HOME

TheInfoList



OR:

A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), performs
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
and decryption functions for digital signatures,
strong authentication Strong authentication is a notion with several definitions. Strong (customer) authentication definitions Strong authentication is often confused with two-factor authentication (more generally known as multi-factor authentication), but strong a ...
and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a
computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
or
network server In computing, a server is a piece of computer hardware or software (computer program) that provides functionality for other programs or devices, called " clients". This architecture is called the client–server model. Servers can provide variou ...
. A hardware security module contains one or more
secure cryptoprocessor A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike crypt ...
chips.


Design

HSMs may have features that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the HSM inoperable, or tamper responsiveness such as deleting keys upon tamper detection. Each module contains one or more
secure cryptoprocessor A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike crypt ...
chips to prevent tampering and bus probing, or a combination of chips in a module that is protected by the tamper evident, tamper resistant, or tamper responsive packaging. A vast majority of existing HSMs are designed mainly to manage secret keys. Many HSM systems have means to securely back up the keys they handle outside of the HSM. Keys may be backed up in wrapped form and stored on a computer disk or other media, or externally using a secure portable device like a
smartcard A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...
or some other
security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens incl ...
. HSMs are used for real time authorization and authentication in critical infrastructure thus are typically engineered to support standard high availability models including clustering, automated
failover Failover is switching to a redundant or standby computer server, system, hardware component or network upon the failure or abnormal termination of the previously active application, server, system, hardware component, or network in a computer net ...
, and redundant field-replaceable components. A few of the HSMs available in the market have the capability to execute specially developed modules within the HSM's secure enclosure. Such an ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The modules can be developed in native
C language C (''pronounced like the letter c'') is a general-purpose computer programming language. It was created in the 1970s by Dennis Ritchie, and remains very widely used and influential. By design, C's features cleanly reflect the capabilities o ...
, .NET,
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
, or other programming languages. Further, upcoming next-generation HSMs can handle more complex tasks such as loading and running full operating systems and COTS software without requiring customization and reprogramming. Such unconventional designs overcome existing design and performance limitations of traditional HSMs. While providing the benefit of securing application-specific code, these execution engines protect the status of an HSM's FIPS or
Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5. Common Criteria ...
validation.


Security

Due to the critical role they play in securing applications and infrastructure, general purpose HSMs and/or the cryptographic modules are typically certified according to internationally recognized standards such as
Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification. It is currently in version 3.1 revision 5. Common Criteria ...
(e.g. using Protection Profile EN 419 221-5, "Cryptographic Module for Trust Services") or FIPS 140 (currently the 3rd version, often referred to as FIPS 140-3) to provide users with independent assurance that the design and implementation of the product and cryptographic algorithms are sound. Although the highest level of FIPS 140 security certification attainable is Security Level 4, most of the HSMs have Level 3 certification. In the Common Criteria system the highest EAL (Evaluation Assurance Level) is EAL7, most of the HSMs have EAL4+ certification. When used in financial payments applications, the security of an HSM is often validated against the HSM requirements defined by the
Payment Card Industry Security Standards Council The Payment Card Industry Security Standards Council (PCI SSC) was formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on September 7, 2006, with the goal of managing the ongoing evolution of the ...
.


Uses

A hardware security module can be employed in any application that uses digital keys. Typically the keys would be of high value - meaning there would be a significant, negative impact to the owner of the key if it were compromised. The functions of an HSM are: * onboard secure cryptographic key generation * onboard secure cryptographic key storage, at least for the top level and most sensitive keys, which are often called master keys * key management * use of cryptographic and sensitive data material, for example, performing decryption or digital signature functions * offloading application servers for complete asymmetric and
symmetric cryptography Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between th ...
. HSMs are also deployed to manage
transparent data encryption Transparent Data Encryption (often abbreviated to TDE) is a technology employed by Microsoft, IBM and Oracle Corporation, Oracle to encryption, encrypt database files. TDE offers encryption at file level. TDE solves the problem of protecting data a ...
keys for databases and keys for storage devices such as
disk Disk or disc may refer to: * Disk (mathematics), a geometric shape * Disk storage Music * Disc (band), an American experimental music band * ''Disk'' (album), a 1995 EP by Moby Other uses * Disk (functional analysis), a subset of a vector sp ...
or
tape Tape or Tapes may refer to: Material A long, narrow, thin strip of material (see also Ribbon (disambiguation): Adhesive tapes * Adhesive tape, any of many varieties of backing materials coated with an adhesive *Athletic tape, pressure-sensitiv ...
. HSMs provide both logical and physical protection of these materials, including cryptographic keys, from disclosure, non-authorized use, and potential adversaries. HSMs support both symmetric and asymmetric (public-key) cryptography. For some applications, such as certificate authorities and digital signing, the cryptographic material is asymmetric key pairs (and certificates) used in
public-key cryptography Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
. With other applications, such as data encryption or financial payment systems, the cryptographic material consists mainly of symmetric keys. Some HSM systems are also hardware cryptographic accelerators. They usually cannot beat the performance of hardware-only solutions for symmetric key operations. However, with performance ranges from 1 to 10,000 1024-bit RSA signs per second, HSMs can provide significant CPU offload for asymmetric key operations. Since the
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...
(NIST) is recommending the use of 2,048 bit RSA keys from year 2010, performance at longer key sizes has become more important. To address this issue, most HSMs now support
elliptic curve cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide e ...
(ECC), which delivers stronger encryption with shorter key lengths.


PKI environment (CA HSMs)

In
PKI PKI may refer to: * Partai Komunis Indonesia, the Communist Party of Indonesia * Peter Kiewit Institute The Peter Kiewit Institute is a facility in Omaha, Nebraska, United States which houses academic programs from the University of Nebraska†...
environments, the HSMs may be used by
certification authorities In cryptography, a certificate authority or certification authority (CA) is an entity that stores, signs, and issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This ...
(CAs) and registration authorities (RAs) to generate, store, and handle asymmetric key pairs. In these cases, there are some fundamental features a device must have, namely: * Logical and physical high-level protection * Multi-part user authorization schema (see
secret sharing Secret sharing (also called secret splitting) refers to methods for distributing a secret among a group, in such a way that no individual holds any intelligible information about the secret, but when a sufficient number of individuals combine th ...
) * Full audit and log traces * Secure key backup On the other hand, device performance in a PKI environment is generally less important, in both online and offline operations, as Registration Authority procedures represent the performance bottleneck of the Infrastructure.


Card payment system HSMs (bank HSMs)

Specialized HSMs are used in the payment card industry. HSMs support both general-purpose functions and specialized functions required to process transactions and comply with industry standards. They normally do not feature a standard
API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software Interface (computing), interface, offering a service to other pieces of software. A document or standa ...
. Typical applications are transaction authorization and payment card personalization, requiring functions such as: * verify that a user-entered PIN matches the reference PIN known to the card issuer * verify credit/debit card transactions by checking card security codes or by performing host processing components of an
EMV EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for " Europay, Mastercard, and Visa", the three companies that created th ...
based transaction in conjunction with an
ATM controller An ATM controller (ATMC) is a system used in financial institutions to route financial transactions between ATMs, core banking systems and other banks. An ATMC is sometimes referred to as an "EFTPOS Switch." An ATM controller is key infrastructur ...
or
POS terminal The point of sale (POS) or point of purchase (POP) is the time and place at which a retail transaction is completed. At the point of sale, the merchant calculates the amount owed by the customer, indicates that amount, may prepare an invoice f ...
* support a crypto-API with a
smart card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...
(such as an
EMV EMV is a payment method based on a technical standard for smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for " Europay, Mastercard, and Visa", the three companies that created th ...
) * re-encrypt a PIN block to send it to another authorization host * perform secure
key management Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, ...
* support a protocol of POS ATM network management * support de facto standards of host-host key , data exchange API * generate and print a "PIN mailer" * generate data for a magnetic stripe card (PVV, CVV) * generate a card keyset and support the personalization process for
smart card A smart card, chip card, or integrated circuit card (ICC or IC card) is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) c ...
s The major organizations that produce and maintain standards for HSMs on the banking market are the
Payment Card Industry Security Standards Council The Payment Card Industry Security Standards Council (PCI SSC) was formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on September 7, 2006, with the goal of managing the ongoing evolution of the ...
, ANS X9, and
ISO ISO is the most common abbreviation for the International Organization for Standardization. ISO or Iso may also refer to: Business and finance * Iso (supermarket), a chain of Danish supermarkets incorporated into the SuperBest chain in 2007 * Iso ...
.


SSL connection establishment

Performance-critical applications that have to use
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
( SSL/
TLS TLS may refer to: Computing * Transport Layer Security, a cryptographic protocol for secure computer network communication * Thread level speculation, an optimisation on multiprocessor CPUs * Thread-local storage, a mechanism for allocating vari ...
), can benefit from the use of an SSL Acceleration HSM by moving the RSA operations, which typically requires several large integer multiplications, from the host CPU to the HSM device. Typical HSM devices can perform about 1 to 10,000 1024-bit RSA operations/second. Some performance at longer key sizes is becoming increasingly important. To address this issue, some HSMs now support ECC. Specialized HSM devices can reach numbers as high as 20,000 operations per second.


DNSSEC

An increasing number of registries use HSMs to store the key material that is used to sign large zonefiles.
OpenDNSSEC OpenDNSSEC is a computer program that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security. OpenDNSSEC was created as ...
is an open-source tool that manages signing DNS
zone file A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP addr ...
s. On January 27, 2007,
ICANN The Internet Corporation for Assigned Names and Numbers (ICANN ) is an American multistakeholder group and nonprofit organization responsible for coordinating the maintenance and procedures of several databases related to the namespaces ...
and
Verisign Verisign Inc. is an American company based in Reston, Virginia, United States that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the , , and gener ...
, with support from the
U.S. Department of Commerce The United States Department of Commerce is an United States federal executive departments, executive department of the Federal government of the United States, U.S. federal government concerned with creating the conditions for economic growth ...
, started deploying
DNSSEC The Domain Name System Security Extensions (DNSSEC) are a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol ...
for
DNS root zone The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet. Before October 1, 2016, the root zone had been overseen by the Internet Corporation for Assigned Names and Numbers (ICANN) ...
s. Root signature details can be found on the Root DNSSEC's website.Root DNSSEC
/ref>


Cryptocurrency wallet

Cryptocurrency private keys can be stored in a
cryptocurrency wallet A cryptocurrency wallet is a device, physical medium, program or a service which stores the public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cryptocurrency wallet more often a ...
on a HSM.


See also

* Electronic funds transfer * FIPS 140 *
Public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilit ...
*
PKCS 11 In cryptography, PKCS #11 is one of the Public-Key Cryptography Standards, and also refers to the programming interface to create and manipulate cryptographic tokens (a token where the secret is a cryptographic key). Detail The PKCS #11 standa ...
*
Secure cryptoprocessor A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike crypt ...
*
Security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Examples of security tokens incl ...
*
Transparent data encryption Transparent Data Encryption (often abbreviated to TDE) is a technology employed by Microsoft, IBM and Oracle Corporation, Oracle to encryption, encrypt database files. TDE offers encryption at file level. TDE solves the problem of protecting data a ...
*
Security switch A security switch is a hardware device designed to protect computers, laptops, smartphones and similar devices from unauthorized access or operation, distinct from a virtual security switch which offers software protection. Security switches shoul ...
*
Trusted Platform Module Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a ch ...


Notes and references


External links

{{Commons category, Hardware security modules
Current NIST FIPS-140 certificates

Current CC certificates for HSMs (under "Products for digital signatures")

A Review of Hardware Security Modules
Cryptographic hardware Banking technology Cryptanalytic devices