Hardware Security Module
Fortunately, peace of mind can be restored by finding the keys (and verify that nobody has used them) or by replacing the locks.
But what happens if you lose your cryptographic keys? The situation is more or less the same as with the physical keys. Your cryptographic key gives access to your critical confidential data – both to read the data and to modify it. Anyone with access to your cryptographic keys has free access to your data. … and everything that your data is linked to, corporate password database, bank accounts, building control, locks, alarms etc.
The major difference between physical keys and cryptographic keys is that, being digital, cryptographic keys are easy to copy and difficult to contain. How many copies of the keys exist and where are they located? How and where are the keys created? Are the keys exposed to systems that could be infected by malware? Who has access to the keys? … and could anybody have made unauthorized copies?
On top of that, there are so many cryptographic keys to keep track of. You may ‘only’ use a password or two-factor authentication to access the IT systems. But under the hood cryptographic keys are abundant. All applications that provide secure communication use cryptographic keys. Examples of such are HTTPS, encrypted VPN, enterprise applications etc. Where these keys are actually stored is typically hidden for the casual user for convenience – making it even harder to protect them.
Want to know more? Subscribe to our newsletter
Hardware Security Module to the rescue!
A Hardware Security Module (HSM) holds the cryptographic key in a well-defined space within a physical hardware device and enforces that the key cannot be copied nor leave the device. Well known examples of widely use HSMs are smart cards used for credit cards and SIM cards. The Smart Card is designed such that it holds your key, and newer let’s go of your key, so it cannot be copied.
How does it work?
A Hardware Security Module contains at least:
- A secret or private key
- A cryptographic engine
- Protection against extraction of the key
As the HSM contains both the key and the cryptographic engine, the sensitive secret key never needs to leave the confinement of the HSM. Only the data that need to en- or decrypted passes in and out of the HSM.
As the secret key never leaves the HSM, it by design cannot be accessed remotely.
But what if the attacker gains physical access to the HSM?
Obviously, there is at least a theoretical possibility of extracting the secret key from the HSM. HSMs comes in different security grades from very basic to be used under the assuming that the HSM itself is protected from physical access to increasingly more advanced protection levels. FIPS 140-2 defines 4 classes:
Level 1: No specific physical security mechanisms
Level 2: Tamper-evident coatings or seals that must be broken
Level 3: Strong enclosures and tamper-detection/response circuitry
Level 4: Penetration of the cryptographic module enclosure from any direction has a very high probability of being detected. Protection features designed to detect fluctuations outside of the module’s normal operating ranges for voltage and temperature.
Hardware Security Module in Zybersafe TrafficCloak
Zybersafe TrafficCloak is designed as a Hardware Security Module complying to FIPS 140-2 Level 3. For additional security secret keys are generated within the HSM at the customer site after the devices is sealed at production. This, by design, eliminates any possibility that the keys are copied either during injection in the HSM or prior to the HSM being sealed off for full life circle protection of the secret keys.