Hardware security module: Difference between revisions - Wikipedia

Article Images

Content deleted Content added

Revision as of 12:54, 17 January 2024 edit

FlippyFlink

(talk | contribs)

Extended confirmed users

1,656 edits

← Previous edit

Latest revision as of 02:37, 4 August 2024 edit undo

AnomieBOT

(talk | contribs)

Bots

6,466,126 edits

(38 intermediate revisions by 9 users not shown)

Line 3:

[[File:NCipher nShield F3 Hardware Security Module.jpg|thumb|An HSM in PCIe format]]

A '''hardware security module''' ('''HSM''') is a physical computing device that safeguards and manages secrets (most importantly [[digital keys]]), performs [[encryption]] and decryption functions for [[digital signature|digital signatures]], [[strong authentication]] and other cryptographic functions.<ref>{{Citation |last=Sommerhalder |first=Maria |title=Hardware Security Module |date=2023 ~~|url=https://doi.org/10.1007/978-3-031-33386-6_16~~ |work=Trends in Data Protection and Encryption Technologies |pages=83–87 |editor-last=Mulder |editor-first=Valentin ~~|access-date=2023-09-12~~ |place=Cham |publisher=Springer Nature Switzerland |language=en |doi=10.1007/978-3-031-33386-6_16 |isbn=978-3-031-33386-6 |editor2-last=Mermoud |editor2-first=Alain |editor3-last=Lenders |editor3-first=Vincent |editor4-last=Tellenbach |editor4-first=Bernhard|doi-access=free }}</ref> These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a [[computer]] or [[Server (computing)|network server]]. A hardware security module contains one or more [[secure cryptoprocessor]] [[integrated circuit|chips]].<ref>{{cite book |last1=Ramakrishnan |first1=Vignesh |last2=Venugopal |first2=Prasanth |last3=Mukherjee |first3=Tuhin |title=Proceedings of the International Conference on Information Engineering, Management and Security 2015: ICIEMS 2015 |date=2015 |publisher=Association of Scientists, Developers and Faculties (ASDF) |isbn=9788192974279 |page=9 |url=https://books.google.com/books?id=Gw9pCwAAQBAJ&pg=PA9}}</ref><ref>{{cite book |last1=Gregg |first1=Michael |title=CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-002 |date=2014 |publisher=[[John Wiley & Sons]] |isbn=9781118930847 |page=246 |url=https://books.google.com/books?id=LKPCBwAAQBAJ&pg=PA246}}</ref>

==Design==

HSMs may have features that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the HSM inoperable, or tamper responsiveness such as deleting keys upon tamper detection.<ref>{{cite web|url=http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=RDELECTRONICTAMPER|title=Electronic Tamper Detection Smart Meter Reference Design|publisher=freescale|access-date=26 May 2015}}</ref> Each module contains one or more [[secure cryptoprocessor]] chips to prevent tampering and [[Bus_analyzer|bus probing]], or a combination of chips in a module that is protected by the tamper evident, tamper resistant, or tamper responsive packaging. A vast majority of existing HSMs are designed mainly to manage secret keys. Many HSM systems have means to securely back up the keys they handle outside of the HSM. Keys may be backed up in wrapped form and stored on a [[Disk storage|computer disk]] or other media, or externally using a secure portable device like a [[smartcard]] or some other [[security token]].{{cn|date=June 2024}}

A vast majority of existing HSMs are designed mainly to manage secret keys. Many HSM systems have means to securely back up the keys they handle outside of the HSM. Keys may be backed up in wrapped form and stored on a [[Disk storage|computer disk]] or other media, or externally using a secure portable device like a [[smartcard]] or some other [[security token]].<ref>{{cite web|url=http://www.mxcsoft.com/Man_Securing%20Privkeys.htm|title=Using Smartcard/Security Tokens|publisher=mxc software|access-date=26 May 2015}}</ref>

HSMs are used for real time authorization and authentication in critical infrastructure thus are typically engineered to support standard high availability models including [[Computer cluster|clustering]], automated [[failover]], and redundant [[field-replaceable unit|field-replaceable components]].

A few of the HSMs available in the market have the capability to execute specially developed modules within the HSM's secure enclosure<ref>{{Cite web |title=Are there any hardware HSMs that can host/run custom applications using the HSM processor(s) within the hardened security boundary? |url=https://security.stackexchange.com/questions/24551/are-there-any-hardware-hsms-that-can-host-run-custom-applications-using-the-hsm}}</ref>{{ugc|certain=y|date=August 2024}}. Such an ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The modules can be developed in native [[C (programming language)|C language]], .NET, [[Java (programming language)|Java]], or other programming languages. ~~Further, upcoming next-generation HSMs<ref name="ENFORCER">~~{{~~cite web~~cn|~~url=http://enforcerserver.com|title=World's First Tamper-Proof Server and General Purpose Secure HSM|publisher=Private Machines|access-~~date=7June ~~March 2019~~2024}}</ref> can handle more complex tasks such as loading and running full operating systems and [[Commercial_off-the-shelf|COTS]] software without requiring customization and reprogramming. Such unconventional designs overcome existing design and performance limitations of traditional HSMs while providing the benefit of securing application-specific code. These execution engines protect the status of an HSM's [[Federal Information Processing Standard|FIPS]] or [[Common Criteria]] validation.<ref>{{Cite journal|last1=Barker|first1=Elaine|last2=Barker|first2=William C|date=2019|title=Recommendation for key management|journal=|location=Gaithersburg, MD|doi=10.6028/nist.sp.800-57pt2r1|doi-access=free}}</ref>

== Certification ==

Line 20 ⟶ 19:

The functions of an HSM are:

* onboard secure cryptographic key generation,

* onboard secure cryptographic key storage, at least for the top level and most sensitive keys, which are often called master keys,

* key management,

* use of cryptographic and sensitive data material, for example, performing decryption or digital signature functions,

* onboard secure deletion of cryptographic and other sensitive data material that was managed by it.

* offloading application servers for complete [[asymmetric cryptography|asymmetric]] and [[symmetric cryptography]].

HSMs are also deployed to manage [[transparent data encryption]] keys for databases and keys for storage devices such as [[Disk encryption|disk]] or [[Magnetic tape data storage|tape]].{{cn|date=June 2024}}

Some HSM systems are also hardware [[SSL acceleration|cryptographic accelerators]]. They usually cannot beat the performance of hardware-only solutions for symmetric key operations. However, with performance ranges from 1 to 10,000 1024-bit [[RSA (algorithm)|RSA]] ~~signs~~signatures per second, HSMs can provide significant CPU offload for asymmetric key operations. Since the [[National Institute of Standards and Technology]] (NIST) is recommending the use of 2,048 bit RSA keys from year 2010,<ref>{{cite web|url=https://csrc.nist.gov/publications/detail/sp/800-131a/rev-1/final|title=Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths|date=January 2011|publisher=NIST|access-date=March 29, 2011}}</ref> performance at longer key sizes has become more important. To address this issue, most HSMs now support [[elliptic curve cryptography]] (ECC), which delivers stronger encryption with shorter key lengths.▼

HSMs provide both logical and physical protection of these materials, including cryptographic keys, from disclosure, non-authorized use, and potential adversaries.<ref>{{cite web|url=https://www.paloaltonetworks.cn/documentation/pan-os/newfeaturesguide/section_2/chapter_1.html|title=Support for Hardware Security Modules|publisher=paloalto|access-date=26 May 2015|url-status=dead|archive-url=https://web.archive.org/web/20150526064340/https://www.paloaltonetworks.cn/documentation/pan-os/newfeaturesguide/section_2/chapter_1.html|archive-date=26 May 2015}}</ref>

HSMs support both symmetric<ref>{{cite web |date=2012 |title=Secure Sensitive Data with the BIG-IP Hardware Security Module |url=https://www.f5.com/pdf/solution-profiles/hardware-security-module-sp.pdf |access-date=2023-04-28 |website=F5 |publisher=[[F5 Networks]]}}</ref> and asymmetric (public-key) cryptography. For some applications, such as certificate authorities and digital signing, the cryptographic material is asymmetric key pairs (and certificates) used in [[public-key cryptography]].<ref>{{cite web|url=http://www.provision.ro/access-management/application-and-transaction-security-hsm#pagei-1|title=Application and Transaction Security / HSM|publisher=Provision|access-date=26 May 2015}}</ref> With other applications, such as data encryption or financial payment systems, the cryptographic material consists mainly of [[Symmetric-key algorithm|symmetric keys]].<ref>{{Cite web |title=IBM i: Cryptography concepts |url=https://www.ibm.com/docs/en/i/7.4?topic=cryptography-concepts |access-date=2023-03-29 |website=www.ibm.com |language=en-us}}</ref>

▲Some HSM systems are also hardware [[SSL acceleration|cryptographic accelerators]]. They usually cannot beat the performance of hardware-only solutions for symmetric key operations. However, with performance ranges from 1 to 10,000 1024-bit [[RSA (algorithm)|RSA]] signs per second, HSMs can provide significant CPU offload for asymmetric key operations. Since the [[National Institute of Standards and Technology]] (NIST) is recommending the use of 2,048 bit RSA keys from year 2010,<ref>{{cite web|url=https://csrc.nist.gov/publications/detail/sp/800-131a/rev-1/final|title=Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths|date=January 2011|publisher=NIST|access-date=March 29, 2011}}</ref> performance at longer key sizes has become more important. To address this issue, most HSMs now support [[elliptic curve cryptography]] (ECC), which delivers stronger encryption with shorter key lengths.

===PKI environment (CA HSMs)===

Line 62 ⟶ 57:

===SSL connection establishment===

Performance-critical applications that have to use [[HTTPS]] ([[Secure Sockets Layer|SSL]]/[[Transport Layer Security|TLS]]), can benefit from the use of an SSL Acceleration HSM by moving the RSA operations, which typically requires several large integer multiplications, from the host CPU to the HSM device. Typical HSM devices can perform about 1 to 10,000 1024-bit RSA operations/second.<ref>{{cite web|url=http://secappdev.org/handouts/2010/Filip%20Demaertelaere/HSM.pdf|title=Hardware Security Modules|author=F. Demaertelaere|publisher=Atos Worldline|access-date=26 May 2015|archive-url=https://web.archive.org/web/20150906093444/http://secappdev.org/handouts/2010/Filip%20Demaertelaere/HSM.pdf|archive-date=6 September 2015|url-status=dead}}</ref><ref>{{Cite web|title=Preparing to Issue 200 Million Certificates in 24 Hours - Let's Encrypt|url=https://letsencrypt.org/2021/02/10/200m-certs-24hrs.html|access-date=2021-05-19|website=[[Let's Encrypt]]}}</ref> Some performance at longer key sizes is becoming increasingly important. ~~To address this issue, some HSMs <ref>{{cite web~~

~~| title = Barco Silex FPGA Design Speeds Transactions In Atos Worldline Hardware Security Module~~

~~| publisher = Barco-Silex~~

~~| date = January 2013~~

~~| url = http://www.electronicspecifier.com/design-automation/adyton-barco-silex-ip-atos-worldline-fpga-design-speeds-transactions-hardware-security-module~~

| access-date = April 8, 2013}}</ref> now support ECC. Specialized HSM devices can reach numbers as high as 20,000 operations per second.<ref>{{Cite web|url=https://safenet.gemalto.com/data-encryption/hardware-security-modules-hsms/safenet-network-hsm/|title=SafeNet Network HSM - Formerly Luna SA Network-Attached HSM|website=Gemalto|access-date=2017-09-21}}</ref>

===DNSSEC===

Line 75 ⟶ 65:

On January 27, 2007, [[ICANN]] and [[Verisign]], with support from the [[U.S. Department of Commerce]], started deploying [[Domain Name System Security Extensions|DNSSEC]] for [[DNS root zone]]s.<ref>{{Cite web|title = ICANN Begins Public DNSSEC Test Plan for the Root Zone|url = http://www.circleid.com/posts/20100127_icann_begins_public_dnssec_test_plan_for_the_root_zone/|website = www.circleid.com|access-date = 2015-08-17}}</ref> Root signature details can be found on the Root DNSSEC's website.<ref name="root dnssec">[http://www.root-dnssec.org/ Root DNSSEC]</ref>

[[File:Trezor Model T.jpg|thumb|A ~~Trezor model T~~cryptocurrency hardware wallet]]▼

=== Blockchain and HSMs ===

[[Blockchain]] technology depends on cryptographic operations. Safeguarding private keys is essential to maintain the security of blockchain processes that utilize asymmetric cryptography. The private keys are often stored in a [[cryptocurrency wallet]] like the hardware wallet in the image.▼

▲[[File:Trezor Model T.jpg|thumb|A Trezor model T hardware wallet]]

▲Blockchain technology depends on cryptographic operations. Safeguarding private keys is essential to maintain the security of blockchain processes that utilize asymmetric cryptography.

The synergy between HSMs and blockchain is mentioned in several papers, emphasizing their role in securing private keys and verifying identity, e.g. in contexts such as blockchain-driven mobility solutions.<ref>{{Cite book |last1=Shbair |first1=Wazen M. |last2=Gavrilov |first2=Eugene |last3=State |first3=Radu |title=2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) |chapter=HSM-based Key Management Solution for Ethereum Blockchain |date=May 2021 |chapter-url=https://ieeexplore.ieee.org/document/9461136 |pages=1–3 |doi=10.1109/ICBC51069.2021.9461136|isbn=978-1-6654-3578-9 |s2cid=235637476 |url=http://orbilu.uni.lu/handle/10993/46760 }}</ref><ref>{{Cite book |last1=Pirker |first1=Dominic |last2=Fischer |first2=Thomas |last3=Witschnig |first3=Harald |last4=Steger |first4=Christian |title=2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP) |chapter=Velink - A Blockchain-based Shared Mobility Platform for Private and Commercial Vehicles utilizing ERC-721 Tokens |date=January 2021 |chapter-url=https://ieeexplore.ieee.org/document/9357605 |pages=62–67 |doi=10.1109/CSP51677.2021.9357605|isbn=978-1-7281-8621-4 |s2cid=232072116 |url=https://zenodo.org/record/4564041 }}</ref>▼

Cryptographic operations performed by Fabric nodes in the [[Hyperledger]] framework support delegation to a Hardware Security Module.<ref>{{Cite web |title=Using a Hardware Security Module (HSM) — hyperledger-fabricdocs main documentation |url=https://hyperledger-fabric.readthedocs.io/en/latest/hsm.html |access-date=2023-08-07 |website=hyperledger-fabric.readthedocs.io}}</ref>

▲The synergy between HSMs and blockchain is mentioned in several papers, emphasizing their role in securing private keys and verifying identity, e.g. in contexts such as blockchain-driven mobility solutions.<ref>{{Cite book |last1=Shbair |first1=Wazen M. |last2=Gavrilov |first2=Eugene |last3=State |first3=Radu |title=2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) |chapter=HSM-based Key Management Solution for Ethereum Blockchain |date=May 2021 |chapter-url=https://ieeexplore.ieee.org/document/9461136 |pages=1–3 |doi=10.1109/ICBC51069.2021.9461136 |isbn=978-1-6654-3578-9 |s2cid=235637476 |url=http://orbilu.uni.lu/handle/10993/46760 |access-date=2023-08-13 |archive-date=2022-07-06 |archive-url=https://web.archive.org/web/20220706193730/https://orbilu.uni.lu/handle/10993/46760 |url-status=dead }}</ref><ref>{{Cite book |last1=Pirker |first1=Dominic |last2=Fischer |first2=Thomas |last3=Witschnig |first3=Harald |last4=Steger |first4=Christian |title=2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP) |chapter=Velink - A Blockchain-based Shared Mobility Platform for Private and Commercial Vehicles utilizing ERC-721 Tokens |date=January 2021 |chapter-url=https://ieeexplore.ieee.org/document/9357605 |pages=62–67 |doi=10.1109/CSP51677.2021.9357605|isbn=978-1-7281-8621-4 |s2cid=232072116 |url=https://zenodo.org/record/4564041 }}</ref>

~~===Cryptocurrency wallet===~~

Cryptocurrency private keys can be stored in a [[cryptocurrency wallet]] on a HSM.<ref>{{Cite web|title = Gemalto and Ledger Join Forces to Provide Security Infrastructure for Cryptocurrency Based Activities|url = https://www.gemalto.com/press/Pages/Gemalto-and-Ledger-Join-Forces-to-Provide--Security-Infrastructure-for-Cryptocurrency-Based-Activities-.aspx|website = gemalto.com| date=4 October 2017 |access-date = 2020-04-20}}</ref>

== See also ==

* [[Electronic funds transfer]]

* [[FIPS 140]]

* [[Public key infrastructure]]