By Matt McCarthy, Contributing Editor, Avisian Publishing
One of the most infamous cyber attacks in history was the Stuxnet computer worm in 2010 that – among other things – caused a number of Iranian nuclear centrifuges to spin out of control and destroy themselves.
The Stuxnet worm first targeted Microsoft Windows machines and networks before moving on to other software such as that used to program industrial control systems operating equipment such as centrifuges. This worm was able to evade auto-detection systems by presenting a digital certificate that seemed to indicate that it came from a trusted source.
Exactly how the encryption key that was used to sign this certificate was compromised remains a mystery. But why it was vulnerable to compromise is clear: the key was stored in software. Had the encryption key been stored in Hardware Security Modules (HSM) instead of in software, the world might never have heard of Stuxnet.
The Nuts and Bolts of Hardware Security Modules
HSMs are secure, tamper-resistant pieces of hardware that store cryptographic keys and provision encryption, decryption, authentication and digital signing services. These modules traditionally come in the form of a plug-in card or an external device attached directly to a computer or network server. They are essential to manage and provide protection for transactions, identities and applications.
Much of the HSMs value comes from the fact that they are hardware. “When a key is in software it can live in a million places at once, it can be moved around and it is very hard to log and audit trust around its usage,” explains Mark Yakabuski, vice president of product management for Crypto Management at SafeNet Inc., a manufacturer of HSMs.
An HSM generates a key in the hardware that never leaves, explains Yakabuski. This results in an extremely high level of trust in that key. “It gives you a trust anchor for different business applications that want to use the identity,” he adds. “Because that key never leaves the HSM, it is very easy to audit and track for compliance reasons. You know exactly who used it and when it’s been used.”
The Evolution of Hardware Security Modules
HSMs first began to appear on the market about 25-years ago and have evolved in stages. In the 1990s they were primarily PCMCIA and PCI Cards leveraged largely for SSL webserver protection and certificate authorities, the backend of a Public Key Infrastructure (PKI). PKI enables users of the Internet and other public networks to engage in secure communication and exchange data or even money through public and private cryptographic key pairs provided by a certificate authority.
“The keys that they use to sign certificates are the keys to the kingdom for that infrastructure, especially when they’re at the root,” explains Mark Joynes, director of product management for Entrust PKI, Government and National ID Solutions. “They need to be secured so that they can’t be used by entities that aren’t authorized for their use. Since the inception of PKI, HSMs have been the best practice for the storage of those keys.”
With the proliferation of the Internet and an expanding demand for secure communications in data and money transfers, the next step in the HSM evolution was to put them in appliance form so that they could be shared. “They were networked and could be connected to by many different users and applications that wanted to leverage the trust anchor,” Yakabuski says. “By 2000 HSMs had the early stages of multi-tenancy built into them.”
Today, the use of HSMs is exploding. “One of the great reference cases for our HSM usage is in the financial sector,” Yakabuski says. “We have thousands of HSMs deployed for financial communication settlements between thousands of cooperating banks. It’s multiple trillions of dollars a day. Those identities are protected, that bank’s identity is protected and the customers’ identities are protected inside our HSM.”
Joynes points to the latest deployment of HSMs in the border control systems in the European Union as an example of how the use of the hardware is expanding. Since PKI is an integral technology for the security and verification infrastructure of ePassports, the need for the trust anchor HSMs provide is growing.
“There are private keys held at the inspection system,” explains Joynes. “The most recent standards see implementation of HSMs at those border control systems and that’s new. Previously the standards had called for them to be required only at the center. So in some environments we see increasing use as different risks are better understood and where they recognize the need for stronger security.”
The Next Generation Hardware Security Modules
The next generation HSM is extending the benefits of the hardware to the cloud environment.
“Software virtualization has some tremendous benefits of scale – the ability to scale up and scale down, as well as the ability to be very flexible and portable,” explains Yakabuski. “So we took the hardware security module and built an abstraction layer on top of it that would enable you to use the HSM like you use a hypervisor.”
A hypervisor enables physical devices to share their resources across virtual machines running as guests on top of that physical hardware. “You can stand it up as a service and then provision that service out to consuming parties in a cloud manner,” says Yakabuski.
Regardless of the type, Yakabuski and Joynes agree that the demand for HSMs will continue to rise.
“As a general rule I think we – and systems in general – need to take a higher assurance approach to the security of private keying material,” says Joynes. “There is no doubt the threats that are arrayed against these systems are far greater and far more organized than ever before.”
“It’s an industry, in terms of the threat to these systems. If a key is stored in software and someone really wants it they will get it,” explains Joynes. “HSMs are as close to failsafe as you can get. These things are tested to the highest levels and people look to them to be the end game.”