FOR
Tamper-resistant; simple to install and use; secure code execution within the box.
AGAINST
Price could be a factor for low-end applications.
VERDICT
While we consider such a device to be essential in any PKI implementation, it will quickly become equally essential in any online retailing operation where secure execution of code and storage of customer data is required outside the protection of the retailer's private network.

nCipher provides a range of hardware-based security products designed to provide performance acceleration for secure operations - such as SSL connections and digital signature verification - and secure storage and management of critical keys. The latest versions also provide a secure code execution capability within the hardware module itself.

The nShield is available only as a self-contained, SCSI-based, tamper-resistant hardware security module (HSM), and has been validated to the FIPS 140-1 Level 3. Combining secure key management, transaction acceleration, and tamper-resistant physical hardening, nShield delivers high security, speed and scalability in a single package. nShield is well suited to a variety of security infrastructure applications, such as certificate authorities, online certificate validation servers and custom applications. [Ed note: nCipher informs us that it nShield is now also available in PCI form factor, also validated to FIPS 140-1 Level 3.]

With nShield, it is possible to create, store, backup, restore and remove application keys in secure hardware and impose strict controls over the management of these keys using two-factor authentication based on smartcards and pass phrases. The use of a device such as nShield ensures that private cryptographic keys are stored in dedicated hardware while in use and encrypted with triple-DES when idle. Private keys never leave the module unencrypted and are therefore never exposed to the outside world.

Control of the nShield and its key management options is available via a number of command line utilities or a simple, Java-based graphical user interface known as KeySafe.

KeySafe allows companies to securely create, store, import, backup, restore or remove application keys through an easy-to-use graphical interface, delivering complete life-cycle key management. KeySafe provides a framework, the nCipher Security World, for managing multiple dispersed devices, and allows responsibility to be delegated and shared between teams of administrators. This flexibility helps organizations develop security policies that can be easily policed and successfully sustained. For example, an organization can define a set of rules and internal controls that specify how responsibility and authority is shared and delegated across a potentially large team of security administrators and system operators, often in different locations.

Cards, keys, and even modules, can be added or removed at any time, providing a very scalable solution - administrators can simply install the number of modules required to meet current needs, and then add more as requirements grow. As a result of sophisticated load balancing, all nCipher products scale linearly. The security world architecture also provides fault tolerance in a multiple-HSM implementation. If a device becomes unavailable while in service for any reason, built-in 'fail over' capability simply passes all of the processing activities to the next nCipher module.

With KeySafe the administrator can create, store, import, backup, restore or remove application keys in hardware and, for added security, protect them using sets of smartcards. The Security World has been designed to ensure that keys remain secure throughout their life cycle. Because the Security World uses multiple interlocking keys, each key is always protected by another key, even during recovery operations.

The nCipher nShield hardware security module has three main applications in its current incarnation.

Cryptographic acceleration. Cryptographic tasks such as encryption and decryption of the session keys can be offloaded to the nCipher HSM, thus relieving the host server of processor-intensive activities and thus improving performance and scalability.

PKI. The HSM is an essential part of any serious PKI solution, and nShield provides both crypto acceleration and secure key management.

Secure code execution. A brand new use for the HSM is as a secure space in which to execute security-sensitive code, and even to store security-sensitive data such as user names, passwords and credit card numbers.

It is hard to see how there can be any justification for not considering the use of a hardware security module when implementing a PKI system.

While the performance and scalability enhancements of the cryptographic acceleration capabilities can be ignored in low-volume implementations, the security enhancements cannot. Any PKI lives and dies by the security of its certification authority (CA) root-signing key. If the root key is compromised in any way, then none of the certificates issued by the CA can be trusted.

Nor it is prudent to add the HSM later in the life of the CA, since without an audited root key generation ceremony that can demonstrate the absolute security of the root key, the integrity of the CA can be subsequently called into question. The HSM is thus one piece of equipment - like the CA computer and the PKI software itself - that must be factored into the equation of any PKI from the outset.

The nCipher nShield provides the highest levels of physical security (validated to FIPS 140-1 Level 3) and, with the KeySafe software, offers extremely flexible key management capabilities enabling smartcard authenticated administration of customized security policies.

The Security World paradigm not only provides a simplified management interface, but also enhanced performance and fault tolerance through the ability to add extra modules as and when required. Individual modules can support up to 300 signatures per second, and performance scales in a linear manner with the addition of each module, providing transparent load balancing and automatic fail over.

Finally, the new secure execution engine is a unique (at the time of writing) and exciting feature that can extend the security perimeter to include security-sensitive code by moving it into the HSM itself, where it has direct access to the keys for which it has been authorized. There is also the opportunity to bring user-specific data into the HSM too, allowing online retailers for the first time to store user names, passwords and credit card details securely in a demilitarized zone (DMZ) until they are ready to be processed by backend servers inside the protection of the corporate firewall.

This feature alone opens up a whole new area for the HSM, extending its usefulness outside the realms of hardware protection of cryptographic keys and acceleration of cryptographic functions.
 

SC On-Line
SC Magazine
www.scmagazine.com