Cryptography Reference
In-Depth Information
Voltage or current detectors
. Sensors that can detect variations in voltage or
current outside the normal operating range. Such anomalies may be indication
of an attack.
Security chips
. Special secure microprocessors that can be used for cryptographic
processing within an HSM. Even if an attacker has penetrated all the other
defences of an HSM, the keys may still remain protected inside the security
chip.
Different HSMs may use different combinations of these techniques to build up a
layered defence against attacks. An HSM is also typically backed up by a battery,
so that it cannot be attacked simply by switching off the power supply.
KEY STORAGE ON AN HSM
There is at least one key, often referred to as a
local master key
(LMK), that resides
inside the HSM at all times. Some HSMs may store many LMKs, each having its
own specific use. Any other keys that need to be stored can either be:
1. stored inside the HSM;
2. stored outside the HSM, encrypted using an LMK.
In the latter case, when a key stored outside the HSM needs to be used, it is first
submitted to the HSM, where it is recovered using the LMK and then used.
This approach places a great deal of reliance on the LMK. It is thus extremely
important to back up the LMK (see Section 10.5.5) in order to mitigate against
loss of the LMK. Such loss can occur if the HSM fails, or if it is attacked, since
the tamper-resistance controls are likely to delete the HSM memory. Indeed this
applies to any keys that are only stored inside the HSM. Thus we can see that
the issue of whether to store a key inside or outside the HSM involves a tradeoff
between:
Efficiency
- storing keys inside the HSM is more efficient in terms of processing
speed since they do not need to be imported and then recovered before use.
Need for backups
- since every key only stored inside the HSM needs to be
securely backed up, perhaps in component form.
OTHER TYPES OF HARDWARE
While HSMs are the securest hardware devices on which to store keys, there
are numerous other hardware devices offering less security. Some of these devices
might include some of the tamper-resistance measures that we outlined for HSMs,
while others may just rely on the hardware itself to provide some resistance
to attack.
One class of hardware devices are smart tokens, including smart cards, which
we first discussed in Section 8.3.3. Smart tokens are designed to be portable and
cheap, so the security measures deployed to protect them are limited. Thus while
smart tokens are normally appropriate media for storing keys specific to a user, for
example, the type of token used in Section 8.5 for generating dynamic passwords,
