Hardware Security Module

A Hardware Security Module (often abbreviated to HSM) is a physical device in form of a plug-in card or an external security device that can be attached to general purpose computer and servers.

The goals of an HSM are the: (a) secure generation, (b) secure storage, (c) and use of cryptographic and sensitive data material. HSMs provide both logical and physical protection of these materials from non-authorized use and potential adversaries.

The cryptographic material handled by most HSMs are asymmetric key pairs (and certificates) used in public-key cryptography. Some HSMs can also handle symmetric keys and other arbitrary data.

Many HSM systems have means to securely backup the keys they handle either in a wrapped form via the computer's operating system or externally using a smartcard or some other USB token. HSMs should never allow for secrets exportation in plaintext form, even when migrating between HSMs or performing backup operations.

Some HSM systems are also hardware cryptographic accelerators. Although they usually cannot beat the performance of a software-only solution in a modern general purpose computer (+ 1000 1024-bit RSA signs/second ), they do process the key material securely. Typical HSM performances range from 1 to 500 1024-bit RSA signs/second.

Tamper Resistance

The tamper evidence, resistance, and reaction – Tamper Resistance – are the key and major differences HSMs have from usual server computers acting as cryptographic accelerators.

Whereas there are some standards covering security requirements for cryptographic modules, the most widely accepted (both as customers’ choice and government requests) is the NIST FIPS 140-2.

The FIPS 140-2 recognizes four different security levels, only FIPS 140-2 Level 3 and FIPS 140-2 Level 4 being the ones that recognize physical security counter-measures.

There are other important standards for cryptographic devices like Brazilian ITI MCT-7.

HSM software APIs

Below is a list of popular cryptography APIs that can be used with hardware modules from different vendors.

* PKCS#11 – RSA's API, designed to be platform independent, defining a generic interface to HSMs. Also known as 'cryptoki'
* OpenSSL – OpenSSL Engine API
* JCE/JCA – Java's Cryptography API
* Microsoft CAPI – Microsoft's API as used by IIS, CA and others, also available in .NET.

HSM main uses

HSMs are employed in three main applications where high level protection of key material are mandatory.

PKI environment (CA HSMs)

On the PKI environment, the HSMs are usually used by all Certification Authorities (CAs) and Registration Authorities (RAs) to generate, storage, and handle key pairs. In this scenario, there some fundamental features a device must have, namely:
* Logical and physical high level protection
* Multi-part user authorization (Blakely-Shamir k/m) schema
* Full audit and log tracesIn the PKI environment the device performance is much less important in both online and offline operations as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

Card payment system HSMs (bank HSMs)

Limited-feature HSMs are used in card processing systems. These systems are usually less complex than CA HSMs and normally do not feature a standard API. These devices can be grouped in two main classes:

OEM or integrated modules for automated teller machines and POS terminals:
* to encrypt the PIN entered when using the card.
* to load keys into protected memory.

Authorisation and personalisation modules may be used to:
* check an on-line PIN by comparing with an encrypted PIN block.
* In conjunction with an ATM controller, verify credit/debit card transactions by checking card security codes or by performing host processing component of an EMV based transaction
* support a crypto-API with a smart card (such as an EMV).
* re-encrypt a PIN block to send it to another authorisation host.
* support a protocol of POS ATM network management.
* support de-facto standards of host-host key|data exchange API.
* generate and print a "PIN mailer".
* generate data for a magnetic stripe card (PVV, CVV).
* generate a card keyset and support the personalisation process for smart cards.

The major organization that produces and maintains standards for HSMs on baking market is the Payment Card Industry Security Standards Council.

L connectivity

There are applications where performance is a bottleneck but security must not be forgotten. These applications usually are presented as secure Web services served through HTTPS (SSL/TLS). In this environment SSL Acceleration HSMs are employed. Typical performance numbers for these applications range from 50 to 1000 1024-bit RSA signs/second, although some devices can reach numbers as high as +4000 operations per second.

Organizations manufacturing HSMs

* [http://www.aepnetworks.com/products/key_management/keyper/ent_overview.aspx AEP] - AEP Keyper FIPS Level 4 HSM
* [http://www.kryptus.com/ ASI (KRYPTUS)] ASI-HSM AHX2 - Root CA of Brazil Gov PKI
* ARX (Algorithmic Research) - [http://www.arx.com/products/data-encryption.php PrivateServer HSM] , FIPS 140-2 Level 3 Validated
* [http://www.banksys.com/ Banksys DEP] - Banksys DEP
* [http://www.bull.com/security/crypt2pay_characteristics.html Bull] - CRYPT2Pay
* Futurex - [http://www.futurex.com Host Security Modules] - SSP7000, SSP7100, RMC9000 FIPS 140-2 Level 3 Validated
* [http://www.atalla.com HP Atalla Security Products] A8150 A9150 A10150 FIPS 140-2 Level Three Validation Appliances
* [http://www.ibm.com/ IBM] - 4764 FIPS 140-2 Level 4 (superseding 4758)
* [http://www.realsec.com/ REALSEC] - Cryptosec 2048
* [http://www.safenet-inc.com/products/pki/index.asp SafeNet] - Luna SA, Luna CA (CC EAL4+), Luna SP, Luna PCI, Luna PCM, ProtectServer Gold, ProtectServer External, ProtectHost White, ProtectHost EFT
** [http://www.eracom-tech.com/ ERACOM (SafeNet subsidiary)] - CSA8000, protectserver orange,...
** [http://www.ingrian.com/ Ingrian Networks (SafeNet subsidiary)] - Ingrian DataSecure Appliances, Ingrian KeySecure Appliances and Ingrian EdgeSecure
* [http://www.prism.co.za/ PRISM (Net1 UEPS Inc. subsidiary)] - Incognito TSM410 FIPS 140-2 level 3 validated (level 4 physical)
* [http://www.sct.co.kr/ Smart Card Technology Inc.] SPK2032 Smart Key/Smart Disc
* [http://www.spyrus.com/products/lynks_hardware.asp SPYRUS, Inc.] LYNKS Series II HSM (USB or PCMCIA)
* [http://www.sun.com/products/networking/sslaccel/suncryptoaccel6000/index.xml Sun Crypto Accelerator 6000]
* [http://www.thales-esecurity.com/ Thales e-Security] - HSM 8000, P3 Crypto Module, WebSentry, SafeSign Crypto Module
** [http://www.ncipher.com/ nCipher (now a Thales subsidiary)] - netHSM, miniHSM, nShield, nForce
* [http://www.trueaccess.com.br/?idioma=eng True Access] - Net D-Fence ST/XR Host Security Module
* [http://americas.utimaco.com/safeguard_cryptoserver/ Utimaco] - SafeGuard CryptoServer
* [http://www.xyzmo.com/en/products/Pages/SIGNificantServer.aspx xyzmo] - xyzmo SIGNificant server

See also

* Electronic funds transfer
* Public key infrastructure
* Security token

External links

* [http://csrc.nist.gov/cryptval/140-1/140val-all.htm Current NIST FIPS-140 certificates]
* [http://www.commoncriteriaportal.org/public/consumer/index.php Current Common Criteria evaluated products]