Secure your PKCS#11 HSM Deployment
Companies are turning more and more to hardware-based security for deployments in potentially hostile environments such as cloud, mobile and IoT. The PKCS#11 API is the ubiquitous open standard for the interface between cryptographic hardware and applications, with great benefits for interoperability and avoidance of vendor lock-in. However, being a complex, general-purpose interface, implementations can be vulnerable at all levels of the stack.
See the Cryptosense PKCS#11 Suite in Action
Vulnerabilities in HSM Firmware
Despite their FIPS and Common Criteria certifications, HSMs contain programming errors just like any other complex system. In 2015, two independent vulnerabilities were found in certified hardware that compromised private keys (CVE-2015-5464 and CVE-2015-6924). Cryptosense’s smart fuzzing tools detect instances of known vulnerabilities, including these and others from the academic literature, as well as performing a PKCS#11 compliance test that can indicate the presence of previously unknown weaknesses.
Vulnerabilities in PKCS#11 Configuration
If implemented “as is”, it is well-known that the PKCS#11 API does not adequately protect sensitive keys. Typically, real-world deployments involve restricting the operations available in the API to mitigate key-extraction attacks. Cryptosense Analyzer can test a given configuration and determine whether any combination of commands may leak a key, making secure configuration straightforward.
Good preparatory work can be undone if in practice HSMs are incorrectly configured after maintenance or key-management operations leave keys incorrectly set up. Cryptosense Monitor provides ongoing visibility on HSM security and alerts in the case of out of standard configuration.