A hardware security module (HSM) is a dedicated cryptographic processor designed to protect highly critical and sensitive keys and assets. HSMs act as trust anchors that protect the cryptographic infrastructure of some of the most security-conscious organizations in the world. This piece of hardware may look small, but is mighty powerful. It has the ability to securely manage, process, and store cryptographic keys inside its hardened, tamper-resistant shell.
The first hardware security module was invented by an Egyptian engineer named Mohamed Atalla. He invented a high security module and called it the ‘Atalla Box,’ which could encrypt PIN and ATM messages and protect offline devices with an un-guessable PIN-generating key.
A key innovation of the Atalla Box was the key block, which would allow the secure interchange of symmetric keys or PINs with other employees of the banking industry. The interchange was performed using the Atalla Key Block (AKB) format. Until today the AKB format lies at the root of all cryptographic block formats used within the Payment Card Industry Data Security Standard (PCI DSS) and American National Standards Institute (ANSI) standards.
Outside of banking, enterprises use HSM devices to protect anything from transaction data, identity, and applications. HSMs are excellent at securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services for a wide range of applications, including Public Key Infrastructure (PKI), database encryption, and SSL/TLS for web servers.
HSM in The Real World
With wide-ranging use, many industries and businesses have come to rely on HSM devices to provide quick, safe and secure data transactions and verification. Whatever the use case may be, the key elements of any HSM device require that it:
- Is designed using specialized hardware which is well-tested and certified.
- Has a security-oriented Operating System.
- Has access to a network interface controlled by strict internal parameters.
- Actively stores and protects cryptographic material.
Any programmer would normally mix the database access code, business-logic and cryptographic calls in one single application, leaving it dangerously vulnerable to exploitation and attack. This is a dangerous approach, as an attacker can leverage crafted data to access cryptographic materials, steal keys, install an arbitrary certificate, and so on. To prevent such intrusions, HSM devices require two separate operational zones. A single one that holds the business logic, and a second for cryptography which is entrusted with the cryptographic operation.
What is Remote HSM Management
Remote hardware security module (HSM) management allows multiple security teams to perform tasks from a central remote location without the need to travel to a physical data center. A remote HSM management solution provides users with operational cost savings and provides higher usage flexibility. Remote HSM devices are distinctive in that they allow for more flexible controlStrong access control based on digital credentials, rather than physical keys.
What is Root of Trust
A Root of Trust (RoT) is a source that can always be relied on within a cryptographic system. Since cryptography is dependent on keys that can encrypt and decrypt data and perform functions, RoT schemes generally include a hardened hardware module such as an HSM. The hardware security module has the ability to generate and protect keys, all while performing cryptographic functions within its secure environment.
Since this module is inaccessible outside the traditional computer ecosystem, it can trust the keys and other cryptographic information that it receives from the root of trust module. This is critical now more than ever as the Internet of Things (IoT) spreads. In order to avoid getting hacked today, components of computing ecosystems need a way to determine that the information they receive is authentic. The RoT safeguards the security of data and applications helping build trust within the overall ecosystem.
Generating Strong Keys
All cryptographic keys generated by an HSM must be random. By design, a computer is unable to generate a truly random value because it is a finite-state machine. Therefore, a unique physical process is needed in order to generate random numbers and keys. HSM devices contain unique hardware that uses a physical process to generate a reliable source of randomness, that in turn is used to generate truly perfectly random keys.
Most HSM devices have high performance outputs. While the maximum digital signatures you can get from any server is n * 1000 per second, an HSM have the ability to achieve millions. While an HSM only performs a small number of tasks, it does so very efficiently because it’s designed and optimized for specific tasks.
HSMs and Key Management
Since HSMs are built to protect cryptographic keys, large banks and corporations often have a number of HSMs running simultaneously. Meanwhile, key management systems control and update these keys according to internal security policies and external standards. A core component of the HSM’s centralized design is the advantage of streamlining the management of keys, providing a complete overview of keys across multiple systems.