Movatterモバイル変換

[0]ホーム

Jump to content

Hardware security module

Edit links

From Wikipedia, the free encyclopedia

This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: "Hardware security module" – news ·newspapers ·books ·scholar ·JSTOR(November 2017) (Learn how and when to remove this message)

Physical computing device

Ahardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantlydigital keys), and performsencryption and decryption functions fordigital signatures, strong authentication and other cryptographic functions.^[1] These modules traditionally come in the form of a plug-in card or an external device that attaches directly to acomputer ornetwork server. A hardware security module contains one or moresecure cryptoprocessor chips.^[2]^[3]

Design

[edit]

HSMs may have features that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the HSM inoperable, or tamper responsiveness such as deleting keys upon tamper detection.^[4] Each module contains one or moresecure cryptoprocessor chips to prevent tampering andbus probing, or a combination of chips in a module that is protected by the tamper evident, tamper resistant, or tamper responsive packaging. A vast majority of existing HSMs are designed mainly to manage secret keys. Many HSM systems have means to securely back up the keys they handle outside of the HSM. Keys may be backed up in wrapped form and stored on acomputer disk or other media, or externally using a secure portable device like asmartcard or some othersecurity token.^[5]

HSMs are used for real time authorization and authentication in critical infrastructure thus are typically engineered to support standard high availability models includingclustering, automatedfailover, and redundantfield-replaceable components.

A few of the HSMs available in the market have the capability to execute specially developed modules within the HSM's secure enclosure. Such an ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The modules can be developed in nativeC language, .NET,Java, or other programming languages.

Certification

[edit]

Due to the critical role they play in securing applications and infrastructure, general purpose HSMs and/or the cryptographic modules are typically certified according to internationally recognized standards such asCommon Criteria (e.g. using Protection Profile EN 419 221-5, "Cryptographic Module for Trust Services") orFIPS 140 (currently the 3rd version, often referred to as FIPS 140-3). Although the highest level ofFIPS 140 security certification attainable is Security Level 4, most of the HSMs have Level 3 certification. In the Common Criteria system the highest EAL (Evaluation Assurance Level) is EAL7, most of the HSMs have EAL4+ certification. When used in financial payments applications, the security of an HSM is often validated against the HSM requirements defined by thePayment Card Industry Security Standards Council.^[6]

Uses

[edit]

A hardware security module can be employed in any application that uses digital keys. Typically, the keys would be of high value - meaning there would be a significant, negative impact to the owner of the key if it were compromised.

The functions of an HSM are:

onboard secure cryptographic key generation,
onboard secure cryptographic key storage, at least for the top level and most sensitive keys, which are often called master keys,
key management,
use of cryptographic and sensitive data material, for example, performing decryption or digital signature functions,
onboard secure deletion of cryptographic and other sensitive data material that was managed by it.

HSMs are also deployed to managetransparent data encryption keys for databases and keys for storage devices such asdisk ortape.^{[citation needed]}

Some HSM systems are also hardwarecryptographic accelerators. They usually cannot beat the performance of hardware-only solutions for symmetric key operations. However, with performance ranges from 1 to 10,000 1024-bitRSA signatures per second, HSMs can provide significant CPU offload for asymmetric key operations. Since theNational Institute of Standards and Technology (NIST) is recommending the use of 2,048 bit RSA keys from year 2010,^[7] performance at longer key sizes has become more important. To address this issue, most HSMs now supportelliptic curve cryptography (ECC), which delivers stronger encryption with shorter key lengths.

PKI environment (CA HSMs)

[edit]

InPKI environments, the HSMs may be used bycertification authorities (CAs) andregistration authorities (RAs) to generate, store, and handle asymmetric key pairs. In these cases, there are some fundamental features a device must have, namely:

Logical and physical high-level protection
Multi-part user authorization schema (seesecret sharing)
Full audit and log traces
Secure key backup

On the other hand, device performance in a PKI environment is generally less important, in both online and offline operations, as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

Card payment system HSMs (bank HSMs)

[edit]

Specialized HSMs are used in the payment card industry. HSMs support both general-purpose functions and specialized functions required to process transactions and comply with industry standards. They normally do not feature a standardAPI.

Typical applications are transaction authorization and payment card personalization, requiring functions such as:

verify that a user-entered PIN matches the reference PIN known to the card issuer
verify credit/debit card transactions by checking card security codes or by performing host processing components of anEMV based transaction in conjunction with anATM controller orPOS terminal
support a crypto-API with asmart card (such as anEMV)
re-encrypt a PIN block to send it to another authorization host
perform securekey management
support a protocol of POS ATM network management
support de facto standards of host-host key | data exchange API
generate and print a "PIN mailer"
generate data for a magnetic stripe card (PVV,CVV)
generate a card keyset and support the personalization process forsmart cards

The major organizations that produce and maintain standards for HSMs on the banking market are thePayment Card Industry Security Standards Council,ANS X9, andISO.

SSL connection establishment

[edit]

Performance-critical applications that have to useHTTPS (SSL/TLS), can benefit from the use of an SSL Acceleration HSM by moving the RSA operations, which typically requires several large integer multiplications, from the host CPU to the HSM device. Typical HSM devices can perform about 1 to 10,000 1024-bit RSA operations/second.^[8]^[9] Some performance at longer key sizes is becoming increasingly important.

DNSSEC

[edit]

An increasing number of registries use HSMs to store the key material that is used to sign largezonefiles.OpenDNSSEC is an open-source tool that manages signing DNSzone files.

On January 27, 2007,ICANN andVerisign, with support from theU.S. Department of Commerce, started deployingDNSSEC forDNS root zones.^[10] Root signature details can be found on the Root DNSSEC's website.^[11]

Blockchain and HSMs

[edit]

Blockchain technology depends on cryptographic operations. Safeguarding private keys is essential to maintain the security of blockchain processes that utilize asymmetric cryptography. The private keys are often stored in acryptocurrency wallet like the hardware wallet in the image.

The synergy between HSMs and blockchain is mentioned in several papers, emphasizing their role in securing private keys and verifying identity, e.g. in contexts such as blockchain-driven mobility solutions.^[12]^[13]