What makes HSM safe?

The HSM, or Hardware Security Module, is a specialized hardware device for securely generating, managing and storing cryptographic keys and performing secure cryptographic key operations. From this perspective, an HSM can be likened to a token or a smart card, but these lack many of the important features of an HSM, whether in terms of performance, security or connectivity.

What is HSM

HSMs can also be divided into network (shared) and standalone cards. The HSM in card form is designed for a single server and is inserted into a standard PCI Express slot. This use is suitable for situations where the HSM serves only the server, for example, for a certification authority or for an authority providing timestamps. Network HSMs are designed to connect to multiple servers and communicate over IP. It is common to connect using multiple 1 Gbps Ethernet ports.

An HSM module, such as the one shown in Figure 1, usually takes the form of a device comparable in size to a 1U server placed in a data rack. HSM devices have a high throughput of hundreds of 2048 bit RSA key transactions per second, provide a high level of key protection and, for example, detect breaches in physical and software integrity, responding to a detected breach by completely deleting the managed data. In addition, they have the means to audit the operations performed and the ability to automatically monitor the status of the device. Private keys cannot be exported from the HSM in any way and can be configured to ensure that key imports are not possible. In this case, the trustworthiness of the existence of the private key in just one place is guaranteed.

There are a number of manufacturers of HSM modules, among the best known are nCipher Security (now part of Entrust Datacard), SafeNet (part of Gemalto and Thales Group) or Utimaco. We have the most experience (over 10 years) with products from nCipher, whose reliable HSMs from the nShield series cover 40% of the global market. We also use HSMs from the progressive German company Utimaco, which is known for its rapid adoption of new cryptographic algorithms and is currently the third largest manufacturer with 15% market coverage of HSMs.

HSM support

Support for HSM devices beyond manufacturer support. Services and consultation.

Consultation and development
PKI team support
End of Support facilities

Electronic seal

Electronic seal recognised throughout the EU. Integrated with signature.

Qualified seal
Advanced seal
Plain seal

HSM installation and sales

HSM installation, support and consultation.

Certified EAL+ devices
1000+ operations/minute
Remote management tools

Using HSM

HSMs can be divided into two main types according to the type of use: general and payment. Both types have a lot in common and we encounter both types on a daily basis without even knowing it. For example, when withdrawing money from an ATM, making card payments or other banking transactions, payment HSMs are everywhere in the background. HSMs from the general category, otherwise also General Purpose HSMs, have a really wide range of applications and can be found wherever the highest degree of trust is required. In fact, the source of trust is the main thing that HSMs offer. If we were to name the most common uses, they are application layer encryption, encryption of connections (TLS/SSL) and databases, Bring Your Own Key (BYOK) provisioning for cloud services, Code Signing, and a source of trust for the entire IoT and of course the entire PKI, e.g. even for Certificate Authorities. Among other areas, blockchain, privileged user access management and DNSSEC are currently still popular. HSM modules are often used for multiple purposes at the same time. This is possible due to the sufficient performance and the secure separation of access to individual keys.

Another major area of application for General Purpose HSM, which is mainly driven by Europe and also by our company, is the eIDAS regulation and digital trust associated with documents. With those documents that we have the digital equivalent of a handwritten signature or an organization's stamp, those that have a high legal level of trust. It is therefore essential that the private keys to both the qualified signature and the qualified seal are securely protected and that these keys are guaranteed not to fall into the hands of others. Devices that can protect keys for qualified signatures(QSignCD) and seals(QSealCD) are required to meet clearly defined Common Criteria Level EAL4+ certifications according to ISO 15408 and NIST FIPS 140-2 Level 3. In the case of the aforementioned security certifications, these are mainly the so-called EN 419 221-5 Certification Profile (Protection Profile), which defines the parameters and behaviour of the type of device that the respective certification process evaluates.

HSM safety

HSMs contain a number of elements that are able to detect attempts to compromise their integrity, both at the software level and at the physical level. Physical security is usually provided by opaque epoxy for key elements of the HSM or by a number of sensors that detect attempts at so-called side channel attacks. Just a simple intrusion under the HSM's cover will ensure irreversible deletion of protected data. In terms of protection against the common unwanted visitor in the datacenter, it is common for most HSMs to have the entire front panel locked and therefore not even basic access to the basic configuration.

The actual delivery of the HSM from the factory is monitored by the manufacturer after delivery to us. It is then up to us to inspect the delivered HSM, which includes checking various elements to ensure that the HSM has not been tampered with en route. Examples include holographic stickers, logs with the declared product number or verification of the checksum data for the delivered software. A separate and very important chapter is the actual setup of the HSM and key handling processes and setting up an appropriate security policy.

Keys in an HSM can usually be protected using a software token with a PIN, a physical USB token or smart cards. In the case of smart cards, the activation of the key, i.e. its use by the application, is dependent on the operator inserting a card or multiple cards into the HSM. In fact, the key itself can be protected using the so-called M of N card quorum, where M cards out of N cards need to be inserted to activate the key.

There is one important feature of HSM that is related to the use of smart cards and that is the possibility of remote access. In the normal case, HSMs are located somewhere in the data centre and most often in other geographical locations. If the HSM does not support remote management, i.e., the ability to insert smart cards into a reader physically located at home, the added security of smart cards can be time consuming.

The very way of working with multiple keys and multiple protective equipment is one of the important elements of safety. The concept of role separation is used by all major HSM vendors and includes secure key separation, where an application cannot access another application's key (e.g., a file service to a CA), user role separation, where an operator cannot access multiple smart cards at the same time, and for example, an HSM administrator should not have access to keys at all. What differs between vendors is the ability to set the extent of the separation, the number of assignable roles, but also, for example, the reverse option of pooling access from multiple servers of one application to a single key.

The architecture of the actual work with keys and their protection means varies greatly from one HSM manufacturer to another, which determines both the way of working with HSM and the licensing models. These may limit performance, the maximum number of keys, the number of connectable HSM clients, but also the possibility of backup or remote access.

Individual vendors vary widely in the way keys are backed up and in the configuration of the HSM itself, from cumbersome approaches to special physical tokens to the ability to back up encrypted objects by normal file system means.

The communication with HSM clients, i.e. with servers that use protected keys, is practically the same for major HSM vendors and supports common standards such as PKCS#11, OpenSSL, JCE or Microsoft CNG.

Related
products and services

OBELISK Signing Portal

Consultation on the digitization of organizations

OBELISK Digitalization Platform

What makes HSM safe