Hardware Security Module (HSM)

HSM – What it is and how it works

Encrypted data is not secure if the keys used for encryption are exposed. Hardware security modules (HSMs) can provide a solution. HSMs are tamper- and intrusion-resistant hardware components used to protect and store cryptographic keys while still allowing authorized users to use them. The purpose of HSMs is to control access and limit the risk to sensitive private keys.
HSMs make it possible to use the private keys without requiring direct access to them. Software hosted on a web server, for example, can perform cryptographic functions and authentication without loading a copy of the private key into the web server’s memory, where the key may be vulnerable to attack. These functions are performed within the secure environment of an HSM’s. Running within this secure environment prevents the sensitive data from being compromised. The private keys remain protected in a secure location.
To better understand this concept, you can think of an HSM like a vending machine. In a vending machine, drinks and food are stored in an isolated environment. It is designed to accept user input (e.g. item selection) and generate output (e.g. dispense a tasty snack). It is not possible to access the inside of the machine or change its functions.
Similarly, an HSM accepts user input and generates output (e.g. signed certificates or signed software) without users or applications being able to see, access or modify the cryptographic keys. This is possible because its functions are performed within the secure environment and no key can be fully exported, extracted or removed from an HSM in a readable format.

An HSM can provide different functions depending on the area of application and requirements. Possible functions of an HSM are listed below:

• Store and protect cryptographic keys throughout the lifecycle. HSMs are usually stand-alone devices connected to the network and separated from other computing units such as servers. This helps to ensure that keys are secure throughout their lifecycle – from generation to final destruction or revocation.
• Generate cryptographic keys for PKI. HSMs have built-in true random number generators (TRNGs) that provide randomness and unpredictability. These random numbers can be used to generate new keys.
• Protection of key security through zeroization. Because HSMs are tamper-resistant devices to both logical and physical attacks, they can be built to erase or destroy all stored cryptographic data to prevent compromise.
• Securing cryptographic operations and services. Restricting these functions e.g. signing PKI certificates, applications or documents to the secure, self-contained environment of the HSM helps prevent key disclosure.
• Improve server performance through load balancing. HSMs are optimized, stand-alone devices that take over the execution of specific tasks that would otherwise overload servers. 
• Protect keys from insecure extraction that could lead to compromise. Encrypting encryption keys to prevent them from being extracted in plain text.
• Securing keys for your development, test and production environments. An HSM protects the private keys used by the software and systems of internal production and test environments so that these systems can use them without needing direct access to them. 
• Ensure compliance with data security regulations and simplify audit processes. HSMs are typically validated hardware components that ensure regulatory compliance by meeting certain industry standards. They also provide tamper-proof logs that let you know what cryptographic operations were performed on them, when these operations were performed, and who was responsible for authorizing these operations.

An HSM can be designed as an external device or integrated into a device as a subsystem. Various cryptographic algorithms such as asymmetric algorithms (RSA, ECDSA, ML-DSA, ML-KEM), symmetric encryption and decryption (AES, Triple-DES, DES), hash functions (SHA-1, SHA-2, SHA-3) or random number generators can be integrated into an HSM. Functions for securing and managing keys are also available. Management of the HSM device itself, authentication of operators and administrators as well as encrypted backup of keys and configuration data can be further components. An HSM can be connected to a system via Ethernet or PCIe, for example. Typical cryptographic interfaces (APIs) are PKCS #11, Java Cryptography Extension (JCE), Microsoft Crypto API, Extensible Key Management (SQLEKM) or OpenSSL.
HSMS are used by organizations across virtually all industries, such as certificate authorities (public and private CAs), government and public sector organizations, cloud service providers and vendors, banks, credit card companies and other financial institutions, blockchain platforms and entities, automotive manufacturers, entertainment service providers, and IoT device developers and manufacturers.

KiviCore offers cryptographic primitives which can be used to create different classic and PQC applications. Those are hash functions as defined by secure hash algorithms (SHA3) from NIST FIPS-202 standard as well as Keccak.