HSM Virtualization for Trust Service Providers and Digital Identity by CEGA Security
The design of your cryptographic infrastructure, a fundamental part of the digital transformation
Xaviero Cervera, Project Director, CEGA Security
The pandemic we have been facing since the beginning of 2020 has forced organizations in practically all economic sectors to rethink their digital transformation strategy and what is actually possible and required in order to evolve to a paperless process. With this evolution also comes the need to reinforce the security infrastructure of our information and most sensitive assets, but also those of our customers as well. The design of our cryptographic infrastructure is a fundamental part of the digital evolution or transformation that has become the focus of most companies, especially in the market for digital identity and trust service providers.
Precisely, the trust service providers are organizations that carry out legal and technological operations to guarantee the integrity and authenticity of documents, signatures, files and even digital identities. These trust providers, for example, could help us create, validate and send an electronic invoice, in addition to being a trusted entity between our company and the tax authority. Similarly, they could grant us an online identity through a digital certificate that contains our information or digital identity to carry out operations such as signing a contract or converting our dead file vault to a digital document repository.
For trust providers, as in the case of a Certification Authority (CA), we have observed two main cybersecurity trends that have gained strength to impact their security infrastructure. We can highlight the implementation of hybrid clouds and devices with high security standards such as Hardware Security Modules (HSM) that provide their clients the security and integrity of the most sensitive cryptographic material, as well as the critical infrastructure that provides compliance for certification requirements.
HSMs have evolved since their creation, from large and complex operating devices to becoming light, dynamic and user-friendly, contributing to the reduction of time and complexity in the implementation of this type of device. This is how Futurex has revolutionized the implementation of Hardware Security Modules in a corporate environment through its virtualization technology of these cryptographic devices.
With its offerings, Futurex has developed groundbreaking technology. With the virtualization of these types of solutions, we can convert our physical HSM into up to 20 independent virtual HSMs, providing greater security to our most sensitive information. With each virtual device, you get an individual master key, custodians (quorum) and independent cryptographic tokens, isolating all security controls and access to the HSMs. Likewise, it allows the virtualization of cryptographic services (maintaining both FIPS 140-2 level 3 policies, as well as PCI compliance) by implementing multiple environments with virtual HSMs for the separation of functions such as the issuance/validation of transactions.
Let's move on from theory to the application of this technology in real life. Let's analyze the virtualization’s implementation with different use cases.
Every trust provider must maintain high levels of availability in its service and in many cases, the HSM configuration is not as redundant as the architecture used in the application. In other words, an application could run two or three servers or instances of an application so that there is redundancy to maintain the service operating.
But on many occasions, we see providers that only have one HSM in their production environment to satisfy all the transactions of these instances of the application (Fig 1.1); With only one instance, what would happen when updating the firmware of that HSM? This architecture leads us to not only bring offline the HSM, but also the pool of applications accessing that HSM, forcing all transactions to be redirected to a DRP environment (Fig 1.2). In this case, the multi-instance application architectures go to a single HSM.
The provider can make this architecture more robust through the use of virtual HSMs. By using virtualization technology for HSMs you could have up to three instances of Hardware Security Module on the same device and make a cluster of virtual HSMs to respond to the same set of applications, simply alternating the different services of the cryptographic module, round robin (Fig 2.1). Likewise, by cloning the main HSM, we would have the ability to bring the virtual HSM offline and update it without affecting the service, while the other two are in the cluster attending the workload. We can change and update the hardware one by one and the application could continue operating with one or two instances without a problem (Fig 2.2)
To be able to offer trusted services, an HSM must be implemented to protect the keys with which the most sensitive transactions are signed. Generally, this provider can protect their keys through a FIPS 140-2 Level 3 certified HSM, but in some cases users' keys are not protected with the same levels of security. Sometimes these are stored in a directory of the operating system, in a database or in different places that do not offer the end customer all the security and non-repudiation guarantees to their keys. Another implementation case could be a trust provider offering specialized services to a client that requires certified protection of their cryptographic keys that are linked to the processing or service of an application.
By having this virtualization service, we provide a higher level of security between the keys that the client gives us for safekeeping. If we store them in a database, directory or any part of the application, they are exposed to third parties who could access them. With virtualization technology, we could create for each client their own virtual HSM that exclusively protects their keys and has a log that records all their transactions; this provides a new level of security for that client by completely separating it from all the processing of other clients or systems that are stored in our HSM.
As you can see, the implementation of virtualization technology offered by Futurex can help trust providers to strengthen their processing architecture and provide their customers with a more secure environment for sensitive keys and transactions, offering them a virtual HSM on the device they are currently operating with.