Hi, I'm Matthew Clark
and this is less than 4.11 hardware security modules,
and it's Listen, we will introduce the hardware security modules and compare them with TPM S and T. E s will identify common uses and we'll discuss Cure Butte and how it compares with measured boot. So let's get started.
The underlying technology that enables an HSM was invented by Mohammad Atallah, an Egyptian engineer. He called his invention theater Ola Box, and it could encrypt pin and A T m messages and protect offline devices with an ungettable pen generating key.
At the heart of his invention lay the key block, which would allow for the secure interchange of symmetric keys or pens between employees in the banking industry,
the Ayatollah Key Block or a K B format which enables this exchange is the root of all cryptography used in the payment card industry data security standards or P C. I. D. S s and the American National Standards Institute. RNC.
Well, when it comes to i o t. Many times, we'll use the term HSM in a generic way to include any secure processor that doesn't follow a specific standard, like the TPM and Diced US.
And it's hard not to do this because HSM come in all shapes and sizes.
But hardware security modules are standards based and formally validated against the fifth of 1 40 dash to standard, and we won't go into that standard. But it basically it denotes the devices have been certified to meet certain security standards in his fit for a specific purpose,
such as government use or use in a regulated industry
like health care or the financial sector.
But there's no one way to create an HSM. In fact, they come in all kinds of different sizes.
They just have to meet the Phipps 1 40 dash to benchmark, which validates the effectiveness of the cryptographic hardware
HSM zehr. Physical devices like TPM s and Smart cards are
they provide cryptographic services and secure storage of cryptographic material.
They handle the full range of cryptographic key management from provisioning and managing and storing keys, toe key, archival and deletion.
These devices also maintain their secrets and hardened, tamper resistant physical and logical faults,
and HSM is ah hardened against tampering or damage, and for this reason it may be located in a physically secure area of law data center just to prevent unauthorized contact.
Unlike a TPM, both H S, M S and T chips can be reprogrammed or program for general purpose use. However, HSM storm or expensive than T, so this will be a very cost prohibitive. To try to use one is a general purpose. Chip.
HSM could be stand alone reportable, such as the PC I E card or USB dongle, Or they could be integrated as part of a system on a chip.
HSM can be found in portable devices, appliances, smart cards or even offered as a cloud service by popular cloud vendors like Google, Amazon and Microsoft.
HSM served many different purposes. They're not always apparent, for example, when individuals browse encrypted websites three https protocol that protects the communication between the client and server works. Because the certificate authority uses an HSM as a root of trust for storing its private key,
HSM Zehr also used his payment card systems, banking systems and encrypted currency wallets.
They come in two general types, a general purpose, a GSM and a payment HSM.
The general purpose HSM Zehr used in this PK environments, the https channels. They were used in DNS security. And again, it's crypto wallets
and the payment HSM Zehr used in either point of sale or ATM applications.
So how can we use HS Evans and I O. T? Well, the answer is that we use them in lots of places.
We use them to establish your identity and during the manufacturing process to protect against counterfeiting, HSM could be used at a contract manufacturer to serve as a means to securely inject device identity.
Identity is a fundamental thio i O T security and the building block for security within the larger i o T systems ecosystems. So these are important.
This can also be used to protect identity from being reused in device overruns or in blatant counterfeiting.
We already spoke about cloudhsm and Cloud hardware. Security modules are HSM appliances that achieve trust attributes by implementing a cloud based root of trust.
Cloud providers offer products that air scalable and fully managed with services such as cryptographic operations and secure storage for cryptographic keys,
thes services, air designed to meet regulatory requirements and contractual agreements
and give OM is an option tohave the cloud service provider act as a P K I.
They can generate certificates or the OM confide their own.
That also allows for identity to be provisioned once the devices in the field as long as there's a trust anchor installed on the device during manufacturing. Remember trust anchors or cryptographic anchors
during an HS. Using an HSM and I O T device for secure boot is also another use to fully protect the system. The device has to be protected in all states, including when the device is powered off during the boot process while receiving updates and when running in normal operational mode.
And secure boot is an important defense in depth control because it assumes the device will eventually be compromised. And it provides a mechanism to ensure that the device on Lee loads authorized firmware.
HSM Secure Boot uses asymmetric encryption and P K I to implement digital signatures in order to establish change of trust throughout the device boot cycle
and an anxious and provides that secure root of trust for I O T devices.
So each of them provide services that cover the entire life cycle of the product from key injection to secure initialization and authentication. They provide over the air updates toe I. O. T devices throughout their lifetime by authenticating update servers or checking integrity of update packages,
they provide a mechanism for secure communication
either user to device or device to device. They also provides secure storage of data and secure Decommissioning at the end of the life cycle.
HSM supports secure boot in order to create a mechanism where only trustee code is loaded and executed during the initial system boot process, while also preventing the disclosure of the embedded code
to set up secure boot properly. Theo AM will use its private key to create a digital signature of the software that will be used by the device during the boot process
during the manufacturing process. These signatures, along with the first stage boot loader code, are stored on the device hardware in non rideable protected memory.
This process creates a root of trust for the device.
During boot, the device loads the trusted code stored during the manufacturing process.
The cryptographic system then uses the stored key to compare the signature of the second stage boot loader with the second stage boot loader code.
If the comparison matches, then the system determines that the second stage boot loader can be trusted and the boot process moves forward to the next stage. If not, it halts. This signing and verification continue throughout the boot process,
from the firmware and the boot loader to the colonel and modules creating a secure chain of trust.
This is a good time to discuss the difference between secure boot and measured boot,
secure boot and measure, but are very similar but different. First, the similarities both require ah, hardware root of trust, and both used a static root of trust for measurement,
which is immutable boot code stored and read on Lee memory. The integrity of software is assured by both secure boot and measured boot.
Each step in the process checks a cryptographic signature of the next step before his lunch.
Now for the differences
and secure boot. If there isn't a match in the system halts, it's not practical. Well, it's almost impossible to check files such as configuration files because the objects air signed by the OM and checked with the OEM's public key stored on the device.
User files such as configuration files cannot be signed ahead of time
since the OM uses its private key in the signature of the code. If a user changes of preference, then there's no way to get the O. E. M's private key to sign that changed configuration file.
Now for measured boot,
it comes in and sits on top of the secure boot process. It relies on the TPM.
If there isn't a match in the system continues or alternately, a developer could have it go back to a known good configuration.
It extends the chain of trust beyond the limits of secure boot
measure. Boot provides more flexibility and what it could measure.
While Secure boot ensures that the system on Lee runs authentic software Measure boot could give a much more detailed picture of how the platform is configured.
Well, that's it for this lesson. We took a very brief trip into the mysterious world of hardware security modules. We looked at common uses and characteristics, and we discovered secure boot and compared it with measure boot. I'll see you next time