In recent blog posts I’ve talked about the benefits of HSMs and how they protect cryptography keys, ensuring those keys have a safe environment in which they can be used to encrypt or sign data while never being exposed in an environment where an adversary may be able to steal them.
However, protecting individual or sequential cryptographic operations may not be enough to protect your business from an adversary; one encrypt, decrypt or sign operation might be part of a sequence of actions on the data or be an intermediate step in a multi-step process. It could be the case, for instance, that you want to decrypt a data stream from one source and then re-encrypt that data stream before committing to a backend storage system. Keeping the decryption and encryption keys used in these operations safe is of course imperative, but returning the plaintext from the decrypt operation to the application such that it can pass it back to the HSM to be re-encrypted, exposes the intermediate data on the application server.
Wouldn’t it be great if you could simulate an atomic operation – all within the physical protection of the HSM – and carry out the decrypt, followed by the encrypt operation, without returning the plaintext to the host client in between?
Similarly, what if your application needs to check two encrypted passphrases for equivalence (one provided by a client for authentication purposes, the other the stored password it is to be validated against)?
Traditionally the application would have to get the HSM to decrypt the two versions of the passphrase and compare the plaintext ‘in memory’ resulting in the exposure of the passphrases in the server memory. Again, wouldn’t it be great if you could hold the decrypted passphrases and the comparison logic in a protected environment such that the passphrases never appear in places that are vulnerable to attack?
nShield offers the capability needed to solve these problems in a secure way. nShield’s secure execution environment available through CodeSafe activation provides a development environment that allows applications to be executed within the secure boundary of the HSM.
Using nShield HSM with CodeSafe activation ensures sensitive business logic can be implemented in a way that protects intermediate results within a connected set of operations from being exposed on the server. It also means all internal processing is protected by the HSM, thus reducing the risk of leaking sensitive information. Furthermore, the availability of specific cryptographic keys can be restricted to be used only with an identified CodeSafe application, further reducing your risk profile.