What makes HSMs so strong?
It seems to be obvious that cryptographic operations must be performed in a trusted environment – meaning no possibility of exposure due to viruses, malware, exploits or unauthorised access. But an ordinary wallet mixes the access code, businesslogic and cryptographic calls in one big application. This is a dangerous approach because an attacker can then use crafted data and vulnerabilities to access cryptographic material or steal keys. HSMs are dedicated hardware systems specifically designed to store and manage private and public keys. The entire cryptographic key lifecycle – from provisioning, managing and storing to disposing of or archiving the keys – occurs in the HSM. Digital signatures also may be captured via an HSM, and all access transactions are logged to create an audit trail. An HSM is hardened against tampering or damage and may be located in a physically secure area of a datacentre to prevent unauthorised contact. The module may be embedded in other hardware, connected to a server as part of a network, or used as a standalone device offline. An HSM is a trusted computing environment because it: • Is built on top of specialised hardware, which is well-tested and certified in special laboratories. • Has a security-focused OS. • Limits access via a network interface that is strictly controlled by internal rules. • Actively hides and protects cryptographic material.
