Introduction in to HSMs — The Shifting Perspective
In our Shifting Perspective series we offer insights behind the scenes of the industry, furthering understanding of complex topics in order to support those of you who want to shift how you choose to live your digital lives by minimising the dichotomy between simple and safe.
From stablecoins, to tokenized securities, from DAOs to Dexes and DLTs. The cryptocurrency industry is full of buzzwords which can be hard to navigate. The latest one being thrown around by institutional investors is “Custody”. Custodians hype their solutions and promote the use of hardware security modules or HSMs for short. In this post we are going to shed some light on what exactly we mean by an HSM, where does it come from and why it plays such an important role in keeping our new digital assets safe.
A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.
A hardware cryptocurrency wallet is a HSM in the form of a portable device.
Developed for military applications and deployment back in the 70’s, HSMs are a key part of the modern infrastructure we live in. The first commercial and industrial use of HSMs came with the introduction of the ATM, the so called “Bank HSM”. Financial institutions still use these devices today in order to store cryptographic keys in your credit card, this data is then used by a piece of software that derives your PIN and links to your account number. Other industrial use cases include rail, air travel, casinos, smart meters as used in the energy sector as well as many other areas. As a society we are heavily reliant on the HSM, but how much do we actually know about them?
The classic format of an HSM is the plug-in card. The most common HSM setup in banking is the network-attached, or server form factor. In this case an HSM is activated using TCP/IP, so the host computer can link it directly into a network. This is at the core of the global payments system that you use everyday when you buy goods online or whenever you use your credit card.
Main features of an HSM
- Tamper resistance — protection against physical attack on the device. Tamper response (detecting mechanical attacks), monitoring of temperature and voltage
- Protection against side channel attacks
- Support of cryptographic operations (signing, encrypting etc)
- Protection of the software environment against tampering and installing malicious third-party software
- Generation of keys with true random number generator
- Isolation of the cryptographic application environment
HSM Design
The design principle for HSMs is independence of the crypto co-processor from the host system with its application and the interfaces. Only the firmware inside the HSM can access the areas within the security boundary. Note that some HSM models allow running custom code inside HSM hardware, but this could have a negative impact on the certification of the device.
At the application interfaces, we can identify three logically independent API’s:
1. Key Management API
2. Command API
3. User Management API
The Key Management API is the channel to the HSM for running all functions which are keys related. For example key backup and restore.
Command API is for accessing the cryptographic functions of the HSM. Such an example for this function would be key generation, or import/export of key records.
The User Management API is used to create and manage users and their specific roles in the HSM. Examples would be operators, custody officers, administrators and auditors etc.
Certifications are a very important part of HSMs usage and deployment. Globally recognized certifications include:
- FIPS(Federal Information Processing Standard)
- Common Criteria (Common Criteria for Information Technology Security Evaluation)
- PCI Security Standard Council
For the cryptocurrency and finance industry the most relevant certification is probably FIPS 140–2. Governed by the Cryptographic Module Validation Programme under the U.S. and Canadian governments, FIPS 140 is an important basis for the certification of products with cryptographic functions.
You can find more information on FIPS 140 here.
Building a custom HSM and getting the certification for it is a lengthy and costly process. If you want to build your own crypto custody solution using HSMs, we suggest you to take a look at Square’s Subzero open-source project. Please note that replicating that setup might require close to ~ $10k.
In this post we introduced you to the origins of the HSM and what it means for consumers in their daily lives. First developed for military purposes it has now got into the hands of the public in the form of credit cards and cryptocurrency hardware wallets. Companies like ours face many challenges when assisting in this transition including educating our customers in understanding complex security concepts. Our aim is to be transparent, open source and actively support our users to help bring this powerful technology to a wider audience.
To stay up to do date with more industry insights follow us on Medium. You can also follow us on Twitter and Instagram for product updates and more!
