member sign-in
Forgot password? Create new account Close

Application and Transaction Security / HSM

Definition

Application and Transaction Security / HSM it’s a technology designed for managing digital keys and for enabling digital signings using a secure crypto processor. HSMs are physical devices that come in different forms such as plug-in card or an external TCP/IP security device that can be attached to the server or to a general purpose computer.

User Benefits

The main benefits of an HSM are the use of sensitive and cryptographic data material, offloading application servers and having embedded and onboard secure storage. HSMs provide both logical and physical protection from non-authorized use. It protects high-value cryptographic keys.  Most HSMs protects asymmetric key pairs and certificates used in public-key cryptography. HSMs can also work with symmetric keys and other arbitrary data.

Business Impact

HSMs are cryptographic systems that provide key management. Key management is related to generation, exchange, storage, safeguarding, use, vetting and replacement of keys. These cryptographic systems include key servers, user procedures and other relevant protocols.

Most HSM systems are able to back-up handled keys through computer’s operating system or externally using a smartcard or some other security token. No operations are allowed to export any secret information outside the system in plaintext form, not even when back-up operations occur. Some HSM systems can be used also like hardware cryptographic accelerators. HSM's can provide significant CPU offload for asymmetric key operations.

Because HSMs are often part of a mission-critical infrastructure such as a public key infrastructure or online banking application, HSMs can typically be clustered for high availability. Some HSMs feature dual power supplies to enable business continuity.


Products supporting this technology

Gemalto Thales Ultra Electronics AEP

Key management can be implemented using different approaches mostly based on the needs of the target business applications and user community. The concept of key management must also support the enterprise security policy at a higher-level. The enterprise security policy is translated by key management into terms suiting the cryptographic services used in implementing the security policy. Enterprise key management can be broken down into high-level objectives:

Secure Key Lifecycle - ensure the security of keys throughout their lifecycle by following operations such as: key pair generation, key transport and sharing, key backup and restoring from backups, key pair usage monitoring and control (time-based, volume/operations based), key rotation, key renewal, meta-data maintenance (changing status from encrypt/decrypt to decrypt only), secure key destruction or archival at the end of a key’s service life.

Secure Key Storage - keys must be securely stored throughout their operational life. Keys are often stored in hardware devices intended to strongly protect the keys.

Key Usage Authorization – keys can be used only for authorized purposes by authorized entities. Access control, authentication of users and confidentiality protection are critical elements of the process.

Accountability - Usage, state changes or attempted changes of key material must be recorded. The records must conform to regulatory requirements for security audit and ensure non-repudiation. These high-level security objectives are extremely important to organizations resulting in the need to get certified according to a recognized standard and certification scheme such as NIST, FIPS140-2, CC or ISO 15408.

Each organization will have its unique security policy characteristics that must be reflected in key management policy requirements. In general, common ground can be found regarding security needs that allow for a standardized, core set of key management policies and techniques. To meet the needs for centralized key management within a scalable, distributed architecture we need to think at some important elements involved in the implementation of a key management policy. The involved elements can be physically and logically implemented in many ways. It is possible to have all of these elements inter-connected and implemented in distinct logical layers with a central policy definition.

Policy Definition Point – it’s positioned at the highest level within the enterprise management infrastructure and is responsible for the definition of policies for key management. It serves as the central point for policy definition and coordination. It may also serve as the “trust root” for the infrastructure. The second role may be associated with a PKI Certification Authority or Domain Master key in a symmetric key-based systems.

Policy Application Point – this element is responsible for propagating policies to lower-level elements within a specific domain. There may be more than one element within the infrastructure. It can be implemented with a LDAP directory implementation or it could serve the role of a key management server generating keys or providing keys to end points in accordance with a given policy.

Policy Enforcement Point – the policy enforcement points must be implemented as closely as possible to the elements that perform the crypto operations. They are spread through the infrastructure and are responsible to ensure that the crypto operations are only performed in accordance with the defined policies.

End–Points – the end-points or clients are the devices that hold local copies of keys for use and provide the cryptographic services required by the enterprise’s business applications. These end-points devices may be either software or hardware implementations, depending on the nature of the operational environment and the overall level of security required by the applications.

End-to-End Security in the infrastructure – even though key management policy is viewed as a support for the enterprise’s security policy it is advisable not to  lose sight of the importance of security key management infrastructure itself.

Strong and consistent security controls and mechanisms are needed to ensure the proper operation of the infrastructure. As for any security system implementation, a proper risk assessment should be performed on the planned key management infrastructure implementation to be sure that appropriate security controls are in place at all levels of the infrastructure.

  • manufacturer