The Importance of Hardware Security Module (HSM)

In the context of cybersecurity, a hadware security module (HSM) is a hardware device that is used as a dedicated storage for cryptographic keys and a dedicated execution environment for cryptographic operations.

What is an HSM?

These hardware devices as a dedicated storage for cryptographic keys and a dedicated execution environment for cryptographic operations and should be stored in a secure facility and mounted in a dedicated rack. The typical examples of HSM devices are a network-based HSM appliance, PCI HSM, cryptocurrency wallet, TEE (Trusted Execution Environment), TPM (Trusted Platform Module) and a smartcard and while not all of these devices provide the same level of assurance, meet the same regulatory/compliance requirements and provide the same security properties, they all share the same defining characteristics of an HSM,

  1. Dedicated secure storage for cryptographic keys
  2. Dedicated execution environment for cryptographic operations.

Why and where is an HSM used?

Although the more cautious approach to applied cryptography is open-source and reviewed by many as opposed to closed-source and proprietary, in the contemporary technical literature (as of May 2022) the HSMs are defined as,

  1. The most secure way to store a cryptographic key
  2. Root of trust

The term root of trust means that the HSM appliance as a product provides the highest possible level of assurance, in other words the HSM guarantees that either what you put inside the HSM or what you execute inside the HSM will remain secure or in case of tampering, it will either provide a detailed audit log of the attempt (tamper-evident) or it will destroy the cryptographic keys stored inside the HSM before they could be misused/exfiltrated instead of disclosing them (tamper-resistant).

The HSM also contributes to several security architecture & cryptography principles, either directly or indirectly:

  • Secure by default
  • Fail securely
  • Defense in depth
  • Least privilege
  • Separation of duties
  • Secure data sanitization
  • Isolation
  • Kerckhoff’s principle

The HSM is also capable of protecting sensitive data in all three states,

  • Data-in-transit (predominantly TLS)
  • Data-at-rest (predominantly storage encryption)
  • Data-in-use (predominantly TEE; either within CPU as an physical enclave or as a separate TEE appliance)

As a few examples, you will find HSM integrated into the following cybersecurity solutions,

  • Digital signing solutions e.g. document signing (PDF, XML), signing SAML assertions
  • Card issuance systems e.g. issuing digital certificates that are enrolled onto smartcards
  • DNSSEC, DNS over TLS
  • PKI (Public Key Infrastructure) e.g. either as a separate HSM appliance that integrates with the CA (Certification Authority) or as a PKI platform where the CA software and the HSM constitute a single physical appliance
  • CKM (Cryptographic Key Management) or EKM (Enterprise Key Management)
  • MPC (Multi-Party Computation)
  • DLT (Distributed Ledger Technology)
  • Cloud e.g. HSM as a Service or CKM as a Service

The risks associated with an HSM

There are several major risks associated when using HSMs,

  1. API security — the standard API for accessing HSM is PKCS#11 and as anything man-made it has potential vulnerabilities whose impact can be further increased by improper policy settings and/or attributes of the objects inside the HSM
  2. Performance — degraded performance is always a negative side-effect of encryption in any form, sending data to the HSM, getting the right key, performing a cryptographic operation, sending data back to the application takes its toll in the form of increased latency, more power consumption, more CPU cycles
  3. Single point of failure — storing all cryptographic keys in one location represents a risk to availability of the data encrypted by those keys
  4. Increased cost — HSM appliances are expensive devices and the cost of the hardware, the support, the upgrades, the training of the OPS personnel that operate the HSM devices are all reflected in both CAPEX and OPEX expenditures

The above risks have to be analyzed during a risk assessment and the benefits of the HSMs need to be weighed against the costs that they incur.

The HSM good practices

The following list is not an exhaustive list of good practices when integrating or operating HSMs, but merely a list of the more critical practices to take to heart,

  1. Configure a secure source of time and a correct timezone.
  2. Configure audit logging BEFORE initializing the HSM and not after.
  3. Maintain an up-to-date inventory of HSM configuration and partition policy for each HSM integration within your organization.
  4. Review each HSM configuration setting with the HSM vendor until you have a clear understanding of what each HSM setting does.
  5. When performing any activity with the HSM, read every prompt 2–3 times before typing ‘yes’ or pressing a button.
  6. When performing any HSM activity that requires a user-supplied password, make sure you know exactly what you have in your clipboard.
  7. When making any changes to HSM, make sure that all accountable stakeholders understand the impact of the change (Remember: Not everyone is a cryptography expert) and get their approval in writing.
  8. Perform periodical and automated review of the HSM configuration.
  9. The HSM backups must be stored as securely or more securely than the HSM appliances and tested regularly.
  10. The HSM testing environment has to be the exact replica of the producation HSM environment i.e. firmware, software, high-availability.
  11. Conduct HSM testing with synthetic/non-production data.
  12. Do not use MofN (secret sharing) unless you can guarantee geographic, legislative or at the very least logical separation of the individual holders of the key’s shares.
  13. Keep in mind that the value of a cryptographic key stored inside the HSM is the total value of all the assets the cryptographic key protects.

The future of HSM

There are currently several areas of interest in the area of applied cryptography where the HSM will continue to play a critical role.

  1. Confidential computing
  2. Blockchain
  3. Multi-Party Computation (privacy preserving encryption between disparate parties)
  4. Homomorphic encryption (privacy preserving encryption)
  5. Post-Quantum Cryptography (PQC)

There are currently a lot of unknowns surrounding some of these areas or practical issues and only time and a continuous research will tell the outcome. The biggest concern to the current applied cryptography (e.g. PKI, document signing, TLS, storage encryption) is the PQC (Post-Quantum Cryptography).


Source: The importance of HSM (Hardware Security Module): Before and after PQC. | by pkiluke | May, 2022 | Medium


CREAplus Supported DragonHack 2022 Hackathon

DragonHackCREAplus is already the second time in a row supporter and sponsor of DragonHack, Slovenian student hackathon. 

Read more ...

CREAplus Successfully Delivered Event "Security on autopilot"

Security on autopilot26 participants attended our event "Security on autopilot" on 12 May 2022!

Read more ...

Technical Training on Hardware Security Module (HSM)

Security on autopilotCREAplus, authorized Utimaco training partner, is going to deliver an online hands-on technical training on general purpose hardware security module (HSM), on 8 - 9 September 2022.

Read more ...

CREAplus Successfully Delivered Two Trainings on HSM

Security on autopilotCREAplus successfully delivered two online hands-on technical trainings on Utimaco hardware security module (HSM) for a large multinational corporation in April 2022.

Read more ...

Event: Security on autopilot

Security on autopilotFinally, a physical event again! Join our event "Security on autopilot" on Thursday, 12 May 2022, in Ljubjana, Slovenia.

Read more ...