Ask HN: Would a personal HSM be of interest?
I've created an HSM with a Raspberry Pi and have integrated it with an add-on Security Module. The API has over 30 functions including Cryptographically secure RNG functions, hash/HMAC functions (supporting 40+ hash algo's), Pub/Priv key functions, and also has a CA Authority on it.
I am using it for storing my AWS API secrets, private keys, and a CA Authority for all my SSH keys.
The add-on chip provides:
- Multifactor Device ID & Authentication - Unique ID token created using multiple device specific measurements - Cryptographically derived ID token never exposed - Changes in host configuration trigger local API responses, policy dependent
- Data Encryption & Signing - Strong cipher suite includes ECDSA, ECDH, AES-256, SHA256 - AES-256 encrypt/decrypt data service - Integrates with TLS client-side certificates - TRNG – true random number generator, suitable seed for FIPS PUB 140-2, 140-3 DRNG.
- Key Storage & Generation - Private keys never exposed outside of silicon - Fusible keys available, policy dependent
- Physical Tamper Detection - Perimeter breach detection circuits - Accelerometer shock detection - Power rail monitor - perimeter integrity circuits detect breaks in user defined wire loops/mesh
- Real-time Clock - RTC clock service, available to client applications - 20ppm accuracy (standard). 5ppm accuracy (precision, temperature compensated)
- Hardware Root of Trust - Hard to penetrate dual secure-processor architecture - Secure elements from Microchip – ATECC608, ATECC508 - Secure microcontroller isolates and supervises services - Hardware based crypto-engine and key-store
6 comments
[ 4.0 ms ] story [ 46.0 ms ] threadWe shipped an application recently where groups of users use hardware keys to unlock sensitive information.
We were able to use FortifyApp (from PeculiarVentures) in conjunction with "regular" Yubikeys acting in PIV (smart card) mode. We seriously considered the YubiHSM instead with different shim software but it was really quite expensive when you need 1 per operator.
The other thing which would be a "must" for commercial uses (I think, anyway) would be supporting standard PKCS11 APIs. The API is... not that great, but it's the only thing that saves you from rewrites every hardware generation.
Would that be on the roadmap? If not, what's the interface between host(s) & hsm?
I think it is way more feature rich than the YubiHSM, its about the size of a pack of cigarettes (not as small as the yubi).
Currently the interface between the host and hsm is an API. I'm working on a PKCS11 interface now, and have been messing with a very basic implementation of it.
If not configured to bond, it would be less secure, but depends on what the person wants I guess. Making it bond to the raspberry pi requires that I physically modify the module before I send it out.
The module will run off the replaceable battery and also protects itself from power fluctuations/brownouts, etc. (it slides in whenever needing to be replaced) - and estimate that it will last about 3 years before needing to be replaced.