In this article we will explore some of the reasons why HSMs can be difficult to use and look at a novel solution that helps to overcome these problems.
HSMs – The Last 20 Years
Hardware security modules (HSMs) started to appear in the latter half of the 1990’s, taking advantage of the new FIPS 140-1 “Security Requirements for Cryptographic Modules” standard published by NIST in 1994. They have changed relatively little over the last two decades, with the market being dominated by a handful of vendors.
HSMs offer a number of capabilities that make them very attractive to use in cryptographic applications, including:
- a certified random number generator for generating high-quality cryptographic keys
- high-performance cryptographic processing for high cryptographic throughput
- tamper resistance to protect keys and other sensitive data from physical attack
- internationally-recognized certification programs to meet mandatory compliance requirements
The Inherent Challenges in Using HSMs
However, the need for complex hardware, the expensive FIPS certification process and the limited amount of competition have resulted in HSMs being widely regarded as just as problematic to use now as they were 20 years ago. Challenges include:
- using multiple HSMs for scaling and resilience – this can be hard to achieve and typically requires vendor-specific tools
- complex application programming interface (API) – HSMs typically offer PKCS#11, which was developed alongside HSMs in the 1990s and has also changed little since then
- fixed functionality – being hardware devices, adding new functionality (such as new cryptographic algorithms) requires firmware upgrades if not completely new hardware
Because of this inflexibility, HSMs are often dedicated to specific applications, with different applications often using different makes or models of HSM. As a result, organizations can find themselves with dozens if not hundreds of HSMs being managed by different teams in different ways – a very expensive situation.
What if there was another way? A way for applications to share a small pool of HSMs, with simple scaling and resilience, a simple, high-level programming API and the ability to manage it all centrally?
Introducing CSG
Cryptomathic’s Crypto Service Gateway (CSG) is that solution! CSG is a scalable software solution that supports a wide range of general-purpose and payment HSMs from all the major vendors. The key benefits CSG provides are:
- efficiency – a small number of HSMs can be shared between many applications whilst solving the challenge of scalability and resilience; furthermore, the HSMs can be centrally managed and monitored by a single operations team
- faster development – a high-level API reduces the burden on developers, allowing applications to be delivered more quickly and with less risk
- centralized control of key usage and cryptographic policy – rather than leaving the complexity of managing the usage of keys and cryptographic policy to application developers, CSG enables these to be defined and managed centrally by crypto experts and recorded in a single audit log
Furthermore, Cryptomathic can add custom functionality (such as new algorithms) into HSMs according to customer needs and make that available via CSG.
Summary
HSMs have changed little over the last 20 years and are seen as being difficult and expensive to use. However, CSG solves these problems and enables organizations to roll-out an “HSM-as-a-Service” capability. As well as providing hardware and resource efficiency gains, CSG makes life easier for developers, operators, managers and auditors alike.
References
- Selected Articles on the Crypto Service Gateway (2013-today), by Ashig JA, Asim Mehmood, Rob Stubbs, Steve Marshall, and more
- Selected articles on HSMs (2013-today), by Ashiq JA, Peter Landrock, Peter Smirnoff, Rob Stubbs, Steve Marshall, Torben Pedersen and more
- Turning Cryptography into a Service Part 1 – Increasing Efficiency & Resilience (2018), Rob Stubbs