley & Sons. p. 246. ISBN   9781118930847.
  4. "Electronic Tamper Detection Smart Meter Reference Design". freescale. Retrieved 26 May 2015.
  5. admin (2020-02-25). "Extraordinary Hungarian development gaining ground in new areas". REAL security. Retrieved 2024-02-05.
  6. "Using Smartcard/Security Tokens". mxc software. Retrieved 26 May 2015.
  7. "World's First Tamper-Proof Server and General Purpose Secure HSM". Private Machines. Retrieved 7 March 2019.
  8. Barker, Elaine; Barker, William C (2019). "Recommendation for key management". Gaithersburg, MD. doi: 10.6028/nist.sp.800-57pt2r1 .{{cite journal}}: Cite journal requires |journal= (help)
  9. "Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards". www.pcisecuritystandards.org. Retrieved 2018-05-01.
  10. "Support for Hardware Security Modules". paloalto. Archived from the original on 26 May 2015. Retrieved 26 May 2015.
  11. "Secure Sensitive Data with the BIG-IP Hardware Security Module" (PDF). F5. F5 Networks. 2012. Retrieved 2023-04-28.
  12. "Application and Transaction Security / HSM". Provision. Retrieved 26 May 2015.
  13. "IBM i: Cryptography concepts". www.ibm.com. Retrieved 2023-03-29.
  14. "Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths". NIST. January 2011. Retrieved March 29, 2011.
  15. F. Demaertelaere. "Hardware Security Modules" (PDF). Atos Worldline. Archived from the original (PDF) on 6 September 2015. Retrieved 26 May 2015.
  16. "Preparing to Issue 200 Million Certificates in 24 Hours - Let's Encrypt". Let's Encrypt . Retrieved 2021-05-19.
  17. "SafeNet Network HSM - Formerly Luna SA Network-Attached HSM". Gemalto. Retrieved 2017-09-21.
  18. "Barco Silex FPGA Design Speeds Transactions In Atos Worldline Hardware Security Module". Barco-Silex. January 2013. Retrieved April 8, 2013.
  19. "ICANN Begins Public DNSSEC Test Plan for the Root Zone". www.circleid.com. Retrieved 2015-08-17.
  20. Root DNSSEC
  21. Shbair, Wazen M.; Gavrilov, Eugene; State, Radu (May 2021). "HSM-based Key Management Solution for Ethereum Blockchain". 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). pp. 1–3. doi:10.1109/ICBC51069.2021.9461136. ISBN   978-1-6654-3578-9. S2CID   235637476.
  22. Pirker, Dominic; Fischer, Thomas; Witschnig, Harald; Steger, Christian (January 2021). "Velink - A Blockchain-based Shared Mobility Platform for Private and Commercial Vehicles utilizing ERC-721 Tokens". 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP). pp. 62–67. doi:10.1109/CSP51677.2021.9357605. ISBN   978-1-7281-8621-4. S2CID   232072116.
  23. "Gemalto and Ledger Join Forces to Provide Security Infrastructure for Cryptocurrency Based Activities". gemalto.com. 4 October 2017. Retrieved 2020-04-20.
  24. "Using a Hardware Security Module (HSM) — hyperledger-fabricdocs main documentation". hyperledger-fabric.readthedocs.io. Retrieved 2023-08-07.
Listen to this article (10 minutes)
Sound-icon.svg
This audio file was created from a revision of this article dated 12 October 2023 (2023-10-12), and does not reflect subsequent edits.
(Audio help  · More spoken articles)

Related Research Articles

<span class="mw-page-title-main">Secure cryptoprocessor</span> Device used for encryption

A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.

Articles related to cryptography include:

<span class="mw-page-title-main">Zeroisation</span>

In cryptography, zeroisation is the practice of erasing sensitive parameters from a cryptographic module to prevent their disclosure if the equipment is captured. This is generally accomplished by altering or deleting the contents to prevent recovery of the data.

Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.

There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.

The Federal Information Processing Standard Publication 140-2,, is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001, and was last updated December 3, 2002.

<span class="mw-page-title-main">TLS acceleration</span> Method to accelerate Transport Layer Security

TLS acceleration is a method of offloading processor-intensive public-key encryption for Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) to a hardware accelerator.

The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules.

NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified information and most classified information.

<span class="mw-page-title-main">Trusted Platform Module</span> Standard for secure cryptoprocessors

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889.

The Microsoft Windows platform specific Cryptographic Application Programming Interface is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography. It is a set of dynamically linked libraries that provides an abstraction layer which isolates programmers from the code used to encrypt the data. The Crypto API was first introduced in Windows NT 4.0 and enhanced in subsequent versions.

<span class="mw-page-title-main">Network Security Services</span> Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

In cryptography, a key ceremony is a ceremony held to generate or use a cryptographic key.

The IBM 4764 Cryptographic Coprocessor is a secure cryptoprocessor that performs cryptographic operations used by application programs and by communications such as SSL private key transactions associated with SSL digital certificates.

Utimaco Atalla, founded as Atalla Technovation and formerly known as Atalla Corporation or HP Atalla, is a security vendor, active in the market segments of data security and cryptography. Atalla provides government-grade end-to-end products in network security, and hardware security modules (HSMs) used in automated teller machines (ATMs) and Internet security. The company was founded by Egyptian engineer Mohamed M. Atalla in 1972. Atalla HSMs are the payment card industry's de facto standard, protecting 250 million card transactions daily as of 2013, and securing the majority of the world's ATM transactions as of 2014.

Nitrokey is an open-source USB key used to enable the secure encryption and signing of data. The secret keys are always stored inside the Nitrokey which protects against malware and attackers. A user-chosen PIN and a tamper-proof smart card protect the Nitrokey in case of loss and theft. The hardware and software of Nitrokey are open-source. The free software and open hardware enables independent parties to verify the security of the device. Nitrokey is supported on Microsoft Windows, macOS, Linux, and BSD.

The IBM 4765 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed.

The IBM 4767 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

The IBM 4768 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

The IBM 4769 PCIe Cryptographic Coprocessor is a hardware security module (HSM) that includes a secure cryptoprocessor implemented on a high-security, tamper resistant, programmable PCIe board. Specialized cryptographic electronics, microprocessor, memory, and random number generator housed within a tamper-responding environment provide a highly secure subsystem in which data processing and cryptography can be performed. Sensitive key material is never exposed outside the physical secure boundary in a clear format.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.