硬件安全模块

硬件安全模块（英語：hardware security module，HSM）是一种用于保护、管理强认证系统使用的密钥，同时提供相关密码学操作的计算机硬件设备。硬件安全模块一般通过过扩展卡或外部设备的形式直接链接到电脑或网络服务器。

设计

HSMs may possess controls that provide tamper evidence such as logging and alerting and tamper resistance such as deleting keys upon tamper detection.^[1] Each module contains one or more secure cryptoprocessor chips to prevent tampering and bus probing.

Many HSM systems have means to securely back up the keys they handle either in a wrapped form via the computer's operating system or externally using a smartcard or some other security token.^[2]

Because HSMs are often part of a mission-critical infrastructure such as a public key infrastructure or online banking application, HSMs can typically be clustered for high availability. Some HSMs feature dual power supplies and field replaceable components such as cooling fans to conform to the high-availability requirements of data center environments and to enable business continuity.

A few of the HSMs available in the market have the ability to execute specially developed modules within the HSM's secure enclosure. Such an ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The modules can be developed in native C language, in .NET, Java, or other programming languages. While providing the benefit of securing application-specific code, these execution engines protect the status of an HSM's FIPS or Common Criteria validation.

安全性

考虑到HSM在应用与基础设施安全中扮演了关键的角色，HSM一类的硬件安全模块通常都会经过Common Criteria、FIPS 140等在国际范围受到承认的认证。这将给予用户在产品设计与实现上的保障，同时也确保相应的密码学算法能按预期方式正确工作。FIPS 140安全认证最高认证等级为Level 4（整体），目前仅有极少数HSM成功通过这一等级的认证，大部分设备处于Level 3等级。

使用

A hardware security module can be employed in any application that uses digital keys. Typically the keys must be of high-value - meaning there would be a significant, negative impact to the owner of the key if it were compromised.

The functions of an HSM are:

onboard secure cryptographic key generation
onboard secure cryptographic key storage and management
use of cryptographic and sensitive data material
offloading application servers for complete asymmetric and symmetric cryptography.

HSM are also deployed to manage Transparent Data Encryption keys for databases.

HSMs provide both logical and physical protection of these materials, including cryptographic keys, from non-authorized use and potential adversaries.^[3]

The cryptographic material handled by most HSMs are asymmetric key pairs (and certificates) used in public-key cryptography. Some HSMs can also handle symmetric keys and other arbitrary data.^[4]

Some HSM systems are also hardware cryptographic accelerators. They usually cannot beat the performance of hardware-only solutions for symmetric key operations. However, with performance ranges from 1 to 7,000 1024-bit RSA signs per second, HSMs can provide significant CPU offload for asymmetric key operations. Since National Institute of Standards and Technology is recommending the use of 2,048 bit RSA keys from year 2010,^[5] performance at longer key sizes is becoming increasingly important. To address this issue, some HSMs now support elliptic curve cryptography (ECC), which delivers stronger encryption with shorter key lengths.

PKI应用场景 (证书颁发机构硬件安全模块)

In PKI environments, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle key pairs. In these cases, there are some fundamental features a device must have, namely:

Logical and physical high level protection
Multi-part user authorization schema (see Blakley-Shamir secret sharing)
Full audit and log traces
Secure key backup

On the other hand, device performance in a PKI environment is generally less important, in both online and offline operations, as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

卡交易应用场景 (银行硬件安全模块)

Limited-feature HSMs are used in card processing systems. These systems are usually less complex than CA HSMs and normally do not feature a standard API. These devices can be grouped in two main classes:

OEM or integrated modules for automated teller machines and point of sale terminals:

to encrypt the personal identification number (PIN) entered when using the card
to load keys into protected memory

Authorisation and personalisation modules may be used to:

check an on-line PIN by comparing with an encrypted PIN block
in conjunction with an ATM controller, verify credit/debit card transactions by checking card security codes or by performing host processing component of an EMV based transaction
support a crypto-API with a smart card (such as an EMV)
re-encrypt a PIN block to send it to another authorisation host
support a protocol of POS ATM network management
support de facto standards of host-host key|data exchange API
generate and print a "PIN mailer"
generate data for a magnetic stripe card (PVV, CVV)
generate a card keyset and support the personalisation process for smart cards

The major organization that produces and maintains standards for HSMs on banking market is the Payment Card Industry Security Standards Council.

SSL链接建立

Performance critical applications that have to use HTTPS (SSL/TLS), can benefit from the use of an SSL Acceleration HSM by moving the generation of the session key, which typically requires several large integer multiplications, from the host CPU to the HSM device. Typical HSM devices can perform about 50 to 1,000 1024-bit RSA operations/second.^[6] Some performance at longer key sizes is becoming increasingly important. To address this issue, some HSMs ^[7] now support elliptic curve cryptography. Specialized HSM devices can reach numbers as high as +7,000 operations per second.

DNSSEC

越来越多的域名注册商开始使用HSM来存储签名DNS区域文件使用的密钥。OpenDNSSEC是一个可在HSM环境下管理DNS区域文件签名的开源工具。

On January 27, 2007 deployment of DNSSEC for the root zone officially started; it was undertaken by ICANN和Verisign, with support from the U.S. Department of Commerce.^[8] Details of the root signature can be found on the Root DNSSEC's website.

参见

電子金融轉帳
FIPS 140（英语：FIPS 140）
公開金鑰基礎建設
Secure cryptoprocessor（英语：Secure cryptoprocessor）
安全令牌
Transparent Data Encryption（英语：Transparent Data Encryption）

注释及引用

^ Electronic Tamper Detection Smart Meter Reference Design. freescale. [26 May 2015].
^ Using Smartcard/Security Tokens. mxc software. [26 May 2015].
^ Support for Hardware Security Modules. paloalto. [26 May 2015].
^ Application and Transaction Security / HSM. Provision. [26 May 2015].
^ Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (PDF). NIST. January 2011 [March 29, 2011].
^ F. Demaertelaere. Hardware Security Modules (PDF). Atos Worldline. [26 May 2015].
^ Barco Silex FPGA Design Speeds Transactions In Atos Worldline Hardware Security Module. Barco-Silex. January 2013 [April 8, 2013].
^ ICANN Begins Public DNSSEC Test Plan for the Root Zone. [2015-08-17].

外部链接

[1] Electronic Tamper Detection Smart Meter Reference Design. freescale. [26 May 2015].

[2] Using Smartcard/Security Tokens. mxc software. [26 May 2015].

[3] Support for Hardware Security Modules. paloalto. [26 May 2015].

[4] Application and Transaction Security / HSM. Provision. [26 May 2015].

[5] Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (PDF). NIST. January 2011 [March 29, 2011].

[6] F. Demaertelaere. Hardware Security Modules (PDF). Atos Worldline. [26 May 2015].

[7] Barco Silex FPGA Design Speeds Transactions In Atos Worldline Hardware Security Module. Barco-Silex. January 2013 [April 8, 2013].

[8] ICANN Begins Public DNSSEC Test Plan for the Root Zone. [2015-08-17].

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]