Hardware security module

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Electronic Fund Transfer HSM for Payment Systems
Modern hardware security module with cryptographic acceleration

A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.


HSMs may possess controls that provide tamper evidence such as logging and alerting and tamper resistance such as deleting keys upon tamper detection.[citation needed] Each module contains one or more secure cryptoprocessor chips to prevent tampering and bus probing.

Many HSM systems have means to securely backup the keys they handle either in a wrapped form via the computer's operating system or externally using a smartcard or some other security token.[citation needed]

Because HSMs are often part of a mission-critical infrastructure such as a public key infrastructure or online banking application, HSMs can typically be clustered for high availability. Some HSMs feature dual power supplies and field replaceable components such as cooling fans to conform to the high-availability requirements of data center environments and to enable business continuity.

A few of the HSMs available in the market have the ability to execute specially developed execution modules within the HSM's secure enclosure. Such ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The execution modules can be developed in native C language, in .NET, Java or other programming languages. While providing the benefit of securing application-specific code, these execution engines protect the status of an HSM's FIPS or Common Criteria validation.


A hardware security module can be employed in any application that uses digital keys. Typically the keys must be of high-value - meaning there would be a significant, negative impact to the owner of the key if it were compromised.

The functions of an HSM are:[citation needed]

  • onboard secure cryptographic key generation
  • onboard secure cryptographic key storage and management
  • use of cryptographic and sensitive data material
  • offloading application servers for complete asymmetric and symmetric cryptography.

HSM are also deployed to manage Transparent Data Encryption keys for databases.

HSMs provide both logical and physical protection of these materials, including cryptographic keys, from non-authorized use and potential adversaries.[citation needed]

The cryptographic material handled by most HSMs are asymmetric key pairs (and certificates) used in public-key cryptography. Some HSMs can also handle symmetric keys and other arbitrary data.[citation needed]

Some HSM systems are also hardware cryptographic accelerators. They usually cannot beat the performance of hardware-only solutions for symmetric key operations. However, with performances ranges from 1 to 7,000 1024-bit RSA signs/second, HSMs can provide significant CPU offload for asymmetric key operations. Since NIST is recommending the use of 2,048 bit RSA keys from year 2010,[1] performance at longer key sizes is becoming increasingly important. To address this issue, some HSMs now support elliptic curve cryptography (ECC), which delivers stronger encryption with shorter key lengths.

PKI environment (CA HSMs)[edit]

SafeNet Luna SA

On the PKI environment, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle key pairs. In this scenario, there are some fundamental features a device must have, namely:

  • Logical and physical high level protection
  • Multi-part user authorization schema (see Blakley-Shamir secret sharing)
  • Full audit and log traces
  • Secure key backup

In the PKI environment, the device performance is much less important in both online and offline operations as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

Card payment system HSMs (bank HSMs)[edit]

Electronic Fund Transfer HSM

Limited-feature HSMs are used in card processing systems. These systems are usually less complex than CA HSMs and normally do not feature a standard API. These devices can be grouped in two main classes:

OEM or integrated modules for automated teller machines and point of sale terminals:

Authorisation and personalisation modules may be used to:

  • check an on-line PIN by comparing with an encrypted PIN block
  • in conjunction with an ATM controller, verify credit/debit card transactions by checking card security codes or by performing host processing component of an EMV based transaction
  • support a crypto-API with a smart card (such as an EMV)
  • re-encrypt a PIN block to send it to another authorisation host
  • support a protocol of POS ATM network management
  • support de facto standards of host-host key|data exchange API
  • generate and print a "PIN mailer"
  • generate data for a magnetic stripe card (PVV, CVV)
  • generate a card keyset and support the personalisation process for smart cards

The major organization that produces and maintains standards for HSMs on banking market is the Payment Card Industry Security Standards Council.

SSL connection establishment[edit]

Performance critical applications that have to use HTTPS (SSL/TLS), can benefit from the use of an SSL Acceleration HSM by moving the generation of the session key, which typically requires several large integer multiplications, from the host CPU to the HSM device. Typical[citation needed] HSM devices can perform about 50 to 1,000 1024-bit RSA operations/second. Some performance at longer key sizes is becoming increasingly important. To address this issue, some HSMs [2] now support elliptic curve cryptography. Specialized HSM devices can reach numbers as high as +7,000 operations per second.


An increasing number of registries use HSMs to store the key material that is used to sign large zonefiles. An open source tool for managing signing of DNS zone files using HSM is OpenDNSSEC.

See also[edit]

Notes and references[edit]

External links[edit]