Appropriate management of cryptographic keys is essential for the application of cryptography. This is often aided by the use of a hardware security module (HSM), a dedicated hardware machine with an embedded processor that offers cryptographic services to users, applications, and computers in a network, and which explicitly protects cryptographic keys at every phase of their life cycle.
This article discusses the security requirements for the protection of the key life cycle and how HSMs cater for these requirements, and highlights the importance of an overarching key management system.
HSM Security Assurance
Given the important role that HSMs play, it is critical that some assurance of their security is provided. FIPS 140-2 is an internationally-recognised security standard for the endorsement of cryptographic modules such as HSMs and smart cards. It defines four levels of security, from “Level 1” to “Level 4”. The requirement/description of each security level is as follows:
a. Level 1: This is the most basic security level which requires the inclusion of only one approved algorithm or security function, but does not require physical protection of the HSM.
b. Level 2: Demands the incorporation of tamper-evidence and role-based authentication in the HSM.
c. Level 3: Requires tamper resistance along with tamper evidence and identity-based authentication.
d. Level 4: The most secure level involves recognition and mitigation of assaults regarding physical security and environmental conditions ensuring the comprehensive security of the HSM even when operating in a physically unprotected environment.
FIPS validation is not a benchmark for product perfection and efficiency. It simply means that some rational standard security examinations were carried out on the HSM by technical professionals at FIPS qualified testing laboratories. Almost all current HSM vendors provide FIPS 140-2 validation of their products to address client’s security requirements.
Effective Key Security using HSMs
A crypto key passes through a lot of phases in its life such as generation, secure storage, secure distribution, backup, and destruction - known as the key life cycle. Key management plays a vital role in ensuring the security mechanisms of cryptographic protocols/applications. With the increase in deployment and evolution of cryptographic mechanisms implemented in information systems, key management consistently emerges as the main challenge. The security aspects of key management are ensured and enhanced by the use of HSMs, for example:
a) Protection of the Key: All phases of a key life cycle, starting from generation and up to destruction are protected and secured by the HSM. The private keys and other sensitive cryptographic material never leave the HSM (unless encrypted) and can only be used in accordance with specific access control mechanisms. In contrast, software stored/managed keys (stored in applications and OS) are vulnerable to unauthorized access by malware.
b) Secure Key Generation: HSMs incorporate TRNGs (True Random Number Generators) which generate real-time random numbers based on physical entropy sources such as thermal, avalanche and atmospheric noises. These random numbers are used as seeds for the secure generation of unique cryptographic keys. The strength of keys is mainly dependent on these random numbers. If the random number generator is predictable or weak then the whole key generation mechanism is cryptographically weak. Keys generated in software are inherently weaker than those generated with a hardware based TRNG.
c) Secure Backup: HSMs have to be deployed keeping business continuity and disaster recovery in mind. The overall architecture should also include at least one backup (secondary) HSM in addition to the primary HSM.
d) Tamper Proofing: HSMs follow strict design requirements to meet the FIPS 140-2 standard. The most important asset for an HSM is the crypto key. The keys always reside in the HSM and can never be exported. In case of a detected physical or logical attack, a Level 3 or Level 4 HSM can zeroize or erase all its keys so that they don’t fall into the wrong hands. Similarly, key erasure in case of key compromise is also done securely by HSMs.
e) Enhanced Speed of Crypto Operations: Cryptographic operations are sometimes time-consuming and can slow down applications. HSMs have dedicated and powerful crypto processors which can simultaneously carry out thousands of crypto operations. HSMs can be effectively used to offload cryptographic operations from application servers.
f) Full Audit and Log Traces: HSMs maintain a log/record of all key operations according to the date and time at which the operation was carried out. This is crucial for demonstrating compliance to various regulations.
Regardless of how effective HSMs are at protecting keys, once you have multiple HSMs used by different applications, the management of keys can quickly become a complex and fragmented process. Lack of clear ownership can result in divergence of operating procedures, duplication of work and problems with auditing and compliance. Unchecked, these problems grow over time and become increasingly expensive and difficult to manage.
The solution is an enterprise key management system that provides centralized visibility and control over all keys within the organization. Such a system can also generate, manage and distribute keys securely to applications that aren’t using HSMs. The benefits include reduced cost, reduced risk and easier proof of compliance.
This article has highlighted how HSMs enable the effective protection of cryptographic keys throughout their life cycle, adding significant security benefits to applications that employ cryptography. However, it is common for keys and HSMs to proliferate across an organization, resulting in the need for an overarching key management system to ensure that the right key is always available in the right place at the right time.
References and Further Reading
- Selected articles on Key Management (2012-today), by Ashiq JA, Guillaume Forget, James H. Reinholm, Matt Landrock, Peter Landrock, Steve Marshall, Torben Pedersen, and more
- Selected articles on HSMs (2012-today), by Asim Mehmood, Guillaume Forget, Matt Landrock, Peter Landrock, Rob Stubbs, Steve Marshall, Torben Pedersen, and more
- FIPS PUB 140-2 - SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES (2002), National Institute of Standards and Technology