The Full Wiki

Hardware Security Module: Wikis


Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.

Encyclopedia

(Redirected to Hardware security module article)

From Wikipedia, the free encyclopedia

A hardware security module (often abbreviated to HSM) is a type of secure cryptoprocessor targeted at managing digital keys, accelerating cryptoprocesses in terms of digital signings/second and for providing strong authentication to access critical keys for server applications. They are physical devices that traditionally come in the form of a plug-in card or an external TCP/IP security device that can be attached directly to the server or general purpose computer.

The goals of an HSM are (a) onboard secure generation, (b) onboard secure storage, (c) use of cryptographic and sensitive data material, (d) offloading application servers for complete asymmetric and symmetric cryptography. HSMs provide both logical and physical protection of these materials from non-authorized use and potential adversaries. In short, they protect high-value cryptographic keys.

The cryptographic material handled by most HSMs are asymmetric key pairs (and certificates) used in public-key cryptography. Some HSMs can also handle symmetric keys and other arbitrary data.

Many HSM systems have means to securely backup the keys they handle either in a wrapped form via the computer's operating system or externally using a smartcard or some other security token. HSMs should never allow for secrets exportation in plaintext form, even when migrating between HSMs or performing backup operations.

Some HSM systems are also hardware cryptographic accelerators. They usually cannot beat the performance of software-only solutions for symmetric key operations. However, with performances ranges from 1 to 7,000 1024-bit RSA signs/second, HSM's can provide significant CPU offload for asymmetric key operations. Since NIST is recommending the use of 2,048 bit RSA keys from year 2010, performance at longer key sizes is becoming increasingly important.

Because HSMs are often part of a mission-critical infrastructure such as a public key infrastructure or online banking application, HSMs can typically be clustered for high availability. Some HSMs feature dual power supplies to enable business continuity.

A few of the HSMs available in the market have the ability to execute specially developed execution modules within the HSM's secure enclosure. Such ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The execution modules can be developed in native C language, in .NET, Java or other programming languages. While providing the benefit securing application-specific code, these execution engines confuse the status of an HSM's FIPS or Common Criteria validation status.

Contents

Tamper protection

The tamper evidence, resistance, and response – tamper protection – are the key and major differences HSMs have from usual server computers acting as cryptographic accelerators.

Whereas there are some standards covering security requirements for cryptographic modules, the most widely accepted (both as customers’ choice and government requests) is the NIST FIPS 140-2.

HSM software APIs

Below is a list of popular cryptography APIs that can be used with hardware modules from different vendors.

  • PKCS#11 – RSA's API, designed to be platform independent, defining a generic interface to HSMs. Also known as 'cryptoki'
  • OpenSSL – OpenSSL engine API
  • JCE/JCA – Java's cryptography API
  • Microsoft CAPI – Microsoft's API as used by IIS, CA and others, also available in .NET.
  • Microsoft CNG API – Microsoft's next-generation crypto API available for Windows Vista onwards, used by IIS, ADCS and others.

HSM main uses

HSMs can be employed in any application that uses digital keys. Typically the keys must be of high-value - meaning there would be a significant, negative impact to the owner of the key if it were compromised. The list of applications are endless, but some of the primary uses include:

PKI environment (CA HSMs)

Older Luna HSMs (PCMCIA)

On the PKI environment, the HSMs are usually used by all certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle key pairs. In this scenario, there are some fundamental features a device must have, namely:

  • Logical and physical high level protection
  • Multi-part user authorization schema (see Blakley-Shamir secret sharing)
  • Full audit and log traces
  • Secure key backup

In the PKI environment, the device performance is much less important in both online and offline operations as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

Card payment system HSMs (bank HSMs)

ARX network-attached PrivateServer HSM

Limited-feature HSMs are used in card processing systems. These systems are usually less complex than CA HSMs and normally do not feature a standard API. These devices can be grouped in two main classes:

OEM or integrated modules for automated teller machines and POS terminals:

  • to encrypt the PIN entered when using the card
  • to load keys into protected memory

Authorisation and personalisation modules may be used to:

  • check an on-line PIN by comparing with an encrypted PIN block
  • in conjunction with an ATM controller, verify credit/debit card transactions by checking card security codes or by performing host processing component of an EMV based transaction
  • support a crypto-API with a smart card (such as an EMV)
  • re-encrypt a PIN block to send it to another authorisation host
  • support a protocol of POS ATM network management
  • support de-facto standards of host-host key|data exchange API
  • generate and print a "PIN mailer"
  • generate data for a magnetic stripe card (PVV, CVV)
  • generate a card keyset and support the personalisation process for smart cards

The major organization that produces and maintains standards for HSMs on banking market is the Payment Card Industry Security Standards Council.

SSL connectivity

There are applications where performance is a bottleneck but security must not be forgotten. These applications usually are presented as secure Web services served through HTTPS (SSL/TLS). In this environment, SSL Acceleration HSMs are employed. Typical performance numbers for these applications range from 50 to 1,000 1024-bit RSA signs/second, although some devices can reach numbers as high as +7,000 operations per second.

DNSSEC

An increasing number of registries use HSMs to store the key material that is used to sign large zonefiles. For example OpenDNSSEC is a designated DNSSEC signer tool using PKCS#11 to interface with HSMs.

See also

External links


A hardware security module (often abbreviated to HSM) is a type of secure cryptoprocessor targeted at managing digital keys, accelerating cryptoprocesses in terms of digital signings/second and for providing strong authentication to access critical keys for server applications. They are physical devices that traditionally come in the form of a plug-in card or an external TCP/IP security device that can be attached directly to the server or general purpose computer.

The goals of an HSM are (a) onboard secure generation, (b) onboard secure storage, (c) use of cryptographic and sensitive data material, (d) offloading application servers for complete asymmetric and symmetric cryptography. HSMs provide both logical and physical protection of these materials from non-authorized use and potential adversaries. In short, they protect high-value cryptographic keys.

The cryptographic material handled by most HSMs are asymmetric key pairs (and certificates) used in public-key cryptography. Some HSMs can also handle symmetric keys and other arbitrary data.

Many HSM systems have means to securely backup the keys they handle either in a wrapped form via the computer's operating system or externally using a smartcard or some other security token. HSMs should never allow for secrets exportation in plaintext form, even when migrating between HSMs or performing backup operations.

Some HSM systems are also hardware cryptographic accelerators. They usually cannot beat the performance of software-only solutions for symmetric key operations. However, with performances ranges from 1 to 7,000 1024-bit RSA signs/second, HSM's can provide significant CPU offload for asymmetric key operations. Since NIST is recommending the use of 2,048 bit RSA keys from year 2010, performance at longer key sizes is becoming increasingly important.

Because HSMs are often part of a mission-critical infrastructure such as a public key infrastructure or online banking application, HSMs can typically be clustered for high availability. Some HSMs feature dual power supplies to enable business continuity.

A few of the HSMs available in the market have the ability to execute specially developed execution modules within the HSM's secure enclosure[citation needed]. Such ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The execution modules can be developed in native C language, in .NET, Java or other programming languages. While providing the benefit securing application-specific code, these execution engines confuse the status of an HSM's FIPS or Common Criteria validation status.

Contents

Tamper protection

The tamper evidence, resistance, and response – tamper protection – are the key and major differences HSMs have from usual server computers acting as cryptographic accelerators.

Whereas there are some standards covering security requirements for cryptographic modules, the most widely accepted (both as customers’ choice and government requests) is the NIST FIPS 140-2.

HSM software APIs

Below is a list of popular cryptography APIs that can be used with hardware modules from different vendors.

  • PKCS#11 – RSA's API, designed to be platform independent, defining a generic interface to HSMs. Also known as 'cryptoki'
  • OpenSSL – OpenSSL engine API
  • JCE/JCA – Java's cryptography API
  • Microsoft CAPI – Microsoft's API as used by IIS, CA and others, also available in .NET.
  • Microsoft CNG API – Microsoft's next-generation crypto API available for Windows Vista onwards, used by IIS, ADCS and others.

HSM main uses

HSMs can be employed in any application that uses digital keys. Typically the keys must be of high-value - meaning there would be a significant, negative impact to the owner of the key if it were compromised. The list of applications is endless, but some of the primary uses include:

PKI environment (CA HSMs)

On the PKI environment, the HSMs are usually used by all certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle key pairs. In this scenario, there are some fundamental features a device must have, namely:

  • Logical and physical high level protection
  • Multi-part user authorization schema (see Blakley-Shamir secret sharing)
  • Full audit and log traces
  • Secure key backup

In the PKI environment, the device performance is much less important in both online and offline operations as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

Card payment system HSMs (bank HSMs)

Limited-feature HSMs are used in card processing systems. These systems are usually less complex than CA HSMs and normally do not feature a standard API. These devices can be grouped in two main classes:

OEM or integrated modules for automated teller machines and POS terminals:

  • to encrypt the PIN entered when using the card
  • to load keys into protected memory

Authorisation and personalisation modules may be used to:

  • check an on-line PIN by comparing with an encrypted PIN block
  • in conjunction with an ATM controller, verify credit/debit card transactions by checking card security codes or by performing host processing component of an EMV based transaction
  • support a crypto-API with a smart card (such as an EMV)
  • re-encrypt a PIN block to send it to another authorisation host
  • support a protocol of POS ATM network management
  • support de-facto standards of host-host key|data exchange API
  • generate and print a "PIN mailer"
  • generate data for a magnetic stripe card (PVV, CVV)
  • generate a card keyset and support the personalisation process for smart cards

The major organization that produces and maintains standards for HSMs on banking market is the Payment Card Industry Security Standards Council.

SSL connectivity

There are applications where performance is a bottleneck but security must not be forgotten. These applications usually are presented as secure Web services served through HTTPS (SSL/TLS). In this environment, SSL Acceleration HSMs are employed. Typical performance numbers for these applications range from 50 to 1,000 1024-bit RSA signs/second, although some devices can reach numbers as high as +7,000 operations per second.

DNSSEC

An increasing number of registries use HSMs to store the key material that is used to sign large zonefiles. An open source tool for managing signing of DNS zone files using HSM is OpenDNSSEC.

See also

External links








Got something to say? Make a comment.
Your name
Your email address
Message