They are hardened, temper resistant hardware devices that secure micrography processes by generating, protecting and managing keys use for encrypting and decrypting data and creating digital signatures and certificates. They are test, validated and certified to the highest security standards including FIPS 140-2 and Common Criteria. An HSM might also called a secure application module (SAM).
HSM as a service or Cloud HSM
HSM as a service is a subscription based offering where customers can use a hardware security module in the cloud to generate, access, and protect. Their cryptographic key material, separately from sensitive data. Customers can transfer CapEx to OpEx, enabling them to only pay for the services they need, when they need them. The offering delivers the same full set of features and functionality as on-premise nShield HSMs. They combined with benefits of a cloud service distribution.
Should we use an HSM?
Micrography operations like encryption and digital are worthless if the private keys are not well protect. HMSs are the gold standard for protection of private keys and associated with micrography operations. It can be use with many different types of applications that perform encryption or digital signing.
Root of Trust
It is a source that is trust by default within a micrography system. Hardware root of trust and software root of trust component are naturally trusted which means they are naturally secure. The most secure implementation of Root of Trust typically includes a hardware security model (HSM), which generates and protects keys and performs cryptographic functions within a secure environment.
Random number generation (RNG)
This refers to the random numbers created by an device. It is important that micrography keys are create using a certified source of random numbers. When the source of decay for a random number generator derived from software-based measurements. An HSM uses a hardware-based source of entropy for its RNG that has been verified to provide a good source of entropy in all normal operating conditions.
Features of Hardware Security Module
HMSs boast the range of protective mechanisms designed to deter external attack and any physical tampering. These include: voltage and temperature sensors, resin-embedded chips, and drill protection foil. Keys are only useful when they are random and well-protected, or they are easily guess by attackers. HSMs defeat this issue by generating truly random keys. a hardware security module generates, stores, and uses these keys in executing signatures, encryptions, and other cryptographic operations. The keys for micrography operations never escape the HSM, the environment provides maximum protection against logical attack.