Maximum Security for Your Data and Processes
- Physical Access Protection
- Secure Generation of Keys
- Secure Management of Key Material
- Secure Execution Environment
Conventional IT systems cannot be fully protected from external attack. In contrast, HSMs feature a whole array of protective mechanisms to deter physical tampering, typically including drill protection foil, resin-embedded chips as well as temperature and voltage sensors. If, for instance, someone should attempt to open an HSM e.g. by drilling into the device, eroding layers by applying acid or icing up and breaking open the casing, sensors will register such an attack immediately, triggering an alarm. Additionally, special applications installed on the HSM automatically initiate countermeasures as specified by the configuration, e.g. deletion of keys.
In this way, HSMs offer maximum security from external physical, chemical or mechanical attack. In fact, there are currently no practically workable attacks that would be able to overcome all these physical protection features.
A good key should always be as long and as random as possible, because otherwise it can be easily guessed by an attacker. In conventional IT systems, the means for generating secure keys are limited because ultimately, computers are machines that execute a series of commands (e.g. mouse movements, keystrokes and incoming network data) and only process if-then situations. If one knows the input data of a command, one can also predict the output data.
HSMs, on the other hand, generate truly random keys by registering data from random physical processes, e.g. atomic decay processes or atmospheric noise in the HSM vicinity. This produces unpredictable values which can be used as the basis for random keys.
The most important feature of an HSM is that it generates and stores keys and uses these keys in executing cryptographic operations (e.g. encryption, signatures). All these security-critical processes can be executed within the secure environment of the HSM.
In this way, HSMs also offer maximum protection against logical attack: Since the keys needed for the cryptographic operations never leave the HSM, it is virtually impossible for an attacker to steal them.
HSMs from some manufacturers also offer a secure execution environment for user applications and thereby provide effective protection from insider attacks and Trojans. In such systems, the user’s applications can be programmed within the protected space, uploaded to the HSM and executed securely by the HSM.