Automated Penetration-Testing of HSMs
There are many new use cases emerging for Hardware Security Modules (HSMs). One is the use of Cloud HSMs: physical cryptographic devices hosted in a public cloud data centre that may or may not be shared with other customers.
This can be as a replacement for on-premise machines as applications are migrated to the cloud, or to provide an extra level of security for sensitive cryptographic key material in a cloud scenario. Another use case is to provide a security anchor for new distributed networks of devices (the so-called Internet of Things). A third is the use of HSMs to protect private keys for crypto-assets such as Bitcoin, Ether etc.
In all these cases, users want to know whether the HSM they are considering using is, in fact, secure. The vendor’s marketing materials are no substitute for a penetration test.
Discovering Security Flaws
Certifications such as FIPS and Common Criteria rule out some basic flaws, but recent history (CVE-2015-5464, CVE-2015-6924) shows that certified devices can still have catastrophic security flaws, particularly in the way their cryptographic APIs are implemented. On top of this, HSMs in the cloud are subject to firmware updates by the operator that may be opaque to the user. Any update could change the security of the API.
Using Cryptosense Analyzer for Automated Pen-Testing
Several of our clients use Cryptosense Analyzer to perform an automated, systematic penetration test of the cryptographic API of their HSMs. This can be scheduled to take place regularly for Cloud HSMs, or applied as part of a procurement or deployment process to on-prem HSMs.
The advantages of using Cryptosense Analyzer for an automated penetration test are:
- Repeatability. Cryptosense Fuzzer and Analyzer can be configured to produce a standard level of testing. Identified risks for which there are existing mitgating controls can be ignored. Users can iterate the testing to find a secure configuration using the options provided by the HSM manufacturer.
- Clarity. The findings in Cryptosense Analyzer are explained for non-expert users of HSMs, to help in understanding what the PKCS#11 standard interface is supposed to keep secure, and what is is actually doing in case of a vulnerable configuration.
- Speed. Time to get a satisfactory penetration-test depends somewhat on the speed of the HSM, but typically 24 hours of fuzzing is enough to get a solid set of results.
- State of the art coverage. Our vulnerability research teams work in close co-operation with the best applied crypto groups in academia and industry on new ways to attacks cryptographic APIs. The Cryptosense Analyzer is always updated to take the latest results into account. Additionally, our extensive experience testing many models of HSM means our fuzzer knows where to look to find new anomalies that may be exploited.