Electronics Guide

Security Boundaries and Trust Anchors

An HSM establishes a clearly defined security boundary within which all sensitive operations occur. This boundary is enforced through physical and logical mechanisms that prevent unauthorized access to the internal state. The root of trust begins with secure key storage, where cryptographic keys are generated within the HSM and never leave the protected environment in plaintext form.

Trust anchors within HSMs typically include:

• Root keys - Master keys burned into the device during manufacturing that establish the foundation of the key hierarchy
• Secure boot verification - Mechanisms to verify the integrity of firmware and software before execution
• Unique device identity - Cryptographic identifiers that distinguish each device and enable authentication
• Monotonic counters - Non-volatile counters that prevent replay attacks and track security-relevant events

Tamper Protection Mechanisms

Physical security is a defining characteristic of HSMs. Various tamper protection mechanisms work together to detect and respond to physical attacks:

• Tamper-evident enclosures - Physical packaging that shows visible signs of opening attempts
• Active mesh sensors - Conductive patterns that detect drilling, cutting, or probing attempts
• Environmental sensors - Monitors for temperature, voltage, and clock frequency anomalies that may indicate attack attempts
• Zeroization circuits - Mechanisms that rapidly erase sensitive data when tampering is detected
• Light sensors - Detection of package opening through ambient light exposure

The response to detected tampering typically involves immediate erasure of all cryptographic keys and sensitive data, rendering the device unusable for further attacks while protecting the secrets it contained.

TPM Architecture

A TPM contains several functional components that work together to provide security services:

• Cryptographic processor - Dedicated hardware for RSA, ECC, and symmetric cryptographic operations
• Random number generator - True random number generation for key generation and nonces
• Platform Configuration Registers (PCRs) - Secure storage for platform state measurements
• Non-volatile storage - Persistent storage for keys, certificates, and configuration data
• Attestation Identity Key (AIK) - Keys used to prove the TPM's identity and platform state

Measured Boot and Attestation

One of the TPM's primary functions is enabling measured boot, where each stage of the boot process measures (hashes) the next stage before execution. These measurements are extended into PCRs, creating a cryptographic record of the system's boot state.

Remote attestation allows external parties to verify the platform's configuration by requesting a TPM-signed quote of PCR values. This mechanism enables scenarios such as:

• Verifying that a device is running approved firmware before granting network access
• Ensuring endpoint compliance with security policies
• Detecting unauthorized modifications to the boot chain
• Enabling conditional access to encrypted data based on platform state

TPM 2.0 Specifications

TPM 2.0 represents a significant evolution from the original TPM 1.2 specification, offering improved cryptographic flexibility and enhanced features:

• Algorithm agility - Support for multiple hash algorithms (SHA-256, SHA-384, SHA-512) and asymmetric algorithms (RSA, ECC)
• Enhanced authorization - Policy-based access control using complex authorization structures
• Hierarchy separation - Distinct platform, storage, and endorsement hierarchies for different use cases
• Improved key management - More flexible key attributes and usage policies

Types of Secure Elements

Secure elements come in various form factors to suit different integration requirements:

• Embedded Secure Elements (eSE) - Soldered directly to device circuit boards, providing permanent security functionality
• Integrated Secure Elements (iSE) - Built into system-on-chip designs, sharing the die with application processors
• Universal Integrated Circuit Cards (UICC) - Removable SIM cards that combine secure element functionality with telecommunications identity
• Secure microSD cards - Removable storage cards incorporating secure element capabilities

Common Criteria Certification

Secure elements typically undergo Common Criteria (CC) certification, an international standard for evaluating IT security products. Certification levels range from EAL1 (lowest) to EAL7 (highest), with most secure elements targeting EAL4+ to EAL6+ depending on the intended application.

The certification process evaluates:

• Security functional requirements including cryptographic implementation
• Resistance to physical and logical attacks
• Secure development lifecycle practices
• Documentation and guidance for secure deployment

Smart Card Standards

Many secure elements conform to smart card standards that define electrical interfaces, communication protocols, and command sets:

• ISO/IEC 7816 - Contact interface specifications and APDU command structure
• ISO/IEC 14443 - Contactless proximity card interface for NFC applications
• GlobalPlatform - Standards for managing applications and security on smart card platforms
• JavaCard - Platform for running Java applets on smart cards and secure elements

Types of Cryptographic Accelerators

Modern embedded processors often include integrated cryptographic accelerators supporting various algorithms:

• Symmetric cipher engines - Hardware acceleration for AES, ChaCha20, and other block and stream ciphers
• Hash accelerators - Dedicated units for SHA-2, SHA-3, and message authentication codes
• Public key accelerators - Hardware support for RSA, elliptic curve, and post-quantum algorithms
• True random number generators (TRNG) - Hardware entropy sources for cryptographic random number generation

DMA and Memory Protection

Cryptographic accelerators often include direct memory access (DMA) capabilities for efficient data transfer without processor intervention. However, DMA introduces security considerations that must be addressed:

• Memory isolation - Ensuring cryptographic keys and intermediate values cannot be accessed by other DMA masters
• Input/output memory management units (IOMMU) - Hardware enforcement of memory access policies for DMA operations
• Secure key storage - Dedicated registers or memory regions protected from unauthorized access

Side-Channel Countermeasures

Well-designed cryptographic accelerators incorporate countermeasures against side-channel attacks that attempt to extract secrets through indirect observations:

• Constant-time execution - Operations that take the same time regardless of key or data values
• Power analysis resistance - Techniques such as random delays, noise injection, and balanced logic
• Electromagnetic shielding - Physical protection against EM emanation analysis
• Masking - Randomization techniques that hide intermediate values during computation

Key Hierarchies

HSMs typically implement key hierarchies where a small number of master keys protect larger numbers of operational keys:

• Root keys - Factory-provisioned keys that form the ultimate trust anchor
• Key encryption keys (KEKs) - Keys used to protect other keys during storage or transport
• Operational keys - Keys used for day-to-day cryptographic operations
• Session keys - Ephemeral keys used for single communication sessions

Key Provisioning Methods

Securely provisioning keys into HSMs requires careful procedures to maintain the chain of trust:

• Factory provisioning - Keys injected during manufacturing in a controlled environment
• Key injection facilities - Dedicated secure rooms for key loading ceremonies
• Remote key injection - Secure protocols for provisioning keys over network connections
• Key derivation - Generating keys from root secrets using deterministic algorithms

Key Wrapping and Export

When keys must be stored outside the HSM or transferred between devices, key wrapping provides protection:

• AES Key Wrap - RFC 3394 algorithm for protecting symmetric keys
• PKCS#11 wrapping - Standard mechanisms for key import and export operations
• Key attestation - Proving that a key was generated within and is protected by a genuine HSM

Interface Options

HSMs connect to host systems through various interfaces depending on the application:

• I2C - Simple two-wire interface suitable for low-speed secure elements
• SPI - Higher-speed serial interface for TPMs and cryptographic coprocessors
• ISO 7816 - Contact smart card interface for secure elements
• PCIe - High-performance interface for enterprise HSM cards
• USB - Common interface for portable HSM tokens

Driver and API Support

Software integration typically involves standardized APIs that abstract the underlying hardware:

• PKCS#11 - Cryptographic Token Interface Standard widely supported by HSM vendors
• Microsoft CNG - Cryptography API: Next Generation for Windows platforms
• OpenSSL ENGINE - Plugin mechanism for hardware cryptographic acceleration
• Vendor-specific SDKs - Proprietary libraries providing access to device-specific features

Performance Considerations

While HSMs provide strong security, they may introduce performance overhead that must be considered:

• Latency - Communication overhead and operation completion times
• Throughput - Maximum number of cryptographic operations per second
• Parallelism - Ability to handle concurrent requests from multiple threads or processes
• Caching strategies - Techniques to reduce repeated HSM access for the same keys

Payment Systems

The payment industry relies heavily on HSMs for protecting financial transactions:

• PIN block encryption - Protecting cardholder PINs during transmission
• Card personalization - Secure injection of keys into payment cards during manufacturing
• Transaction authorization - Validating and authorizing payment transactions
• EMV chip cards - Secure elements embedded in credit and debit cards

Automotive Security

Modern vehicles incorporate HSMs for various security functions:

• Secure boot - Ensuring only authorized firmware runs on vehicle ECUs
• Secure communication - Protecting CAN bus and Ethernet communications
• Immobilizer systems - Authenticating keys to prevent vehicle theft
• V2X security - Securing vehicle-to-everything communications

IoT Device Security

Internet of Things devices benefit from hardware security for:

• Device identity - Unique, unforgeable device credentials
• Secure firmware updates - Verifying authenticity of update packages
• Data protection - Encrypting sensitive data at rest and in transit
• Cloud authentication - Secure connection to cloud services

Digital Rights Management

Content protection systems use HSMs to enforce licensing:

• Content encryption - Protecting media content with hardware-secured keys
• License enforcement - Hardware-backed verification of usage rights
• Secure video path - Protected playback pipelines for premium content

Security Requirements

• Certification level - Required Common Criteria EAL level or FIPS 140-2/140-3 certification
• Tamper resistance - Level of physical protection needed for the deployment environment
• Algorithm support - Required cryptographic algorithms including post-quantum considerations
• Key storage capacity - Number and size of keys that must be stored

Operational Requirements

• Performance needs - Required throughput and latency for cryptographic operations
• Form factor - Physical size and integration constraints
• Power consumption - Energy budget, especially for battery-powered devices
• Operating temperature - Environmental conditions the device must withstand

Cost and Availability

• Unit cost - Per-device cost impact on product pricing
• Development tools - Availability and cost of development kits and software
• Supply chain - Long-term availability and second-source options
• Technical support - Quality of vendor documentation and support

Post-Quantum Cryptography

As quantum computing advances, HSMs are being updated to support post-quantum cryptographic algorithms that will resist attacks from quantum computers. This includes lattice-based, hash-based, and code-based cryptographic schemes that are currently being standardized.

Cloud and Virtual HSMs

Cloud service providers now offer HSM-as-a-service solutions that provide hardware-backed security without requiring customers to manage physical devices. Virtual HSMs use technologies such as secure enclaves and trusted execution environments to provide HSM-like protection in cloud environments.

Increased Integration

The trend toward integrating security functionality directly into system-on-chip designs continues, with more processors including secure subsystems that provide HSM capabilities. This integration reduces cost and complexity while maintaining strong security guarantees.