What are they and what do they do?
Hardware Security Modules (HSMs) are special-purpose computers for storing cryptographic keys and carrying out operations like encryption and digital signature. They are heavily used in regulated indistries such as financial services, as well as for specific functions like Certificate Authorities in more general settings.
The cryptographic implementations inside HSMs are often certified secure by evaluations such as FIPS 140-2 or Common Criteria, but using them securely at scale is complicated. Retaining visbility and control on the use of HSMs by applications is one of the unique capabilities of Cryptosense Analyzer Platform.
What are HSMs used for? Are they secure?
In the first video of our series on HSMs, Graham explains everything you ever wanted to know about HSMs but were afraid to ask.
Modern applications that use cryptography usually access that functionality via an application program interface (API) to a software or hardware cryptographic provider. Security-critical applications often make use of Hardware Security Modules (HSMs): special purpose computers that provide high-speed cryptographic services whilst keeping key material inside a tamper-sensitive enclosure. Together with smart cards or similar chip-based tokens, they form the backbone of many modern cryptographic applications in diverse sectors from banking to automotive.
In this white paper, we discuss attacks on systems using the PKCS#11 API. We consider what it means for an interface to be secure, and we discuss how to audit applications’ use of the API. There will be plenty of concrete examples of attacks on real devices, and we will explain how to detect these issues using Cryptosense Analyzer Platform.