Dmitry
Dmitry

Reputation: 340

Application to HSM interaction security

I feel like I'm missing something. I know that HSM can give you 100% bulletproof protection of your keys, encrypted data, etc. But what prevent the attacker from stealing your sensitive data right after you accessed HSM and got your secrets copied to the users memory? Or for example, just use the same API to access the module? How does the application authentication works? If it is based on something simple, like a password, why the attacker cannot just steal the password from the memory, login into the HSM and get what he wants? Also, if the kernel if compromised, I assume it can listen or tamper any communication between a process and the HSM, right?

Upvotes: 4

Views: 2804

Answers (2)

Zhenxin Sun
Zhenxin Sun

Reputation: 39

Overall, HSM is a physical device to generate, store and secure your keys.

The biggest nightmare of modern cryptography is the key compromise, and HSM is the right solution to against it. HSM are often been used in large organizations and financial sectors. Another reason people chose to use HSM is due to audit or compliance requirements(such as PCI-DSS)

HSM offers multi-factor authentication over the key loading by using tokens(eg, Smart cards) or passphrases. Even if you have gained access the server connecting to it, you still cannot gain the access to the keys if not all factors have been acquired.

For the password stealing part, there are some E2EE password protection solutions where the vendor has build the password authentication logic into HSM secure memory, therefore, the decrypted credentials are only available inside HSM, and the application only knows the authentication result. By this means, the password are well protected all the time.

Upvotes: 1

Michael
Michael

Reputation: 991

You're right to be concerned about this - an HSM is not a panacea, and compromised servers that have the ability to authenticate to and use an HSM are a real risk, as ably demonstrated by Diginotar.

How does the application authentication works?

Different HSMs offer different authentication options, e.g. physical tokens (such as smart cards), physical pin entry, logical tokens (in memory keys), custom solutions defined by the user, etc etc.

But what prevent the attacker from stealing your sensitive data right after you accessed HSM and got your secrets copied to the users memory?

Ideally when implementing a solution with an HSM, the sensitive keys are never exposed outside the HSM - you get the HSM to use the key (e.g. do the signing / encryption), rather than getting the HSM to give you the key.

login into the HSM and get what he wants?

HSMs allow you to protect keys such that there is no way to export them from the HSM (even if you have all the credentials of the users / administrators).

Also, if the kernel if compromised, I assume it can listen or tamper any communication between a process and the HSM, right?

Yes; there might be a cryptographically protected channel between the application and HSM, but ultimately a machine with a compromised kernel should be considered an attacker controlled machine - anything the machine can do legitimately, the attacker can use illegitimately.

Upvotes: 6

Related Questions