HSM和自定义模块 [英] HSM and custom module
问题描述
我们正在实施对安全至关重要的系统,在该系统中,需要符合 FIPS 140-2 的HSM(硬件安全模块)来生成和存储密钥材料,执行加密/解密以及使用以下命令运行自定义代码:为自定义模块设置了以下要求:
We are implementing safety-critical system, where the FIPS 140-2 compliant HSM (hardware security module) is required to generate and store key material, perform encryption/decryption and run custom code with the following requirements set for the custom module:
- 模块可通过RPC使用
- 模块有权访问所有HSM密钥和服务
- 模块具有内存和持久性存储(均为1+ MB)
- 模块内存已得到保护(FIPS 140-2 3级以上)
对于HSM服务本身,要求:
As for the HSM services itself, it is required to:
- 支持AES,RSA和HMAC
- 具有键的别名
- 通过 PKCS11 界面使用别名生成新密钥
- 通过 PKCS11 接口检索具有别名的公钥和证书
- 通过 PKCS11 界面删除具有别名的密钥
- Support AES, RSA and HMAC
- Has aliases for keys
- Generate new keys with alias over the PKCS11 interface
- Retrieve public key and certificate with alias over the PKCS11 interface
- Delete keys with alias over the PKCS11 interface
由于NDA所提供的关于HSM产品的信息很少,因此很难评估要求和选项.这些要求是否符合任何标准或特定于供应商的解决方案(例如 Utimaco )?
As there is very little information available about HSM products due the NDA, it is very hard to evaluate the requirements and options. Are these requirement met by any standards, or by vendor specific solutions, such as Utimaco?
推荐答案
如果您确实需要在HSM设备中运行自定义代码,则可以在多家供应商中进行多种选择:
If you really need to run custom code inside the HSM device you have several choices across several vendors:
SafeNet ProtectServer (and SafeNet Luna Network/PCIe HSM since version 7.4)
SafeNet ProtectServer HSM为以下方面提供了独特的灵活性:应用程序开发人员创建自己的固件并执行在HSM的安全范围内.被称为功能模块这些工具包提供了开发和部署的全面工具自定义固件.
SafeNet ProtectServer HSMs offer a unique level of flexibility for application developers to create their own firmware and execute it within the secure confines of the HSM. Known as functionality modules, the toolkits provide a comprehensive facility to develop and deploy custom firmware.
Thales nShield (CodeSafe)
大多数nShield HSM还支持托管关键服务器的独特功能严格的安全范围内的应用程序,因此您可以建立除防篡改的业务流程之外保护密码操作.
Most nShield HSMs also support the unique ability to host critical applications within the hardened security boundary, so you can establish tamper-resistant business processes in addition to protecting cryptographic operations.
Utimaco CryptoServer (SDK)
CryptoServer软件开发套件(SDK)是专业的所有Utimaco硬件安全模块的开发环境.它使集成商和最终用户可以创建特定的应用程序,例如专有算法,自定义密钥派生程序或在以下情况下运行的复杂协议:CryptoServer硬件安全模块.由于SDK提供了完全访问权限到Utimaco基本固件,可以开发自定义固件模块在很短的时间内.
The CryptoServer Software Development Kit (SDK) is the professional development environment for all Utimaco Hardware Security Modules. It enables integrators and end-users to create specific applications, e.g. proprietary algorithms, custom key derivation procedures or complex protocols that run in the tamper-proof environment of the CryptoServer Hardware Security Module. As the SDK provides full access to the Utimaco base firmware, custom firmware modules can be developed in a very short time frame.
我敢打赌,如果您确实需要FIPS 140认证,那么您还需要认证在HSM中运行的自定义代码(因为此类代码非常强大,并且可以例如绕过访问控制,以纯文本格式提取密钥...--这样就很容易破坏任何安全性假设.
My bet is that if you really need FIPS 140 certification you would need to certify your custom code running inside HSM as well (as such code is very powerful and can e.g. bypass access control, extract keys in plain text... -- thus it breaks any security assumptions easily).
任何产品都应满足您的要求(甚至在HSM中不运行自定义代码 –这取决于您的应用程序需要的控制级别).
Your requirements should be fulfillable by any of the products (even without running custom code inside the HSM -- it depends on the level of control your application needs).
祝你好运!
免责声明:我不是加密专家,所以请确认我的想法.
Disclaimer: I am no crypto expert, so please do validate my thoughts.
这篇关于HSM和自定义模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
