HSM (Hardware Secure Module) is a hardware component with specific cryptographic functions that has two main characteristics:
- It allows to accelerate cryptographic operations like encryption, decryption, signing, keys generation…
- It has a certified anti-tamper secure design that makes impossible to watch what is happening inside, even physically.
HSMs are commonly used to develop ad-hoc solutions in which these secure components can guarantee confidentiallity in an unreliable environment. However, they can be programmed and configured to be integrated with cloud technologies in order to be offered as a service. Thus, HSMs can be shared and be ubiquitous, so they become more flexible and allow to reduce costs. This provides a secure place in the cloud to manage keys and sensitive data avoiding this information can be accessible to anyone, even the cloud provider.
Secure processing of sensitive data in cloud infrastructures by means of CryptoNodes based on HSMs
When moving private data to the cloud, it is of great importance the way these data are managed and protected against potential attacks. Communications are usually encrypted (e.g. SSL) and in same cases the sensitive information is also stored encrypted in a cloud storage. However, the real problem appears when data have to be processed on the cloud. There exist legal protection between cloud providers and the companies that make use of their infrastructure. Nevertheless, legal agreements depends on the country and do not offer preventive protection, but a compensation in the event of security leakage.
Many companies try to solve this problem by moving to a private cloud. Private clouds are closer to companies and provide ad-hoc solutions based on security mechanisms offered by the cloud providers. This schema forces companies to trust in these private cloud providers, but this does not guarantee security at all:
- Companies can sign agreements to avoid providers from reading their sensitive data, but they really can do it. Moreover, providers cannot guarantee 100% data protection against intruders.
- Providers can offer encryption to companies, but they will manage the encryption keys, so companies would need to trust them anyway. Besides, in this case sensitive data would be exposed during their processing.
- Customers can apply their own security mechanisms avoiding the provider from managing the keys, but sensitive data is still exposed during their processing in the cloud infrastructure.
To solve these issues, we have introduced the Cryptonodes. A Cryptonode is a cloud server equipped with cryptographic hardware (HSMs cryptocards), where it is possible to perform operations with encrypted data received directly from clients outside the cloud. Data is decrypted only inside HSMs to be processed, but HSMs’ FIPS 140-2 level 3 security certification guarantees that it is impossible to access this information, even physically. This way companies do not need to trust cloud providers with CryptoNodes, since the companies manage the encryption keys and send the private data encrypted directly to the CryptoNodes’ HSMs.