Hardware Security Modules What they are and why it's likely that - PowerPoint PPT Presentation

Hardware Security Modules What they are and why it's likely that you've (indirectly) used one today Insert Your Name Insert Your Title Insert Date RWC 2015 Paul Hampton 8 th January 2015

What Am I Going to Talk About? What Is A Where Will HSM? I Find One?

A Hardware Security Module is… …a dedicated crypto processor … …designed for the protection of keys throughout their lifecycle … … validated as secure by third parties… …a Trust Anchor …

A Hardware Security Module is… …a source of high quality random numbers … …a vault for holding cryptographic keys … …Cryptographic Acceleration Hardware… … a hardware solution that implements the cryptographic algorithms you want to use…

How is a HSM deployed? Application Servers Application Offload PKCS #11 CAPI / CNG Crypto Services Java CSP OpenSSL XML-DIGSIG Multiple Cryptographic Processing Partitions Key Key Vault Services Management Services Tamper Resistance/Response Separation of Duties Backup/Restore MFA with M of N Controls Access Controls Availability Export Controls and EKM Interface Common Criteria EAL4+ FIPS 140-2 Level 3 Load Balancing Policy Def’n and Enforcement Security Application Officer Owner Certifications Role Separation Auditor IT Admin

Certifications  Provide independent verification of the security of a HSM Common Criteria 6

Physical Security Features Features of a Validated HSM Appliance Serialised Tamper Evident Labelling Intrusion detection Tamper Resistant Fasteners Protected Electronics Internal Baffles to Prevent Probing Tamper Resistant I/O Mounts Tamper Resistant Fan Mounts

HSM Form Factors

So What Do HSMs Get Used For? 1. Secure Documents

HS HSMs secur ure e passpor ort t issuance uance

HSM SMs secur ure e documents ents for governm nment ents, s, hospitals, itals, and the cour urt system tem

Secure Manufacturing

HSM SMs secur ure e enter ertai ainmen ment t devices, ices, includin cluding g video eogam game e consoles soles and Person sonal al Video eo Recor order ers

HSM SMs secur ure e Sm Smart Meteri ering g Sy System ems s and the deliver ivery y of Meter er messages ages in our homes s to H Head d End Utility ility systems ems

Banking and Payments

HSM SMs secur ure e mobile le money y paymen ments ts and verbal bal banking king transac nsactio tions s made by teleph ephone one

HSM SMs secur ure e card data and the deliver ivery y of Personal onal Identific ificatio ation n Number ers s (P (PINs) s)

HSM SMs secur ure e the production uction of credit edit and debit it cards ds and mobile le phone SI SIM cards. ds.

And Yet More Payments Use Cases…

HSM SMs secur ure e SS SSL for the websit sites es we use every y day

Transport and Infrastructure

HSM SMs secur ure e Devic vice e Manufacturing ufacturing in the deliver livery y of Trust usted ed Devic vice e Identities ities we used Ever ery y Day

Railway lway signalli nalling g infras rastruct tructur ure e is secur ured ed by Hardwar ware e Se Security urity Modules les

HSM SMs are used to p protec ect t the communication unication protocols ocols for large ge industri strial al equipm pment ent

HSM SMs secur ure e the softwar are e and physical sical component nents s of safety ety critica itical l systems tems

HSM HSM HSM HSM HSM HSM HSM HSM

HSM SMs secur ure e automated ated toll l booth passes es

Online Content

HSM SMs secur ure e the deliver ivery y of streamin eaming g media

Thank You!