1

What is the purpose of embedding a Secure Element to enhance the security - especially the storage of keys- if a key is required to connect with it in order to get its secrets?

For example: Let's suppose I have a host that is not secure enough to store keys in its ROM. I will hence store keys in a remote Secure Element that will be connected to my host. However, it would hence be required to secure the communication with the Secure Element to keep the confidentiality of the informations shared between the host and the Secure Element, such as the keys.

Now here's the problem: how should I store the secret to connect with the SE (symmetric Secret key or Certificate), if storing the keys was the exact reason of integrating a Secure Element ?

It seems like a chicken and the egg problem...

Elbattore
  • 11
  • 2

2 Answers2

2

The advantage of using an HSM to store your secret keys is that the actual decryption keys will never leave that module. Even when an attacker will be able to obtain the access keys to the HSM, they will still need physical access to the HSM in order to do any decryption.

Contrary, a normal software stored key/passphrase is easily copyable information which can be used for decryption anywhere in the world without you even noticing.

An additional advantage of using an HSM is, that they often (at least the expensive ones) offer an audit trail. So even if an attacker can get access to it and decrypt some data, you will be able to detect it.

mat
  • 1,243
  • 7
  • 14
1

Choosing to use a secure element (HSM, TPM, SEE, etc) is a matter of degrees of risk. Determine the risks associated with your blocks of data, and then protect the keys needed for each block, based on those determinations.

If the data is a video of a cat you are sending to your parent, sure. Use a password generated key to encrypt it, because compromise is a 'who really cares?'.

If the data is PII belonging to your customer base, and the compromise of which could lead to fines measured in the $tens or hundreds of millions? Maybe you want to have more secure keys, and methods for accessing and using that key: Multi-factor authentication, M of N requirements, ...

Secure elements are great when you have the policies in place to correctly use them. Yes, you are securing a key using more keys, but more importantly you are securing that key with more policies. You are using the SE to restrict access via other means, because good secure elements provide those options.

If you are simply using a single key to protect a single key? I would suggest you aren't doing it right.

rip...
  • 251
  • 1
  • 8