This article will examine Hardware Security Modules (HSMs) according to ISO 13491 and how their relationship to ANSI x9.24-1-2017.
A hardware security module (HSM) is a type of computer hardware that can be augmented inside a computer or used over the network as a standalone device. As an external network device it is connected via a network cable. When augmented inside a computer or server, it is a PCIe card that is attached directly to the motherboard of the computer or server.
An HSM is designed to protect and manage digital keys that are used for strong authentication purposes with specialized functions that are needed to process transactions and perform general-purpose functions. HSMs provide logical and physical protection, such as cryptographic protection and tamper-proof enclosures to protect critical data from being disclosed or being accessed by those who are not authorized to do so.
The Roles of HSMs
HSMs can be used in any application that utilizes digital keys to protect said keys. These keys are usually of high value and require confidentiality because if compromised, there could be a significant negative impact on the key’s owner.
How are HSMs Used?
HSMs perform the following functions:
- Generating security cryptographic keys
- Providing security cryptographic key storage for master keys
- Key management
- Using cryptographic and sensitive data to perform encryption and digital signatures
- Completing asymmetric and symmetric cryptography for application servers
Both symmetric and asymmetric cryptography are supported by HSMs. Applications like digital signing and certificate authorities usually use asymmetric key pairs and certificates that are used in public-key cryptography. Applications like financial payment systems and data encryption also rely on the use of symmetric keys.
HSMs can be used by certification authorities and registration authorities in PKI environments to generate, store, and handle asymmetric key pairs. These devices must have features such as:
- Both logical and physical high-level protections
- Secure key backup
- Full audit and log traces
- Multi-part user authorization schema
Card Payment Systems
The payment card industry uses specialized HSMs. These devices support common functions and specialized functions that are used for processing transactions in compliance with industry standards. Authorization of transactions and payment card personalization are typical applications used in the payment card industry. Cryptography is used for
- PIN verification
- Protecting secret information like customer PINs
- Maintaining the integrity and authenticity of MACs and other sensitive data
- Card security card code verification
- Supporting crypto-API with EMV
- Performing secure key management
- Generating data for magnetic strip cards (PVV, CVV)
- Generating a card keyset and supporting the card personalization process
For the banking and retail financial services market, HSMs are required to abide by standards set by the Payment Card Industry Security Standards Council, ISO, and ANSI X9.
The security of these devices is critical to securing retail electronic payment systems that are constantly at risk of cyber-attack. However, HSMs are also always at risk of being attacked.
Attack Risks HSMs Commonly Face
There are numerous attack scenarios that target HSMs used for electronic payments. The most concerning are:
- Penetration, which involves the unauthorized opening or physical perforation of the HSM to access its sensitive data like cryptographic keys.
- Monitoring electromagnetic (EM) radiation, timing differential, and power consumption, and other side-channel attacks to find sensitive information that is stored inside the HSM.
- Manipulation by putting the HSM under environmental stressors, bombarding it with a sequence of inputs, or interfering with its external inputs to cause it to disclose sensitive information if its “test mode” is triggered and allow an attacker to gain unauthorized access to the HSM’s services.
- Modification, which involves the unauthorized alteration of the logical or physical characteristics of the HSM that allows the device to remain operational, but it will continue to disclose protect information as long as the modification is in place, such as a PIN pad overlay placed between the PIN entry point and the PIN encryption point.
- Substitution, which involves replacing one device with another device that looks like the original device and may have some of its logical characteristics, but it will also contain some unauthorized functions.
How Do HSMs Defend Against These Attacks?
HSMs need to have three factors working together to defend against attacks:
- Device Characteristics
- Device Management
HSMs possess logical and physical security protections that work to deter the attack scenarios above. Their physical security characteristics include:
- Tamper resistance
- Tamper evidence
- Tamper response
The ANSI x9.24-1-2017 Standard
The ANSI x9.24-1-2017 standard was published by the Standards Committee X9 of the American National Standards Institute. Version - 2017 was approved on June 8, 2017.
It addresses and standardizes symmetric key management related to Secure Cryptographic Devices (SCD) for Retail Financial Services.
Secure Cryptographic Devices are devices providing "physically and logically protected cryptographic services and storage". It hence applies to Hardware Security Modules.
The ANSI standard states in chapter 3 that it shall be applied in conjunction with the ISO 13491 - 2016 - all parts, Financial services – Secure cryptographic devices.
What Does ISO 13491 Require of HSMs?
ISO 13491 requires that HSMs must have a combination of all three physical security characteristics to ensure the required security. When needed, additional physical characteristics may be required to prevent passive attacks from attacking sensitive data.
The purpose of secure cryptographic device management is to prevent the unauthorized alteration of the HSM’s characteristics throughout its life cycle. This is accomplished by placing external controls on the device during its life cycle.
These controls include:
- Security practices
- Key management methods
- Operational procedures
The security of the HSM’s environment can range between minimal and highly controlled. Controls should be in place to prevent or detect access based on the device’s physical risks and the type of data it is protecting.
- ANSI X9.24-1-2017 - Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (2017), by the Accredited Standards Committee X9 of the American National Standards Institute
- ISO 13491-1:2016 Financial services — Secure cryptographic devices (retail) — Part 1: Concepts, requirements and evaluation methods (2016), by the International Organization for Standardization
Blog post by Dr. Ulrich Scholten