HOME

TheInfoList



OR:

A hardware security module (HSM) is a physical computing device that safeguards and manages secrets (most importantly digital keys), and performs
encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...
and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a
computer A computer is a machine that can be Computer programming, programmed to automatically Execution (computing), carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic set ...
or network server. A hardware security module contains one or more
secure cryptoprocessor A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryp ...
chips ''CHiPs'' is an American crime drama television series created by Rick Rosner and originally aired on NBC from September 15, 1977, to May 1, 1983. After the final first-run telecast on NBC in May 1983, the series went into reruns on Sundays fr ...
.


Design

HSMs may have features that provide tamper evidence such as visible signs of tampering or logging and alerting, or tamper resistance which makes tampering difficult without making the HSM inoperable, or tamper responsiveness such as deleting keys upon tamper detection. Each module contains one or more
secure cryptoprocessor A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryp ...
chips to prevent tampering and bus probing, or a combination of chips in a module that is protected by the tamper evident, tamper resistant, or tamper responsive packaging. A vast majority of existing HSMs are designed mainly to manage secret keys. Many HSM systems have means to securely back up the keys they handle outside of the HSM. Keys may be backed up in wrapped form and stored on a
computer disk A computer is a machine that can be programmed to automatically carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic sets of operations known as ''programs'', w ...
or other media, or externally using a secure portable device like a
smartcard A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a ...
or some other
security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked door ...
. HSMs are used for real time authorization and authentication in critical infrastructure thus are typically engineered to support standard high availability models including clustering, automated
failover Failover is switching to a redundant or standby computer server, system, hardware component or network upon the failure or abnormal termination of the previously active application, server, system, hardware component, or network in a computer ...
, and redundant field-replaceable components. A few of the HSMs available in the market have the capability to execute specially developed modules within the HSM's secure enclosure. Such an ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The modules can be developed in native
C language C (''pronounced'' '' – like the letter c'') is a general-purpose programming language. It was created in the 1970s by Dennis Ritchie and remains very widely used and influential. By design, C's features cleanly reflect the capabilities o ...
, .NET,
Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
, or other programming languages.


Certification

Due to the critical role they play in securing applications and infrastructure, general purpose HSMs and/or the cryptographic modules are typically certified according to internationally recognized standards such as
Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (International Organization for Standardization, ISO/International Electrotechnical Commission, IEC 15408) for co ...
(e.g. using Protection Profile EN 419 221-5, "Cryptographic Module for Trust Services") or
FIPS 140 The 140 series of Federal Information Processing Standards ( FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules. , FIPS 140-2 and FIPS 140-3 are both accepted as current and active. FIPS 1 ...
(currently the 3rd version, often referred to as FIPS 140-3). Although the highest level of
FIPS 140 The 140 series of Federal Information Processing Standards ( FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules. , FIPS 140-2 and FIPS 140-3 are both accepted as current and active. FIPS 1 ...
security certification attainable is Security Level 4, most of the HSMs have Level 3 certification. In the Common Criteria system the highest EAL (Evaluation Assurance Level) is EAL7, most of the HSMs have EAL4+ certification. When used in financial payments applications, the security of an HSM is often validated against the HSM requirements defined by the
Payment Card Industry Security Standards Council The Payment Card Industry Security Standards Council (PCI SSC) was formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on 7 September 2006, with the goal of managing the ongoing evolution of t ...
.


Uses

A hardware security module can be employed in any application that uses digital keys. Typically, the keys would be of high value - meaning there would be a significant, negative impact to the owner of the key if it were compromised. The functions of an HSM are: * onboard secure cryptographic key generation, * onboard secure cryptographic key storage, at least for the top level and most sensitive keys, which are often called master keys, * key management, * use of cryptographic and sensitive data material, for example, performing decryption or digital signature functions, * onboard secure deletion of cryptographic and other sensitive data material that was managed by it. HSMs are also deployed to manage transparent data encryption keys for databases and keys for storage devices such as disk or tape. Some HSM systems are also hardware cryptographic accelerators. They usually cannot beat the performance of hardware-only solutions for symmetric key operations. However, with performance ranges from 1 to 10,000 1024-bit RSA signatures per second, HSMs can provide significant CPU offload for asymmetric key operations. Since the
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into Outline of p ...
(NIST) is recommending the use of 2,048 bit RSA keys from year 2010, performance at longer key sizes has become more important. To address this issue, most HSMs now support
elliptic curve cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys to provide equivalent security, compared to cryptosystems based on modula ...
(ECC), which delivers stronger encryption with shorter key lengths.


PKI environment (CA HSMs)

In PKI environments, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle asymmetric key pairs. In these cases, there are some fundamental features a device must have, namely: * Logical and physical high-level protection * Multi-part user authorization schema (see
secret sharing Secret sharing (also called secret splitting) refers to methods for distributing a secrecy, secret among a group, in such a way that no individual holds any intelligible information about the secret, but when a sufficient number of individuals c ...
) * Full audit and log traces * Secure key backup On the other hand, device performance in a PKI environment is generally less important, in both online and offline operations, as Registration Authority procedures represent the performance bottleneck of the Infrastructure.


Card payment system HSMs (bank HSMs)

Specialized HSMs are used in the payment card industry. HSMs support both general-purpose functions and specialized functions required to process transactions and comply with industry standards. They normally do not feature a standard
API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...
. Typical applications are transaction authorization and payment card personalization, requiring functions such as: * verify that a user-entered PIN matches the reference PIN known to the card issuer * verify credit/debit card transactions by checking card security codes or by performing host processing components of an
EMV EMV is a payment method based on a technical standard for smart card, smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for "Europay International, Europay, Mastercard, and Visa Inc., ...
based transaction in conjunction with an ATM controller or
POS terminal A payment terminal, also known as a point of sale (POS) terminal, credit card machine, card reader, PIN pad, EFTPOS terminal (or by the older term as PDQ terminal which stands for "Process Data Quickly"), is a device which interfaces with paymen ...
* support a crypto-API with a
smart card A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...
(such as an
EMV EMV is a payment method based on a technical standard for smart card, smart payment cards and for payment terminals and automated teller machines which can accept them. EMV stands for "Europay International, Europay, Mastercard, and Visa Inc., ...
) * re-encrypt a PIN block to send it to another authorization host * perform secure
key management Key management refers to management of Key (cryptography), cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic ...
* support a protocol of POS ATM network management * support de facto standards of host-host key , data exchange API * generate and print a "PIN mailer" * generate data for a magnetic stripe card (PVV, CVV) * generate a card keyset and support the personalization process for
smart card A smart card (SC), chip card, or integrated circuit card (ICC or IC card), is a card used to control access to a resource. It is typically a plastic credit card-sized card with an Embedded system, embedded integrated circuit (IC) chip. Many smart ...
s The major organizations that produce and maintain standards for HSMs on the banking market are the
Payment Card Industry Security Standards Council The Payment Card Industry Security Standards Council (PCI SSC) was formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on 7 September 2006, with the goal of managing the ongoing evolution of t ...
, ANS X9, and
ISO The International Organization for Standardization (ISO ; ; ) is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries. Me ...
.


SSL connection establishment

Performance-critical applications that have to use
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
( SSL/ TLS), can benefit from the use of an SSL Acceleration HSM by moving the RSA operations, which typically requires several large integer multiplications, from the host CPU to the HSM device. Typical HSM devices can perform about 1 to 10,000 1024-bit RSA operations/second. Some performance at longer key sizes is becoming increasingly important.


DNSSEC

An increasing number of registries use HSMs to store the key material that is used to sign large zonefiles. OpenDNSSEC is an open-source tool that manages signing DNS
zone file A Domain Name System (DNS) zone file is a text file that describes a DNS zone. A DNS zone is a subset, often a single domain, of the hierarchical domain name structure of the DNS. The zone file contains mappings between domain names and IP add ...
s. On January 27, 2007,
ICANN The Internet Corporation for Assigned Names and Numbers (ICANN ) is a global multistakeholder group and nonprofit organization headquartered in the United States responsible for coordinating the maintenance and procedures of several dat ...
and
Verisign Verisign, Inc. is an American company based in Reston, Virginia, that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the , , and generic top-level d ...
, with support from the U.S. Department of Commerce, started deploying
DNSSEC The Domain Name System Security Extensions (DNSSEC) is a suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System ( DNS) in Internet Protocol ( IP) networks. The protoco ...
for
DNS root zone The DNS root zone is the top-level DNS zone in the hierarchical namespace of the Domain Name System (DNS) of the Internet. Before October 1, 2016, the root zone had been overseen by the Internet Corporation for Assigned Names and Numbers (ICANN ...
s. Root signature details can be found on the Root DNSSEC's website.Root DNSSEC
/ref>


Blockchain and HSMs

Blockchain The blockchain is a distributed ledger with growing lists of Record (computer science), records (''blocks'') that are securely linked together via Cryptographic hash function, cryptographic hashes. Each block contains a cryptographic hash of th ...
technology depends on cryptographic operations. Safeguarding private keys is essential to maintain the security of blockchain processes that utilize asymmetric cryptography. The private keys are often stored in a
cryptocurrency wallet A cryptocurrency wallet is a device, physical medium, program or an online service which stores the Public-key cryptography, public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cr ...
like the hardware wallet in the image. The synergy between HSMs and blockchain is mentioned in several papers, emphasizing their role in securing private keys and verifying identity, e.g. in contexts such as blockchain-driven mobility solutions.


See also

*
FIPS 140 The 140 series of Federal Information Processing Standards ( FIPS) are U.S. government computer security standards that specify requirements for cryptographic modules. , FIPS 140-2 and FIPS 140-3 are both accepted as current and active. FIPS 1 ...
*
Public key infrastructure A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to fac ...
* PKCS 11 *
Secure cryptoprocessor A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryp ...
*
Security token A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked door ...
* Transparent data encryption * Security switch *
Trusted Platform Module A Trusted Platform Module (TPM) is a secure cryptoprocessor that implements the ISO/IEC 11889 standard. Common uses are verifying that the boot process starts from a trusted combination of hardware and software and storing disk encryption keys. ...


Notes and references


External links

{{Spoken Wikipedia, date=2023-10-12, EN-Hardware security module-article.ogg
Current NIST FIPS-140 certificates

Current CC certificates for HSMs (under "Products for digital signatures")

A Review of Hardware Security Modules
Banking technology Computer security hardware Cryptanalytic devices Cryptographic hardware