Scribd
Upload
173 views29 pages

HSM 20090529

An HSM (hardware security module) is a protected device that securely holds and manages digital keys. It stores keys in tamper-proof memory so they cannot be extracted. Some HSMs also accelerate cryptography using hardware. Well-defined software interfaces like PKCS#11 allow applications to interface with the HSM. Using an HSM improves security by physically separating keys from software and providing FIPS certification of its tamper resistance and key protection. Buyers should consider an HSM's interface, algorithms, capacity, performance, certification level, and price when selecting one.

Uploaded by

Ruben De Leon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
173 views29 pages

HSM 20090529

An HSM (hardware security module) is a protected device that securely holds and manages digital keys. It stores keys in tamper-proof memory so they cannot be extracted. Some HSMs also accelerate cryptography using hardware. Well-defined software interfaces like PKCS#11 allow applications to interface with the HSM. Using an HSM improves security by physically separating keys from software and providing FIPS certification of its tamper resistance and key protection. Buyers should consider an HSM's interface, algorithms, capacity, performance, certification level, and price when selecting one.

Uploaded by

Ruben De Leon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 29

HSM

Hardware Security Modules


Jakob Schlyter [email protected]

!"#$"
1

What is an HSM?

!"#$"
2

What is an HSM?
Protected keystore

Private keys can never be extracted in clear

Crypto hardware

Sometimes increases speed (but not always)

Well-defined software interface


!"#$"
3

Protected Keystore
Keys stored in tamperproof memory

If you mess with the chip, the device will (try to)
detect it and zeroize

Implemented using

Covering components in epoxy


Thin wires covering sensitive components

!"#$"
4

Crypto Hardware
Hardware to assist accelerate symmetric
and asymmetric crypto

RSA, DSA, AES, 3DES

Good random number generator


Hashing is often implemented in the host
!"#$"
5

API
PKCS#11 (aka Cryptoki)
OpenSSL Engine
Microsoft CAPI
Java Cryptography Extension
!"#$"
6

Stacked APIs are possible


Application
OpenSSL
EVP Crypto Library
PKCS#11
Engine

Native
Engine

PKCS#11 Library

Crypto Device

CPU

!"#$"
7

Why use a HSM?

!"#$"
8

What is the risk?


Keys can be comprimised by

Compromised hosts
Disgruntled staff
Math

!"#$"
9

How do we lower the risk?


Protect the host itself

But some sort of remote management is usually


needed anyway

Protect the private keys

Move keys to HSM

!"#$"
10

Residual risk
Keys can still be misused

If you can use a key, you can also misuse it

Garbage in

Garage out

If you feed it a bad zone the result is still a


signed bad zone

!"#$"
11

Increase trust?
Using an HSM increases trust Why?

Standards compliance
Verifiable security e.g. FIPS 140-2

Also provides a clean cut between keystore


and signing software

You know where your keys are (and not are)

!"#$"
12

The Buyers Guide to


Hardware Security Modules

!"#$"
13

Types of HSMs
Local interface e.g. PCI cards
Remote interface e.g. Ethernet

Sharable between multiple hosts

Smart cards
USB tokens

usually a smart card with integrated reader

!"#$"
14

Algorithms and key sizes


What algorithms are supported

RSA recommended, DSA optional

What key sizes are supported

Minimum key size 1024 bits recommended


Maximum key size 2048 bits recommended

!"#$"
15

Capacity
How many keys can be stored?
Where are the keys stored?

Internal keystore
External keystore (encrypted by master key)

!"#$"
16

API
What API do you need?

PKCS#11, OpenSSL, MS-CAPI, JCE

What platforms are supported?

Mind details like Linux kernel versions,


distributions etc.

!"#$"
17

Speed
Signing speed RSA

Usually measured in 1024-bit signing operations


(with public exponent 3 or 65537) per second.

Key generation speed RSA

Usually the average key generation time for


1024-bit and 2048-bit keys per second.

!"#$"
18

Security Certifications
FIPS 140-2

Federal Information Processing Standard

CC-EAL

Common Criteria Evaluation Assurance Levels

!"#$"
19

FIPS 140-2
Level

Requirement

Basic security requirements

Tamper evidence, user authentication

3
4

Tamper detection/resistance, data zeroisation,


splitting user roles
Very high tamper detection/resistance,
Enviromental protection

!"#$"
20

CC-EAL
What Protection Profile (PP) has been used
for the Target of Evalation (ToE)?

CMCKG-PP Key Generation


CMCSO-PP Signing Operations

!"#$"
21

Key Backup
How do you backup your keystore?
Can you restore a backup elsewhere?

e.g. on a hot-standby site

Split key backup possible?


Well-known backup format?
!"#$"
22

Examples of HSMs

!"#$"
23

SCA 6000

Sun Crypto Accelerator 6000


Interface

PCI-Express x8

Certification

FIPS 140-2 level 3

Performance

13,000 sign/s

RSA-1024

System Support

Solaris, Linux

Approx price

960

!"#$"
24

AEP Keyper 9720


Interface

Ethernet

Certification

FIPS 140-2 level 4

Performance

1,200 sign/s

RSA-1024

System Support

Solaris, Linux, Windows

Approx price

17,500

!"#$"
25

IBM 4764 PCIXCC


Interface

PCI-X

Certification

FIPS 140-2 level 4

Performance

1,200 sign/s

RSA-1024

System Support

Solaris, Linux, Windows, AIX, i5/OS

Approx price

6,600

!"#$"
26

SoftHSM
Interface

software

Certification

none

Performance

CPU-dependent

RSA-1024

System Support

Unix

Approx price

Note: Not really a HSM just looks like one

!"#$"
27

Other vendors
Thales (formerly nCipher)

netHSM, nShield

SafeNet

Luna SP, Luna CA, Luna PCI

!"#$"
28

[email protected]

!"#$"
29

You might also like