<< Back to technical glossary
Defining the Hardware Security Module A
hardware security module
(HSM) is a dedicated cryptographic processor that manages and protects digital keys. Specifically designed to protect the cryptographic key lifecycle, hardware security modules perform encryption and decryption functions for strong authentication, digital signatures, and other cryptographic functions.
HSMs serve as trust anchors to create hardened, tamper-resistant environments for storing cryptographic keys. Traditionally, a hardware security module includes one or more secure cryptoprocessor chips and usually exists as an external device or add-on card that connects directly to a network server or computer.
Frequently Asked Questions
is a hardware security module? A
general-purpose hardware security module is a standards-compliant cryptographic device that uses physical security measures, logical security controls, and strong encryption to protect sensitive data in transit, in use, and at rest. An HSM may also be called a Secure Application Module (SAM), Personal Computer Security Module (PCSM), or hardware cryptographic module.
The hardware security module creates a trusted environment for performing a variety of cryptographic operations, including key exchange, key management, and encryption. In this context, “trusted” means free of malware and viruses, and protected against exploits and unauthorized access.
An HSM can be trusted because: It
- is built on certified, well-tested, and specialized hardware
- It runs a security-focused operating system
- Its entire design actively protects and hides cryptographic information
- You have limited access to the network through a moderated interface that is strictly controlled by internal rules.
Without a hardware security module, ordinary operations and cryptographic operations take place in the same locations, so attackers can access ordinary business logic data along with sensitive information such as keys and certificates. Hackers can install arbitrary certificates, expand unauthorized access, alter code, and otherwise dangerously affect cryptographic operations.
How do hardware security modules work?
Encryption, the process of making sensitive data indecipherable except to those with authorized access, forms the foundation of an HSM’s core functionality. Secure decryption and message authentication are also part of HSM functionality.
Randomly generated values are essential to the encryption process as they are used to create encryption keys. Decrypting that sensitive information is always just a step away with keys in hand, so storing encryption keys in a secure environment is essential.
Hardware security modules generate and store encryption keys used across multiple devices. They have special hardware to create entropy and generate high-quality random keys. Larger organizations may operate multiple HSMs simultaneously instead of just one. Whether you deploy one or multiple HSMs, a centralized, streamlined key management system based on both external regulations and strong internal security policies improves security and compliance.
HSMs are typically certified to internationally recognized standards such as FIPS 140 or Common Criteria. This is related to the critical role of HSMs in securing infrastructure and applications, and the related need to assure users that the design and implementation of cryptographic products and algorithms are robust. The highest attainable FIPS 140 security certification level is security level 4. Users often validate the security of an HSM against the requirements defined by the Payment Card Industry Security Standards Council for HSMs in financial payment applications.
Hardware Security Module Architecture
HSMs can have tamper-proof or tamper-proof features. For example, hardware security modules may show visible signs of logging and alerts, or they may stop working if tampered with. Some HSMs can delete keys when tampering is detected. Hardware security modules are typically protected by tamper-resistant, tamper-proof, tamper-proof and tamper-responsive packaging, and contain one or more cryptoprocessor chips or a module containing a combination of chips to prevent probing and tampering of the bus.
HSMs can generally be grouped together for high availability, as they are often part of a mission-critical infrastructure, such as an online banking application or a public key infrastructure. Some hardware security modules enable business continuity and fit the high availability requirements of data center environments. For example, they may have on-site replaceable components or dual power supplies to ensure availability despite a disaster.
Some HSMs can internally run specially developed modules in native C language, Java, .NET, or other programming languages. Such a capability can help an organization that needs to run business logic or special algorithms in a trusted environment. Next-generation hardware security modules can often address running and loading COTS software and operating systems and other complex tasks without requiring complete reprogramming and customization.
security module applications
Any application that uses digital keys can use a hardware security module. In general, to justify the use of an HSM, the compromise of the keys would have to cause a serious and negative impact. In other words, digital keys must be of high value to be generated and maintained in a USB hardware security module or other device.
The key functions of an HSM are as follows:
For a certificate authority, the
- HSM is an integrated cryptographic key generation and secure key storage facility, especially for primary keys or the most sensitive higher-level keys
- It helps in the authentication process by verifying digital signatures
- stored in relatively less secure locations, such as databases, and securely encrypts sensitive data for storage
- Generates secure keys for smart card production.
- storage devices such as tape or disk and transparent data encryption keys for databases
- It provides physical and logical protection of sensitive information, including cryptographic keys, against unauthorized use, disclosure, and potential attackers
- Supports asymmetric or public-key cryptography and symmetric cryptography.
- Some HSMs act as hardware cryptographic accelerators for SSL connections and many offer asymmetric key operations of significant CPU offload. Most HSMs now also support elliptic curve cryptography (ECC), which provides stronger encryption despite shorter key lengths.
- For applications that are performance-critical and must use HTTPS (SSL/TLS), an SSL acceleration HSM can relocate RSA operations from the host CPU to the HSM device. RSA operations generally require several large integer multiplications, and typical hardware security modules can perform about 1 to 10,000 1024 bits/second RSA operations. Certain specialized hardware-based security modules can achieve 20,000 operations per second.
- In PKI environments, registration authorities (RAs) and certification authorities (CAs) can use HSMs to generate, manage, and store asymmetric key pairs.
- modules or card payment system hardware security modules are specialized HSMs applied in the payment card industry. As such, these HSMs support both typical hardware security module functions and specialized functions that demand transaction processing and industry standards for compliance. Typical applications are payment card personalization and transaction authorization. The leading standard-setting organizations for banking HSMs are ANS X9, the Payment Card Industry Security Standards Council (PCISSC), and ISO.
- Some registries store basic material for signing large zone files in HSMs. For example, OpenDNSSEC is an open-source hardware security module tool for managing DNS zone file signing.
- HSMs can be used as cryptocurrency wallets.
. Verifies the integrity of sensitive data
Manages keys for
Banking hardware security
. Trusted Execution Environments (TEEs) and Trusted Platform Modules (TPMs)
A trusted execution environment (TEE) is a secure area created as part of a main computer processor. It is designed to ensure that the data and code within the TEE are protected in terms of integrity and confidentiality.
A trusted platform module (TPM) is a special chip designed and soldered onto the motherboard to make access to your secret keys difficult and immediately obvious. This physical step is intended to provide a trusted hardware source in the computer system. TPMs generally do not add computational capacity, although they may offer some basic capabilities, such as random key generation or encryption of small amounts of data.
A hardware security module, on the other hand, maintains encryption keys external to the operating system. Although there is some overlap between TEEs, TPMs, and HSMs, they are not the same and do not provide identical benefits. Like TPMs, HSMs also make physical manipulation obvious, but they tend to provide higher levels of protection than TPMs and TEEs.
Some argue that HSMs no longer need to rely on physical tamper protection and proprietary hardware architectures. Instead, they can exploit the security properties of TEEs to create a “soft HSM” or virtual hardware security module. For example, Google’s Cloud HSM is billed as a cloud hardware security module, an all-virtual service version of the HSM.
These solutions certainly simplify scaling using cloud-native technologies. However, an even higher level of security can be achieved by deploying an HSM using those same cloud-native technologies to improve performance and reduce hardware-related operational challenges.
- TEEs offer an integrated overall processing environment. They are part of a chipset.
- TPMs provide limited processing capabilities, measurement of the boot sequence and other components, and a trusted physical source. They are a low-cost integrated component.
- HSMs are the most secure environment for processing sensitive data, managing or storing secret keys, and cryptographic operations. They are usually more expensive external devices, although cloud technologies can help make them less expensive and more scalable.
Benefits and Features of Hardware
Modules The main benefits of hardware security modules are: physical access protection, secure management of key material, secure key generation, and secure execution environment
There is no way to fully protect conventional IT systems from external attacks. In contrast, HSMs feature a range of protection mechanisms designed to deter external attack and any physical tampering. These typically include: voltage and temperature sensors, resin-embedded chips, and perforation protection foil.
For example, if an attacker attempts to open an HSM device, either by breaking the enclosure or by using acid or freezing the enclosure to erode the layers, the sensors immediately record the attack, trigger an alarm, and initiate any specified countermeasures set in the configuration, such as key deletion.
Keys are only useful when they are random and well protected, or when attackers easily guess them. In conventional IT systems, there are limited means of generating secure keys, because they rely on traditional commands that process if-then situations. Unfortunately, knowing the “if” or input data for any given command can allow a skilled attacker to predict the “then” or output data.
HSMs solve this problem by generating truly random keys. They do this by recording data from random physical processes in the vicinity, such as atmospheric noise or atomic decay processes, to produce unpredictable values to use as the basis for random keys.
Importantly, a hardware security module generates, stores, and uses these keys to execute signatures, ciphers, and other cryptographic operations, and all of these security-critical processes take place within the secure environment of the HSM.
Since the keys for cryptographic operations never escape the HSM, the environment provides maximum protection against logical attacks: it is virtually impossible to steal them. Some hardware security modules also protect users from Trojans and insider attacks by providing a secure execution environment for user applications. On these systems, the entire application is programmed and executed within the HSM sandbox.
Best practices for using HSMs
The following are the most important benefits and features of hardware security modules to consider:
FIPS 140-1 or 140-2 compliance and validation. The Federal Information Processing Standard (FIPS) defines four levels for validating HSMs. Validation means that an HSM has passed a reasonable baseline of security testing performed at FIPS-accredited testing facilities by qualified professionals. This goes far beyond mere FIPS 140 compliance.
Proprietary versus open algorithms. Avoid secret proprietary algorithms unless they are additional to options that are open and widely accepted but secure. (If the HSM uses both, make sure it is configured correctly so that it does not use proprietary algorithms.) Look for DSA- or RSA-based cryptographic algorithms for digital signatures. For hashing, MD5 or SHA-1 are good alternatives. 3-DES is a good choice for encryption.
Strong random number generation. Any HSM must be capable of strong random number generation (RNG) or pseudorandom number generation to support key generation and other cryptographic functions.
scalability. The hardware security module architecture must support load balancing and clustering so that it can scale with the growing network architecture.
A safe source of time. Secure non-repudiation and auditing require a secure date and time source for logged messages. An easily hacked server-based time source is among the few common hardware security module vulnerabilities. Only an authenticated administrator should be allowed to change the time on an HSM, which should also securely log the event.
Ease of use. A standardized developer interface and a secure and simple user interface make the HSM easier to use and help avoid costly mistakes.
Well-documented device installation. Clearly document all installation and maintenance events, including battery replacements, known hardware conflicts, machine compatibility issues, and physical switches on the device.
Key backup. Secure key backup is critical for any HSM used to verify or encrypt data in a database or within a certificate authority. Optimally, back up keys to multiple smart cards and store them separately.
Key protection. A hardware security module must protect keys by encrypting those that are exported beyond their physical limit.
Resistance to manipulation. The HSM must remove all sensitive data or “reset to zero” if it detects any abnormal electrical activity, physical penetration, unusual temperature, or other signs of tampering. This prevents a successful attacker from retrieving secret keys once they have gained physical access.
Of course, there are several disadvantages of hardware security modules, mainly the surrounding cost, depending on the levels of security and functionality that the facts demand. Some HSMs are also difficult to deploy and upgrade. However, leveraging cloud-native technologies and their inherent scalability can help with each of these issues.
Does Avi offer hardware security module solutions?
The right hardware security module ensures your business meets compliance requirements with solutions for blockchain, bulk key generation, certificate signing, code or document signing, data encryption, digital signatures, DNSSEC, GDPR, hardware key storage, paper-to-digital initiatives, IoT, PCI DSS, transactional acceleration, and more.
Avi supports the integration of networked hardware security module (HSM) products, including Thales nShield and SafeNet Network HSM. Learn more about HSM integration with Avi here.
For more information about the actual implementation of load balancing, security applications, and web application firewalls, see our application delivery how-to videos.