One of the biggest challenges of networked production is the issue of IT security: those responsible must protect their production facilities against external and internal attacks. In addition, confidential documents such as development information must be protected against unauthorized access, as must the exchange of data with suppliers. Last but not least, it is important to secure the remote maintenance of production systems and prevent faulty communication between systems - keyword 'identity protection' for production systems.

What is often underestimated: A vulnerability in a networked production environment can result in follow-up attacks that target completely different areas of the environment and cause damage there.

© BSI

All these tasks can be reliably solved with hardware security modules. They generate crypto keys based on real random numbers (as opposed to so-called pseudo-random numbers) and manage or destroy them again if necessary. This results in particularly high-quality keys, comparable to good keys and locks for storing valuables.

HSMs also prevent unauthorized access to the keys, as they seal the computing unit to detect tampering attempts and thus prevent data and signals from being read from the computing unit. An HSM with the highest security level also has an automatic deletion function in the event of an attack and a special, hardened operating system - in other words, a particularly secure system with dedicated software. Regular access is therefore restricted exclusively to authorized administrators.

Why hardware?

In contrast to software-based encryption solutions, all security-relevant functions run within the secure area of the HSM. The crypto keys are not stored unprotected on the hard disk, but within the perimeter of the HSM. Furthermore, the keys are not applied in software environments by algorithms, but in a tamper-protected area. If access and management of the HSM are also regulated by a comprehensive access concept, which also meets the requirements of industrial control systems, the HSM can be described as an anchor of trust in the digital process world.

A hardware-based security module provides its functions via a defined interface (API). This allows applications to outsource the entire key management to such a module. This increases security and reduces the load on the host computer on which the application is running. Over the past 25 years, several interfaces have been established for this purpose. These include PKCS#11 and the Java Cryptography Architecture/Java Cryptography Extensions (JCA/JCE).

Application interfaces are a central point in HSM. On the one hand, they form the vital interface to the legitimate user of the key; on the other hand, they offer attackers standardized starting points. Choosing the right interface therefore requires a precise analysis of the application environment and the security concept. This is one reason why proprietary APIs have also become established in HSM. Another is that the complexity of a standard API can be reduced with specialist interfaces. This in turn makes it easier to meet the requirements of industry-specific security concepts. There are also the following advantages of individual APIs for hardware security modules:

• higher performance, which is particularly important for high-performance transaction systems,
• better auditability,
• optimized host programming and thus the possibility of viewing the HSM as part of an overall system,
• lower complexity, which plays a role in certification, for example.

However, these advantages are offset by some disadvantages with manufacturer-specific interfaces. For example, replacing HSM systems can be time-consuming. As the firmware is usually adapted, the products of another manufacturer have to be modified when switching to another manufacturer. There are also restrictions in terms of expandability. This is because every functional expansion of the host application results in functional expansions to the HSM interface. These would have to be programmed and, if necessary, recertified.

In general, it is important to check the technical requirements carefully when choosing an HSM. On the one hand, the required performance must be available. IT managers should determine this on the basis of the specific use case, as the computing effort sometimes depends heavily on the selected key type. For embedded hardware security modules, the performance data on the PCI bus is important, while the network configuration counts for modules in network environments. On the other hand, the scalability of the appliance is important. This applies to the number of keys that the system can store, as well as the option to expand the solution with additional or more powerful modules if necessary.

Another finding of the study: 75% of IT experts rate the encryption of communication channels and the data transported via them as important to very important.

© Image: Computer&AUTOMATION, source: eco

Redundancy and backup options should also be considered: If an HSM system fails, it should be possible to replace it seamlessly and without any lengthy interruption to the services based on it. It is also important to check how data backups are created and how they can be restored. The impact on internal company processes should also be taken into account.
Other important criteria in this context:

• Operating systems and hardware support: Here it is important to consider which operating systems support the embedded and network versions of an HSM and which management tools are available for the system software.
• Management: The security module should be able to be managed remotely. However, not all hardware encryption solutions are equally designed for this. Some offer no or only rudimentary remote management functions.
• Physical security: This factor has a high priority. It should be ensured that an encryption module also actively responds to physical intrusion attempts, for example by informing the system administrator and, if necessary, destroying the stored keys so that they do not fall into the wrong hands. Hardware that is certified according to FIPS 140-2 Level 4 fulfills these requirements.
• Encryption: The decisive factor when selecting a hardware security module is whether it supports all encryption algorithms that the user wishes to use.
• Authentication: The HSM solution should at least support several technologies, such as smartcards, passwords and a customizable quorum size.
• Support for policies: It is important that an HSM supports the sets of rules that a user defines. This includes an export option for keys and the ability to define the use of keys (encryption, decryption, signing, etc.).
• Auditing: Audits are essential in many industries. The user should therefore check in advance whether and how log data from hardware security modules can be integrated into the monitoring system and whether they are output in a common format.

In summary, the following can be said: Securing physical access to machines and systems is not enough to prevent manipulation of the systems and the copying of usable data in networked environments. Control systems already process large amounts of data and have recently been equipped with a variety of interfaces for communication with the industrial environment. Maintenance technicians can access control systems and production facilities from outside, for example via mobile phone connections. In addition, Industry 4.0 will only work if the separation of office and production IT is eliminated. For example, it must be possible to seamlessly transfer design data that the developer has edited on a CAD/CAM or simulation system to production. However, this is precisely where a weak point arises, as targeted attacks on production systems are often carried out via the office network. The answer to these risks: end-to-end security of data transfers using asymmetric cryptographic processes. This can only work securely in the long term with the best key material - i.e. an HSM.

Author:
Malte Pollmann is CEO of Utimaco.