Reducing SWaP in the field with a USB-based hardware security moduleStory
October 17, 2022
Digital keys are a core concept in establishing secure networks, one as relevant in a data center application as it is at the edge of the tactical battlefield. While cryptography (crypto) uses both symmetric and asymmetric keys for different functions, for this column we’ll focus on asymmetric cryptography in which different keys are used for locking and unlocking.
The asymmetric cryptography approach has many advantages, such as verifying exactly who sent a particular message. The most common use for asymmetric crypto is in public key infrastructure (PKI) applications. In asymmetric crypto, there are both public and private keys. The public key can be freely distributed and is used to verify the identity of an entity, such as a person or a server. The private key needs to be kept private to prevent that entity from being impersonated.
Public and private keys are provided by a certificate authority (CA). After the entity creates a certificate-signing request, they pass it to the CA. After verifying the identity of the requestor, the CA will issue the entity its public and private keys as an X.509 certificate.
The CA could be a major internet company, such as Verisign or GoDaddy, or a server managed by an organization. Every operating system has a certificate store where trusted CAs are recorded; Microsoft, Apple, RedHat, and others have vetted the major CAs, but an organization can add or remove CAs from this list. On a typical U.S. Army system, all the internet CAs are removed and replaced with a set of Department of Defense (DoD)-approved CAs.
A hardware security module (HSM) is a device that safeguards cryptokey material and/or accelerates crypto operations. These devices are attached to a CA, either physically via PCIe or USB, or logically over a network. HSMs provide cryptographically secure key generation and secure key storage, as well as crypto services to applications such as certificate authorities or for the encryption of files or databases. These applications are integrated using industry standard (as well as vendor-specific), libraries and APIs. Using an HSM can ensure, if a server breach happens, key material used to safeguard valuable information will not be compromised, which helps organizations and agencies lower their operational risks.
The use of an HSM prevents poor crypto key handling by preventing accidental copying and distribution of crypto keys. It defends against remote attacks and eliminates remote extraction of private keys by storing the crypto keys securely on hardware. Where SWaP (size, weight, and power) is critical, traditional HSMs can take up more space than necessary to complete the mission.
The small YubiHSM 2 device enables secure key storage and operations using a proven secure element, extensive crypto capabilities, modern algorithms, and key lengths. It also provides role-based access controls for key management and key usage, enabling control over which operations are performed with keys and by whom. The tamper-resistant device, packaged in a low-power nano form factor, is network-shareable.
This USB-based device provides an additional layer of control and key material with M of N wrap key backup and restore, which requires multiple parties to bring their portion of the key together for operations. It can integrate with a variety of applications, including CAs, solutions for VPN, file system and database encryption, interfaces via YubiHSM KSP, PKCS#11, and native libraries. It also gives the user tamper-evident audit logging through operations that leave a verifiable audit trail, all validated by NIST to FIPS140-2 level 3.
With tactical hardware where a high capacity HSM is often not required, the larger HSM can simply be removed and replaced with a YubiHSM2, effectively freeing up two slots in the system. Those slots can then be used to add support for another network without expanding into a second case.
Some of the first applications of this ultrasmall HSM have been deployed in NSA-approved Commercial Solutions for Classified (CSfC) solutions that use two layers of commercial encryption, such as the PacStar Secure Wireless Command Post (SWCP), a WLAN command post system as registered by the U.S. Army Project Manager Tactical Network (PM TN). (Figure 1.) The system includes both SIPRnet and NIPRnet (Green) networks.
[Figure 1 | The PacStar Secure Wireless Command Post (SWCP) utilizes the YubiHSM2 for secure private key storage to meet NSA CSfC requirements in the smallest SWaP possible.]
Dominic Perez, CISSP is the CTO at Curtiss-Wright Defense Solutions and a Curtiss-Wright Technical Fellow.
Curtiss-Wright Defense Solutions https://www.curtisswrightds.com/