Ref: https://learn.cantrill.io/courses/2022818/lectures/45640674

YouTube: https://www.youtube.com/watch?v=szagwwSLbXo

• Summary:
• Contents:

Local Key Management With NO HSM

• Scenario: Virtualized environment with VM Host (e.g. VMWare)

• Private encryption keys stored/loaded in several places
  • Machine's HW (CPU, Memory, Disk Storage…)
  • Machine's SW (Hypervisor, OSs, apps…)
  • External Backups (for resilience & Disaster Recovery)
• Keys can leave system (e.g. backups) → key control decreases → Big risk of exploits

HSM - Key Concepts

• Hardware Security Module (HSM) = separate HW device(s) where keys are stored
  • Device or cluster of devices, isolated from main infrastructure
  • Performs all crypto operations
    • System sends data to it, HSM encrypts/decrypts data, then sends it back
• HSM manages keys (generates, deletes…)
  • ❗ Keys never leave HSM
• Considerations:
  • 👎 It's additional HW (costs extra $$$, occupies extra space…)
  • 👎 Communicating with it increases crypto operations latency vs storing in-memory
• HSMs most useful in tight-security environments like banking (additional security required)

Local Key Management With HSM

• We add an HSM to previous architecture
• Encryption keys now only stored in HSM → VM Host must communicate with HSM for crypto operations