Ref: https://learn.cantrill.io/courses/2022818/lectures/45640674
YouTube: https://www.youtube.com/watch?v=szagwwSLbXo
Local Key Management With NO HSM
Diagram: https://github.com/acantril/aws-sa-associate-saac03/blob/main/0400-TECH_FUNDAMENTALS/00_LEARNINGAIDS/TF-GEN-HardwareSecurityModules-1.png
- Scenario: Virtualized environment with VM Host (e.g. VMWare)
- Private encryption keys stored/loaded in several places
- Machine's HW (CPU, Memory, Disk Storage…)
- Machine's SW (Hypervisor, OSs, apps…)
- External Backups (for resilience & Disaster Recovery)
- Keys can leave system (e.g. backups) → key control decreases → Big risk of exploits
HSM - Key Concepts
- Hardware Security Module (HSM) = separate HW device(s) where keys are stored
- Device or cluster of devices, isolated from main infrastructure
- Performs all crypto operations
- System sends data to it, HSM encrypts/decrypts data, then sends it back
- HSM manages keys (generates, deletes…)
- Considerations:
- 👎 It's additional HW (costs extra $$$, occupies extra space…)
- 👎 Communicating with it increases crypto operations latency vs storing in-memory
- HSMs most useful in tight-security environments like banking (additional security required)
Local Key Management With HSM
Diagram: https://github.com/acantril/aws-sa-associate-saac03/blob/main/0400-TECH_FUNDAMENTALS/00_LEARNINGAIDS/TF-GEN-HardwareSecurityModules-2.png
- We add an HSM to previous architecture
- Encryption keys now only stored in HSM → VM Host must communicate with HSM for crypto operations
