Hardware Security Module Definition
A hardware security module (HSM) is a dedicated cryptographic processor that manages and safeguards digital keys. Designed specifically to protect the crypto key lifecycle, hardware security modules perform encryption and decryption functions for strong authentication, digital signatures, and other cryptographic functions.
HSMs serve as trust anchors to create hardened, tamper-resistant environments for storing cryptographic keys. Traditionally, a hardware security module includes one or more secure cryptoprocessor chips and usually exists as an external device or plug-in card that attaches directly to a network server or computer.
What is a Hardware Security Module?
A general purpose hardware security module is a standards-compliant cryptographic device that uses physical security measures, logical security controls, and strong encryption to protect sensitive data in transit, in use, and at rest. An HSM might also be called a secure application module (SAM), a personal computer security module (PCSM), or a hardware cryptographic module.
The hardware security module creates a trusted environment for performing a variety of cryptographic operations, including key exchange, key management, and encryption. In this context, “trusted” means free of malware and viruses, and protected from exploits and unauthorized access.
An HSM can be trusted because:
- It is built atop certified, well-tested, specialized hardware.
- It runs a security-focused OS.
- Its entire design actively protects and hides cryptographic information.
- It has limited access to the network through a moderated interface that is strictly controlled by internal rules.
Without a hardware security module, ordinary operations and cryptographic operations take place in the same locations, so attackers can access ordinary business logic data alongside sensitive information such as keys and certificates. Hackers can install arbitrary certificates, expand unauthorized access, alter code, and otherwise dangerously impact cryptographic operations.
How Do Hardware Security Modules Work?
Encryption, the process of rendering sensitive data indecipherable except to those with authorized access, forms the basis for an HSM’s core functionality. Secure decryption and message authentication are also part of HSM functionality.
Randomly generated values are essential to the encryption process, because they are used to create encryption keys. Decrypting that sensitive information is always just one step away with the keys in hand, so storage of encryption keys in a secure environment is essential.
Hardware security modules generate and store encryption keys used among various devices. They have special hardware to create entropy and generate high quality random keys. Larger organizations may operate multiple HSMs concurrently instead of just one. Whether one or many HSMs are deployed, a streamlined, centralized key management system based on both external regulations and strong internal security policies improves security and compliance.
HSMs are typically certified to internationally recognized standards such as FIPS 140 or Common Criteria. This is related to the critical function of HSMs in securing infrastructure and applications, and the related need to ensure users that product and cryptographic algorithm design and implementation are sound. The highest achievable certification level of FIPS 140 security is Security Level 4. Users often validate the security of an HSM against the Payment Card Industry Security Standards Council’s defined requirements for HSMs in financial payments applications.
Hardware Security Module Architecture
HSMs may have tamper-proof or tamper-resistant features. For example, hardware security modules may show visible signs of logging and alerting, or may become inoperable if they are tampered with. Some HSMs may delete keys upon detection of tampering. Hardware security modules are typically protected by tamper resistant, tamper evident, or tamper responsive packaging, and contain one or multiple cryptoprocessor chips or a module containing a combination of chips to prevent bus probing and tampering.
HSMs can generally be clustered for high availability since they are often part of mission-critical infrastructure such as an online banking application or a public key infrastructure. Some hardware security modules enable business continuity and conform to the high-availability requirements of data center environments. For example, they may feature field replaceable components or dual power supplies to ensure availability in spite of disaster.
Some HSMs can internally execute specially developed modules in native C language, Java, .NET, or other programming languages. Such a capability can assist an organization that needs to execute business logic or special algorithms in a trusted environment. Next-generation hardware security modules can often tackle running and loading COTS software and operating systems and other complex tasks without demanding complete reprogramming and customization.
Hardware Security Module Applications
Any application that employs digital keys may use a hardware security module. Generally, to justify the use of an HSM, compromise of the keys would need to cause serious, negative impact. In other words, digital keys must be of high value to be generated and maintained in a hardware security module USB or other device.
The key functions of an HSM are as follows:
- For a certificate authority, the HSM is an onboard cryptographic key generation and secure key storage facility, particularly for master keys, or the most sensitive, top level keys.
- Assists in the authentication process by verifying digital signatures.
- Verifies integrity of sensitive data stored in relatively less secure locations such as databases and encrypts the sensitive data securely for storage.
- Generates secure keys for smart card production.
- Manages keys for storage devices such as tape or disk and transparent data encryption keys for databases.
- Provides both physical and logical protection of sensitive information, including cryptographic keys, from non-authorized use, disclosure, and potential attackers.
- Supports both asymmetric or public-key cryptography and symmetric cryptography.
- Some HSM systems act as hardware cryptographic accelerators for SSL connections and many offer asymmetric key operations significant CPU offload. Most HSMs also now support elliptic curve cryptography (ECC), which provides stronger encryption despite shorter key lengths.
- For applications that are performance-critical and must use HTTPS (SSL/TLS), an SSL acceleration HSM can relocate RSA operations from the host CPU to the HSM device. RSA operations usually demand several large integer multiplications, and typical hardware security modules can perform about 1 to 10,000 1024-bit RSA operations/second. Certain specialized hardware based security modules can achieve 20,000 operations per second.
- In PKI environments, registration authorities (RAs) and certification authorities (CAs) may use HSMs to generate, manage, and store asymmetric key pairs.
- Bank hardware security modules or card payment system hardware security modules are specialized HSMs applied in the payment card industry. As such, these HSMs support both typical hardware security module functions and specialized functions that transaction processing and industry standards for compliance demand. Typical applications are personalization of payment cards and authorization of transactions. The major standard-setting organizations for banking HSMs are ANS X9, the Payment Card Industry Security Standards Council (PCISSC), and ISO.
- Some registries store core material for signing large zone files in HSMs. For example, OpenDNSSEC is an open source hardware security module tool for managing signing of DNS zone files.
- HSMs can be used as cryptocurrency wallets.
HSMs vs Trusted Execution Environments (TEEs) and Trusted Platform Modules (TPMs)
A trusted execution environment (TEE) is a secure area created as part of a main computer processor. It is designed to ensure that data and code inside the TEE is protected in terms of integrity and confidentiality.
A trusted platform module (TPM) is a special chip designed and soldered into the motherboard so that accessing its secret keys is both difficult and immediately obvious. This physical step is intended to provide a hardware source of trust in the computing system. TPMs do not generally add computational capacity although they can offer some basic capabilities such as random keys generation, or the encryption of small amounts of data.
A hardware security module, in contrast, keeps the encryption keys external to the operating system. Although there is some overlap between TEEs, TPMs, and HSMs, they are not the same and do not provide identical benefits. Like TPMs, HSMs also make physical tampering obvious, but they tend to provide higher levels of protection than both TPMs and TEEs.
Some argue that HSMs need not depend on physical tamper protection and proprietary hardware architectures any longer. Instead, they can exploit the security properties of TEEs to create a “soft HSM” or virtual hardware security module. For example, Google’s Cloud HSM is billed as a cloud hardware security module, a totally virtual service version of the HSM.
These solutions certainly simplify scaling using cloud-native technologies. However, an even greater level of security can be achieved by implementing an HSM using those same cloud-native technologies to improve performance and reduce operational challenges related to hardware.
- TEEs offer a general, built-in processing environment. They are part of a chipset.
- TPMs provide limited processing capacities, measurement of the boot sequence and other components, and a physical source for trust. They are an inexpensive built-in component.
- HSMs are the highest security environment for sensitive data processing, management or storage of secret keys, and cryptographic operations. They are typically more costly, external devices, although cloud technologies can help render them less expensive and more scalable.
Benefits and Features of Hardware Security Modules
The main benefits of hardware security modules are: physical access protection, secure management of key material, secure generation of keys, and secure execution environment.
There is no way to completely protect conventional IT systems from external attack. In contrast, HSMs boast a range of protective mechanisms designed to deter external attack and any physical tampering. These typically include: voltage and temperature sensors, resin-embedded chips, and drill protection foil.
For example, if an attacker attempts to drill open an HSM device, either by breaking open the casing or using acid or icing up the casing to erode the layers, sensors immediately register the attack, trigger an alarm, and initiate any specified countermeasures set forth in the configuration, such as the deletion of keys.
Keys are only useful when they are random and well-protected, or they are easily guessed by attackers. In conventional IT systems, limited means exist for generating secure keys, because they are relying on traditional commands which process if-then situations. Unfortunately, knowing the “if” or input data for any given command can allow a skilled attacker to predict the “then” or output data.
HSMs defeat this issue by generating truly random keys. They do this by registering data from random physical processes in the vicinity such as atmospheric noise or atomic decay processes to produce unpredictable values to use as the basis for random keys.
Importantly, a hardware security module generates, stores, and uses these keys in executing signatures, encryptions, and other cryptographic operations—and all of these security-critical processes take place inside the secure environment of the HSM.
Since the keys for cryptographic operations never escape the HSM, the environment provides maximum protection against logical attack: it is virtually impossible to steal them. Some hardware security modules also protect users from Trojans and insider attacks by providing a secure execution environment for user applications. In these systems, the entire application is programmed and executed inside the secure space of the HSM.
Best Practices of Using HSMs
The following are the most important benefits and features of hardware security modules to consider:
FIPS 140-1 or 140-2 compliance and validation. The Federal Information Processing Standard (FIPS) defines four levels for validating HSMs. Validation means an HSM has passed a reasonable baseline of security tests performed at FIPS accredited testing facilities by qualified professionals. This goes far beyond mere compliance with FIPS 140.
Proprietary versus open algorithms. Avoid secret proprietary algorithms unless they are in addition to options that are open and widely accepted yet secure. (If your HSM uses both, ensure it is configured properly so it will not use the proprietary algorithms.) Look for DSA or RSA based cryptographic algorithms for digital signatures. For hashing, MD5 or SHA-1 are good alternatives. 3-DES is a good choice for encryption.
Strong random number generation. Any HSM must be capable of strong random number generation (RNG) or pseudo-random number generation in order to support key generation and other cryptographic functions.
Scalability. Hardware security module architecture should support load balancing and clustering so it can scale with growing network architecture.
A secure time source. Secure non-repudiation and auditing demand a secure time and date source for logged messages. An easily hacked server-based time source is among the few common hardware security module vulnerabilities. Only an authenticated administrator should be permitted to change the time on an HSM which should also securely log the event.
Ease of use. A standardized developer interface and secure, simple user interface both facilitate use of the HSM and help avoid expensive errors.
Well-documented device installation. Clearly document all installation and maintenance events, including battery replacements, known hardware conflicts, machine compatibility issues, and physical switches on the device.
Key backup. Secure key backup is critical for any HSM used for verifying or encrypting data in a database, or within a certificate authority. Optimally, backup keys to multiple smart cards, and store them separately.
Key protection. A hardware security module should protect keys by encrypting any that are exported beyond its physical boundary.
Tamper-resistance. The HSM should delete all sensitive data or “zeroize” itself should it detect any anomalous electrical activity, physical penetration, unusual temperature, or other signs of tampering. This stops a successful attacker from retrieving the secret keys once they have gained physical access.
Of course, there are several disadvantages of hardware security modules—mostly surrounding cost, depending on the levels of security and functionality that the facts demand. Some HSMs are also difficult to implement and upgrade. However, harnessing cloud-native technologies and their inherent scalability can help with each of these issues.
Does Avi Offer Hardware Security Module Solutions?
The right hardware security module ensures your business addresses compliance requirements with solutions for blockchain, bulk key generation, certificate signing, code or document signing, data encryption, digital signatures, DNSSEC, GDPR, hardware key storage, paper-to-digital initiatives, IoT, PCI DSS, transactional acceleration, and more.
Avi Vantage supports integration of networked hardware security module (HSM) products, including Thales nShield and SafeNet Network HSM. Learn more about integrating HSMs with the Avi Vantage platform here.