Why We Need HSM
HSM stands for Hardware Security Module, a piece of hardware where some cryptographic operations can be securely performed.
What is an HSM? What is it good for? And why do we need it?
This is what we will explain in what follows.
Table of Contents
- What is an HSM
- What is an HSM Good at?
- Why We Need HSMs
What is an HSM
An HSM is a hardware system that keeps cryptographic key “in a safe place”, meaning that it can resist tampering and various attacks. Additionally, an HSM usually provides crypto processing and cryptographic operation as well as random number generation (RNG) or physical unclonable functions (PUF). In the common terminology, an HSM is an electronic card connected to a mainboard and usually enclosed by a box and have the shape of a computer server.
HSMs are supposed to host no viruses, no exploit, no malware and they must prevent strongly any unauthorized access.
They are considered to be so safe because they are built using specialized hardware, which hardware is certified in approved laboratories. Their OS is security-focused. They have limited access to the network and finally, they actively hide and protect cryptographic keys and secrets.
alsoRead
Post Quantum Cryptography
Here are two possible representation of an HSM:
Strictly speaking, a smartcard can be seen as an HSM, small but having all functions of an HSM.
What is an HSM Good at?
HSMs are good at:
- Storing in a secure way cryptographic secrets, symmetric keys, asymmetric private keys, and certificates;
- Generating cryptographic secrets, essentially key pairs that will never be able to leave the secure enclosure of the HSM ( e.g they cannot be exported );
- Providing a secure hash function;
- Providing secure/true Random Number Generation;
- Preventing tamperisation attempts by immediate cryptographic zeroization of the device in case of tampering event;
- Preventing access to memory;
- Resistant to fuzzing and side-channel attacks;
- Managing keys and key import/exports in secure ways.
In other words, HSMs are your trusted companions for anything which is related to cryptography and key management. While, in the context of cryptographic operations, you can’t really trust operating systems such as Windows or Linux and third-party software, you can (and should) trust HSMs because they have been specially designed for that!
Why We Need HSMs
HSMs can be a pretty expensive piece of hardware. A laptop provided with free encryption software is, in comparison, very cheap so why do we need them?
Some cheaper devices may act as HSM. Some of them are like “standard” PCs and have a very simple anti-intrusion system that will physically destroy the hardware in case the box containing the hardware will be opened and this is their only anti-tampering mechanism. Especially, the cryptographic keys are usually stored in the memory of the device, a standard hard drive with a Linux partition for instance.
Should an intruder manage to steal one of these boxes and open it without triggering the anti-intrusion mechanism which is usually not very hard, the attacker would just have to make a hole in the box with some sharp tools, then it was very easy to grab the hard drive inside and therefore read the cryptographic keys used to cipher and decipher all their communications.
Of course with an HSM, it would have been another story. It is practically impossible to penetrate the secure grid of the cryptographic core of an HSM for example, without triggering an anti-intrusion event, usually, zeroization.
Any organization which is using symmetric encryption cryptography should ask themselves: “where do we store the keys”. If the keys are encrypted, then the problem stays the same: where do they store the KEKs? The keys that encrypt the keys? and so on…
If such keys are stored in “standard” storage such as hard drives, flash memory, etc… then an attacker that will gain access to the device where they are stored will be able to read them and break all the encryption in place.
If the keys are encrypted and decrypted by a program, in whatever programming language it has been written, C, C++, C#, etc… and for whatever target it has been compiled ( Windows/Linux/X86/arm…) it is always possible to reverse such program and locate the keys.
Many software engineers and many IT specialists are simply unaware of the fact that there is absolutely no protection when a cryptographic key is stored in a program located in a PC (or any similar unprotected machine). In other terms, it is almost like displaying the key publically!
There are disassemblers able to fully reverse programs into assembly code like for instance the Interactive Disassembler IDA pro and decompilers able to reverse assembly code to original source code like Hex-Rays.
These programs are extremely sophisticated and allow, for example, breakpoints and debugging, even if the target program does not contain debug symbols.
It is always possible to “hide” the keys in secret partitions, which themselves can be ciphered by keys located elsewhere etc… It is possible to split the keys into plenty of small pieces scattered in every place and hidden using steganographic techniques.
It is eventually possible to combine all this with obfuscation and indeed this will create a real puzzle making the task of locating the keys a very painful task.
Yet, some people like solving puzzles and there are more techniques that can defeat such countermeasures like spying interprocess communication, temporarily files and RAM memory. Combined to disassembler and decompiler and deobfuscator, attackers are still able – maybe after several months of efforts – to read the keys.
As a concrete illustration of the damages of what IDA Pro and Hex-Rays can do, here are the partial results of some real security analysis done against a supposedly desktop security program that was interacting with a smartcard where keys were ciphered … Hex-Rays was still able to reconstruct pieces of the encryption code into C pseudo-code (here the keys and name are removed for confidentiality reasons )
After the analysis, it was finally possible to reconstruct the 3DES keys which were supposed to be totally protected.
Again, if the program which was interacting with the smartcard was an HSM, it would not have been possible to break the encryption.
Similar attacks can be performed against programs that operate outside HSMs, allowing tampering with cryptographic operations, scanning RAM to locate keys or modifying values to change the result of cryptographic operations, etc.
An HSM truly separates cryptographic operation from the rest of the “normal” business operation in a company and defines a trusted and secure zone where such operations can be done in confidence of not been attacked. By themselves, the “common” cryptographic libraries such as OpenSSL, or the Microsoft crypto APIs provide poor key isolation. Even the latest CNG (“Next Generation” Crypto) while it provides better key isolation and separate processes, cannot be compared with what provides an HSM.
Besides, HSM is much more than just “protected” memory and anti-tampering hardware, they also provide security software and firmware ( not the “common” operating systems), strong conditional access, etc.
Conclusion: HSMs are not “gadgets” used for decoration…they are really useful. In other terms there cannot be anyways to seriously protect an information system without them, hence we definitely and desperately need them.
Acodez is a leading website design and software development company in India. We offer all kinds of web design and web development services to our clients using the latest technologies. We are also a leading digital marketing company providing SEO, SMM, SEM, Inbound marketing services, etc at affordable prices. For further information, please contact us.
Why We Need HSM相关推荐
- android系统tee接口,Android操作系统上的TEE / HSM支持
受信任的执行环境(TEE):这是一个基于软件的构造,该构造在运行时上下文的常规范围内实现.它可以使用纯软件,也可以使用CPU和特定的操作码(即Intel SGX或ARM等效产品)以提供"硬件 ...
- optee HSM的实现
目录 1.IoT Security Needs 2.Hardware Security Module -- HSM 3.PKCS#11 - Cryptoki 4.Why not simply use ...
- 英飞凌AURIX HSM介绍
英飞凌AURIX HSM介绍 参考手册:英飞凌培训ppt HSM Introduction 1. HSM介绍与架构概述 HSM: Hardware Security Module,硬件安全模块,如下图 ...
- 层次状态机-HSM代码解析
有限状态机在学习和工作中经常能够遇到,前面的文章也有使用到.但是对于层次状态机网上的学习资源却很少,导致一直不理解这个工作机制,后面偶然在GitHub看到一篇文章,深入学习后发现层次状态机太实用了,如 ...
- 层次状态机-HSM应用解析
在上一面文章中分析了HSM的核心代码,本文章主要是对HSM的应用解析,以相机拍照为例子,对状态和事件的调用,实现拍照.查看照片.切换拍照模式.低电量关机等功能. 一.状态和事件 这个例子里面用了四种事 ...
- 【AUTOSAR】:功能安全(HSM与HOST的配置)
HSM vHSM启动 Reference Documents vHSM启动流程 SWC请求加密服务的流程 AutoSar 4.3系统中的安全模块 示例,请求加密流程 Reference Documen ...
- MPC+HSM造就了安全的数字托管人
今天的机构投资者明智地将他们的数字资产交给受信任的第三方托管--但您能否通过将资产分散到多个托管人手中来进一步降低风险? HSM 与 MPC--用于实时机构加密资产托管,我们还添加了第三种解决方案-- ...
- 汽车信息安全系列-3.TI HSM笔记(更新中)
HSE 相对于 SHE 主要多了独立的CPU 并且支持非对称算法 HSM 架构的安全目标: 安全启动,安全运行,安全debug,算法加速 HSM 架构有以下feature: 防火墙保护 独立CPU,保 ...
- 汽车网络安全:TEE是否能够取代HSM?
随着越来越多的设备接入网络,对关键资产的安全性防护需求也在增加.以往,这些都由硬件安全模块 (HSM)提供,但在过去十年中,可信执行环境(TEE)的使用显着增长.本文旨在让读者了解这两种解决方案之间的 ...
- HSM(安全管理平台)
一.HSM解决的三大问题 1.1 三大问题 1.策略运维问题:简化对象和策略的管理维护工作.检验新增策略有效性.检测无用对象和重复策略.策略操作的审计: 2.设备配置问题:发现哪些设备进行哪些配置修改 ...
最新文章
- [Git/Github] ubuntu 14.0 下github 配置
- Tomcat开机启动
- 靠谱推荐 | 我读完了所有数据产品经理的书?!
- jQuery 时间控件推荐(1)
- c#中的静态构造函数
- nodejs集成sqlite
- HTML5的web开发,基于Html5技术的WEB开发
- 大一C语言和线性代数,有谁学过线性代数和C语言啊?
- Unity变量命名的6个重要提示
- C++函数的返回值是指针
- 用promise封装ajax_回调、使用Promise封装ajax()、Promise入门
- apk java反编译_【Apk反编译】如何反编译Apk得到Java源代码
- 一文详解 RSA 非对称加密算法
- Android 10.0在电话拨号盘(Dialer app中)通过暗码进入工厂测试模式
- Mind+敌我双方发射炮弹小游戏
- 30秒教会您Orange一键资源采集功能
- 【转载】8B/10B Encode/Decode详解
- C#下使用第三方开源控件读取Excel文件的内容
- python:实现辗转相除
- 速卖通教你如何提升店铺转化率——测评补单