16

I'm researching a project that makes use of cryptography. It is a .net application with keys stored in a sql server database. For cryptography, the project uses a Hardware Security Module similar to one described in the linked wikipedia article.

I would like to understand the benefits of using an HSM device instead of doing encryption / decryption / signing / verification and key generation in the .net code using "standard implementation" such as one found in .net BCL. We are talking RSA/DES here.

I would understand if the keys were stored inside the device, but I'm struggling to understand the benefits if keys are stored elsewhere. Sure, you can be sure that encryption algorithm is not tampered with, but if it's tampering that you are afraid of there is plenty of other code that working with the data before it gets encrypted / after it gets decrypted that can be tampered with, and this can be said about almost any project I think.

One possible reason I can imagine is performance, if the application does a lot of cryptography, however I do not know if this is the case for the project yet. So what could be other benefits?

Andrew Savinykh
  • 1,630
  • 3
  • 14
  • 22
  • 2
    That doesn't seem to make sense. Is this is existing project/product? Can you ask the people who made this design decision why they did it that way? I'd be interested to hear their rationale. – Xander Nov 04 '15 at 02:05
  • Maybe the keys stored in the database are encrypted with a master key held in the HSM? I think you should post the project do we can get a better understanding of the scenario. – thexacre Nov 04 '15 at 02:38
  • @Xander if I could ask them I would not be posting it here =) – Andrew Savinykh Nov 04 '15 at 05:58

1 Answers1

15

In many HSM, there is very little capacity for safe storage (say, a few kilobytes). Therefore, what the HSM really stores in its entrails is some master key K (symmetric). The key pairs that applications use are stored externally, but encrypted with K; they get decrypted and used only within the HSM. In such a setup, keys are both "logically" inside the HSM, and "physically" stored outside. This may be what happens in the system you are are interested in.

What good a HSM does for security is an interesting question. Basically, the HSM ensures that if your keys are stolen, you will know it, because the only way to steal the keys is to purloin the whole HSM, at which point you no longer have it. This contrasts with software keys that can be copied without leaving any trace of the theft.

If a HSM is used with externally stored keys, without encryption with some master key as described above, then the HSM really is a simple accelerator, used for performance reasons, not for improved security. This used to be popular a dozen years ago, but lost much of its relevance with the increasing performance offered by basic PC. Most HSM have rather "fixed" designs because any change to a HSM invalidates its EAL 4+ / FIPS 140-2 certification, so a lot of HSM designs currently on the market use ASIC designed a decade ago, with performance that used to be really good, but is now merely comparable to what a 500$ server can offer (thousands of private key operations per second).

Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • 1
    Oh, it makes TOTAL sense! That must be the reason! The keys that are stored in the DB are generated by HSM anyway, so it means that they just handed out encrypted after they are generated and then stored in the DB. Thank you so much! I'll accept the answer (if there is no better one by then, which I doubt) in a few days. – Andrew Savinykh Nov 04 '15 at 05:31
  • Also the project IS a dozen years old, so the further comment also could apply, but the main body also sounds incredibly plausible. – Andrew Savinykh Nov 04 '15 at 05:34