Root of Trust is the foundation of any cryptographic system. Hardware security modules due to their cryptographic ability to securely generate and store keys in a secure, tamper-resistant/evident environment – act as the Root of Trust.
What is the Root of Trust?
Root of Trust (RoT) is a critical foundational, immutable and unique unclonable component of a security system, responsible for provisioning critical security functions e.g. confidentiality and data integrity between trusted components/devices in a network or solution. RoT delivers a strong foundation for building trust and security. Root of Trust may be a software or hardware source within a cryptographic system, but it should be inherently secure.
What is the Hardware Root of Trust?
A hardware Root of Trust is a foundation for the security and cryptographic operations in a computing system.
A Hardware Security Module (HSM) is the most common example of hardware RoT as it is highly favored in contemporary systems. A HSM is a critical component in a security solution mandated to securely generate, safeguard and manage cryptographic keys and execute cryptographic operations within a secure environment. These cryptographic keys are further utilized by all solution components for encrypting and decrypting data and creating digital signatures and certificates.
Why are HSMs important as the Root of Trust?
Cryptographic keys are a vital component of any security system since they are used for user authentication, data encryption, and decryption. The unauthorized access to a cryptographic key may put an organization’s entire security infrastructure at risk.
Cryptographic operations, e.g. encryption, decryption and digital signing are ineffective if their cryptographic keys are not well protected. Modern attacks use sophisticated tools to compromise the keys, resulting in a malicious entity decrypting sensitive data and classified information, compromising authentication and login as a privileged user. HSMs act as the Root of Trust for proper key lifecycle management by enforcing the policy can ensure the safety of cryptographic keys, resulting in increased levels of trust throughout the system. HSMs as the Root of Trust have the following key benefits:
- Secure generation of cryptographic keys with a true random number generator
- Storage of cryptographic keys in a tamper-protected, hardened environment
- Generation of trustworthy digital signatures
- Swift and secure automated key management lifecycle
- Highest levels of authentication and trust
- Complying with security standards and regulations such as Payment Card Industry Data Security Standard (PCI-DSS), Federal Information Processing Standard (FIPS) 140-2, General Data Protection Regulation (GDPR), Common Criteria (CC), etc.
Categories of HSMs
Based on their application, there are two main categories of Hardware Security Modules:
- General Purpose HSMs: These hardware security modules incorporate the general cryptographic and encryption algorithms and are mostly used to protect basic sensitive data, public key infrastructures, and cryptocurrency.
- Transaction & Payment HSMs: These hardware security modules are used by financial institutions, payment gateways, and merchants and secure payment transactions. They are also used in injection and remote key loading in POS payment devices.
Critical Aspects of HSM as Root of Trust
When the HSM serves as the Root of Trust, the following critical security factors are:
Generation of Strong Cryptographic Keys
The overall cryptographic strength of a system depends on the cryptographic keys being employed for the encryption-decryption and digital signing processes. The ultimate foundation for the generation of a secure and strong key is the level of entropy and randomness incorporated during the process. HSMs include a FIPS-certified True Random Number Generator (TRNG) to seed the key generator that creates the entropy. Since the TRNG incorporates classical and quantum physics-based hardware sources for the creation of entropy making a reliable source of randomness, the resulting cryptographic key is more secure, strong, truly and perfectly random.
The highest security is implemented by vendors by using an HSM to safeguard the True Random Number Generator from tampering and unauthorized access because a compromised TRNG will affect the process of cryptographic key generation and corresponding security functions.
HSM as Root of Trust
Public Key Infrastructure (PKI)
HSMs act as the Root of Trust in Government, Private and Commercial PKI solutions. HSMs are used to generate and protect the Root and subordinate certificate authority (CA) cryptographic keys. Every certificate is ultimately linked and trusted by the RoT which is the foundation for PKI. A correctly established CA is paramount to maintaining trust throughout the certificate lifecycle. The compromise of a CA cryptographic key can result in the issuance of rogue certificates, placing all previously issued certificates at risk. Please read the full details here.
The migration of businesses to public clouds has brought a lot of ease, however corporate data is now in the hands of external cloud providers. If cloud encryption is used, the cloud administrators and owner still have access to the cryptographic keys and encrypted data.
The introduction of Bring Your Own Key (BYOK) in hybrid cloud environments permits organizations to control cryptographic keys by incorporating a master HSM in the organization’s central data center, which is responsible for centralized key life cycle management. Local or cloud-based HSMs are deployed in data centers in decentralized locations or cloud, and receive application keys in an encrypted form that are never accessible to third parties or cloud service providers. Please read the full details here.
Digital or qualified electronic signatures are termed more secure than paper-based signatures. A digital signature cryptographically binds a digital signature certificate, issued by a trust services provider (TSP), to a document using Public Key Infrastructure (PKI) technology. A digital signature confirms that the information originated from the signer and has not been altered, and provides assurances including authenticity, integrity, non-repudiation and notarization.
Since it is the Root of Trust for all signatures, an HSM that complies with Common Criteria’s Protect Profile and eIDAS Protection Profile (PP) EN 419 221-5 “Cryptographic Module for Trust Services” is incorporated to generate and protect the cryptographic keys of TSP. Please read the full details here.
Symmetric Key Encryption
Symmetric encryption incorporates a single key for encryption and decryption of electronic data. It is widely used since it is faster & efficient than asymmetric encryption. HSMs are designed to protect cryptographic keys, including symmetric keys in local, virtual, or cloud-based environments, along with all aspects of the key lifecycle from key generation through to storage, distribution, backup, and finally, to destruction. Please read the full details here.
Digital Identities for Humans
Digital identity provisions an individual with an officially authenticated identity to represent himself digitally and conduct electronic transactions, signing financial/legal documents. A key example is that, within the E.U, eIDAS created standards for trust services to ensure that digital identities remain secure with integrity protection, and linked to an individual through cryptographic protection. The electronic identification of individual integrity of data is verified and validated through a TSP mandated to preserve digital certificates required for the authentication of digital identities. Please read the full details here.
Digital Identities for Machines
The process of digital transformations has spanned across machines used in digital transactions. They are also part of digital communication, are at risk and need issuance and protection of digital identities. Since these machines securely communicate with other machines, they should be subject to sufficient authentication management.
For this purpose, at the time of manufacturing, commissioning or during operation, they undergo a key and certificate injection process to receive a unique identity through PKI. HSMs are incorporated for the secure generation, storage, and management of injected cryptographic keys and ensure verifiable identities comply with security regulations. Please read the full details here.
Credit Card-Based Payment and Retail Banking
Card-based payment and retail banking transaction processes include four stakeholders (also known as the “Four Corners” model), which are cardholder, merchant, issuer, and acquirer. The transactions at each end must be secure and include encryption, decryption, and digital signing operations augmented by cryptographic keys. HSMs are used to generate and safeguard the cryptographic keys and cryptographic operations involved with the processes used for credit card-based payments and retail banking. The inclusion of HSMs not only addresses the security requirement but also compliance and regulatory requirements. Please read the full details here.
Fleet cards are a distinct type of payment card used in the logistics industry to pay for vehicle expenses, such as fuel transactions, repairs, and maintenance. Currently, there is no requirement for compliance with this type of payment card but still, the business risk exists. Compliance assists in securing cards’ financial transactions, particularly with the upsurge in counterfeit frauds.
There is a need for the protection of stored cardholder data and the safe transmission of cardholder data across open networks. Keys for both encryption and authentication can be securely stored within an HSM. Please read the full details here.
About the author
Blogbeitrag von Imran Ahmed, erfahrener Experte für Cybersicherheit und angewandte Kryptografie, Berater und Autor mit einem Doktortitel in Informationssicherheit. Er hat viele Lösungen für die Informationssicherheit entwickelt und verfügt zudem über fundierte technische Kenntnisse zu aktuellen und zukünftigen Trends bei Infosec.