The importance of HSM (Hardware Security Module): Before and after PQC.

What is HSM?

In the context of cybersecurity, the HSM is a hardware device that is used as a dedicated
storage for cryptographic keys and a dedicated execution environment for cryptographic
operations. These hardware devices should then be stored in a secure facility and mounted in a
dedicated rack. The typical examples of HSM devices and HSM-like devices are a network-
based HSM appliance, PCI HSM, cryptocurrency wallet, TEE (Trusted Execution
Environment), TPM (Trusted Platform Module) and a smartcard and while not all of these
devices provide the same level of assurance, meet the same regulatory/compliance
requirements and provide the same security properties, they all share the same defining
characteristics of an HSM,
 Dedicated secure storage for cryptographic keys

 Dedicated execution environment for cryptographic operations.

Why and where is HSM used?

Although the more cautious approach to applied cryptography is open-source and reviewed by
many as opposed to closed-source and proprietary, in the contemporary technical literature (as
of May 2022) the HSMs are defined as,

 The most secure way to store a cryptographic key

 Root of trust

The term root of trust means that the HSM appliance as a product provides the highest
possible level of assurance, in other words the HSM guarantees that either what you put inside
the HSM or what you execute inside the HSM will remain secure or in case of tampering, it
will either provide a detailed audit log of the attempt (tamper-evident) or it will destroy the
cryptographic keys stored inside the HSM before they could be misused/exfiltrated instead of
disclosing them (tamper-resistant).

The HSM also contributes to several security architecture & cryptography principles, either
directly or indirectly,
 Secure by default
 Fail securely
 Defense in depth
 Least privilege
 Separation of duties
 Secure data sanitization
 Isolation
 Kerckhoff’s principle

The HSM is also capable of protecting sensitive data in all three states,
 Data-in-transit (predominantly TLS)
 Data-at-rest (predominantly storage encryption)
 Data-in-use (predominantly TEE; either within CPU as a physical enclave or as a separate
TEE appliance)

As a few examples, you will find HSM integrated into the following cybersecurity solutions,
 Digital signing solutions e.g. document signing (PDF, XML), signing SAML assertions
 Card issuance systems e.g. issuing digital certificates that are enrolled onto smartcards
 DNSSEC, DNS over TLS
 PKI (Public Key Infrastructure) e.g. either as a separate HSM appliance that integrates
with the CA (Certification Authority) or as a PKI platform where the CA software and the
HSM constitute a single physical appliance
 CKM (Cryptographic Key Management) also called EKM (Enterprise Key Management)
 MPC (Multi-Party Computation)
 DLT (Distributed Ledger Technology)
 Cloud e.g. HSM as a Service, CKM as a Service

The risks associated with HSM

There are several major risks associated when using HSMs,

1. API security —the standard API for accessing HSM is PKCS#11 and as anything man-
made it has potential vulnerabilities whose impact can be further increased by improper
policy settings and/or attributes of the objects inside the HSM
2. Performance — degraded performance is always a negative side-effect of encryption in
any form, sending data to the HSM, getting the right key, performing a cryptographic
operation, sending data back to the application takes its toll in the form of increased
latency, more power consumption, more CPU cycles
3. Single point of failure — storing all cryptographic keys in one location represents a risk to
availability of the data encrypted by those keys
4. Increased cost — HSM appliances are expensive devices and the cost of the hardware, the
support, the upgrades, the training of the OPS personnel that operate the HSM devices are
all reflected in both CAPEX and OPEX expenditures

The above risks have to be analyzed during a risk assessment and the benefits of the HSMs
need to be weighed against the costs that they incur.

The HSM good practices

The following list is not an exhaustive list of good practices when integrating or operating
HSMs, but merely a list of the more critical practices to take to heart,

1. Configure a secure source of time and a correct timezone.

2. Configure audit logging BEFORE initializing the HSM and not after.
3. Maintain an up-to-date inventory of HSM configuration and partition policy for each
HSM integration within your organization.

4. Review each HSM configuration setting with the HSM vendor until you have a clear
understanding of what each HSM setting does.

5. When performing any activity with the HSM, read every prompt 2–3 times before typing
‘yes’ or pressing a button.

6. When performing any HSM activity that requires a user-supplied password, make sure
you know exactly what you have in your clipboard.

7. When making any changes to HSM, make sure that all accountable stakeholders
understand the impact of the change (Remember: Not everyone is a cryptography expert)
and get their approval in writing.

8. Perform periodical and automated review of the HSM configuration.

9. The HSM backups must be stored as securely or more securely than the HSM appliances
and tested regularly.

10. The HSM testing environment has to be the exact replica of the producation HSM
environment i.e. firmware, software, high-availability.

11. Conduct HSM testing with synthetic/non-production data.

12. Do not use MofN (secret sharing) unless you can guarantee geographic, legislative or at
the very least logical separation of the individual holders of the key’s shares.

13. Keep in mind that the value of a cryptographic key stored inside the HSM is the total
value of all the assets the cryptographic key protects.

The future of HSM

There are currently several areas of interest in the area of applied cryptography where the HSM
will continue to play a critical role.

1. Confidential computing

2. Blockchain

3. Multi-Party Computation (privacy preserving encryption between disparate parties)

4. Homomorphic encryption (privacy preserving encryption)

5. Post-Quantum Cryptography (PQC)

There are currently a lot of unknowns surrounding some of these areas or practical issues and
only time and a continuous research will tell the outcome. The biggest concern to the current
applied cryptography (e.g. PKI, document signing, TLS, storage encryption) is the PQC (Post-
Quantum Cryptography).

Mot de passé DIG Compus

Dp5s6C5ubTH!puG
The benefits of HSM (Hardware Security Module) and other details
In my previous article,
https://medium.com/@pkiluke/the-importance-of-hsm-hardware-security-module-
937130f873d9
I have described a very general introduction to HSM, outlined the risks associated with HSM,
defined the existing HSM and HSM-like devices and described a few good practices when
integrating and operating HSM.
In this article I would like to describe the benefits the HSMs bring and explain the difference
between GP and payment HSMs.
In the following article I differentiate between,
 Service organization — these organizations buy HSM and integrate them into their
cybersecurity infrastructure to enable and protect their business
 Vendor organization-these organizations manufacture HSM and sell them
What are the benefits of HSM?
It is important to remember that the core responsibility of HSM is to protect cryptographic
keys and not the application data. The protection of the application data is merely a
consequence of applying encryption key to an encryption algorithm within the boundary of
the HSM (inside the HSM).
The benefits that I discuss here focus on service organizations that are deploying HSM on
premise as opposed to cloud services such as HSM as a Service.
There are several benefits to using HSM, some benefits are more technical and some are less
technical. It is important to choose the right argument when talking to different stakeholders.
Sovereignty means that the organization that controls the physical access to the complete
HSM infrastructure has absolute control over the cryptographic keys stored therein and
therefore absolute control over the confidentiality of the data protected by those keys. There
are no SLAs or dependencies on any third parties.
Compliance means that the HSMs are manufactured and validated according to globally
accepted standards such as ISO, ANSI, FIPS 140–2, CC, PCI, HIPAA, GDPR and others.
Keep in mind there are different names for HSM in different contexts, for example SCD
(Secure Cryptographic Device) under PCI and QSCD (Qualified Signature Creation Device),
SSCD (Secure Signature Creation Device) under eIDAS. Just because the word HSM does
not appear in the list of initial project requirements, does not mean you are not required
to have it.
Isolation & separation means that the cryptographic keys and the cryptographic operations
are physically separated from the rest of the organization’s infrastructure (server
infrastructure, virtualization infrastructure) and furthermore, the cryptographic keys can be
logically isolated from each other (per application, per tenant) within the HSM. This isolation
& separation also applies to the organizational hierarchy, which means that by using HSM,
you can separate the responsibilities and the burden of risk (to those accountable) between
disparate teams.
Performance means that the HSM is optimized for the execution of computationally
intensive cryptographic operations (symmetric, asymmetric; depending on the HSM
type). Keep in mind that integrating HSM into the infrastructure degrades performance
no matter how fast the encryption or decryption is.
Attack surface reduction means that HSM is manufactured and developed with the aim to
protect the lifecycle of cryptographic keys and to reduce the exploitable methods of access to
those cryptographic keys, nothing more and nothing less. It might seem counter-intuitive that
buying extra hardware reduces overall attack surface, but because the data confidentiality of
petabytes of sensitive data relies on a handful of cryptographic keys and because general-
purpose computers are not made to enforce secure lifecycle of cryptographic keys, it does
provide a significant improvment to the overall security to the organization.
Tamper-resistant means that HSM is manufactured to detect the attempts to cause disclosure
of sensitive data (data breach) and to resist it (tamper-resistant) by protecting the
confidentiality at the expense of availability. In other words, the HSM will delete the
cryptographic keys inside the HSM when it detects an attempt at data breach.
Audit trail means that HSM keeps a detailed and secure log of any activity performed with
the HSM. In the real world that means that when the service organizational comes under the
scrutiny of audit or legal proceeding accompanying a data breach investigation, the
accountable stakeholders have a proof of due care and due dilligence.
What is the difference between GP HSM and payment HSM?
In the real world, there are many HSM models and criteria how to categorize them,
 By server connectivity — network-based, PCI and USB
 By performance — vendor-specific
 By programmability — some HSMs allow the service organization to upload and
execute their own code or firmware while some HSMs don’t
 By authentication method — password and multi-factor (typically USB tokens or
smartcards)
 By usage — GP HSM (general purpose) and payment HSM
The general purpose HSM are,
 Optimized for asymmetric cryptography
 Do not compact multi-key operations
 Dual control is not enforced (optional)
 Cryptographic commands are more straightforward — encrypt, decrypt, sign, verify
 Unencrypted sensitive data can be returned to the application
The payment HSM (also called transaction HSM) are,
 Optimized for symmetric cryptography
  Compact multi-key operations
 Cryptographic commands are more complex and strict as mandated by the payment
industry standards — decrypt and re-encrypt inside HSM in one operation
 Dual control is enforced (mandatory)
 Unencrypted sensitive data is not allowed to be returned to the application
 Understands input and output format (format-preserving encryption)
To explain the difference between general purpose HSM and a payment HSM, here is a
simple example of how symmetric cryptography with multiple keys works.
Scenario: You go shopping after work to your local supermarket and you pay by swiping
your card and entering a PIN.
Now, payment transactions consist of many participants end-to-end (shopper, merchant,
payment providers, card providers, banks etc…) and they depend on symmetric cryptography
to secure the transaction. Because there are many participants and because the payment
industry is regulated so that not only the cryptographic keys but also the payment data are
protected (PIN, CID and others), specific HSM are manufactured to ensure compliance with
these regulations.
In the example below, participant 1 = local supermarket, participant 2 = payment provider
(Apple Pay, Paypal), participant n (other participants — banks, Visa/Mastercard/AmEx,
etc…)
 participant n shares a symmetric key with participant n+1

Multi-key cryptographic operation in general purpose HSM

Therefore, starting with the participant 2, there are always 2 different symmetric keys, one
key is used to decrypt the data received from the previous participant in the payment
trasaction chain and the other key is used to encrypt data sent to the next participant in the
payment chain.
With a general purpose HSM, this multi-key (2 key) operation would expose unencrypted
data to the participant who holds the two keys, because the general purpose HSM use very
straightforward cryptographic operations
  decrypt data in the HSM using red key
 send me back the unenrypted data (application sees the unencrypted payment data
=BAD THING)
 encrypt data in the HSM using blue key
 send me back the encrypted data
The payment HSM uses more compact and stricter cryptographic operations and concerns
itself not only with the security of the cryptographic keys but also the payment data.
 decrypt data using red key, re-encrypt it with the blue key, do it all in the HSM and
then send me the encrypted result

Multi-key cryptographic operation in payment HSM

Because the payment HSM is capable of format-preserving encryption, the intermediary
participant (payment service provider, bank) can use these intermediary values in tokenization
and other solutions without disclosing any sensitive data.