Zurich, Switzerland 19 June 2019 -- On 5 June 2019, French researchers Gabriel Campana and Jean-Baptiste Bédrune presented an attack on a Hardware Security Module (HSM) at the SSTIC conference in Rennes, France. In their attack, they showed how they could penetrate the HSM through buffer overflow exploits, open a shell there and use root privileges to install their own software to extract and upload secret keys.
Securosys security and development engineers carefully examined this attack and concluded that it could not be successfully carried out with Securosys Primus HSM. The Primus HSM was developed with modern security concepts that consistently reduce the many attack surfaces. It contains several layers of security mechanisms, each of which alone prevents such an intrusion attempt. In the following we give an overview of some of these mechanisms.
As a first point, no additional software can be installed on Securosys Primus HSM. There is no shell in the system as it was used to support the attack. Second, a separate and independent monitoring processor constantly monitors the main processor and the integrity of the software running on it. In addition, the Primus HSM controls its buffer sizes and avoids buffers on stacks in API-oriented processes. In addition, the execution rights of processes are carefully separated. API-oriented processes have no root rights.
For confirmation, our customers are welcome to view our plans, software and firmware. This allows them to review these and many other additional security measures to ensure that each key in the Primus HSM is securely generated and managed.
Instead of loading application-specific software blocks into an HSM, you should secure your business logic with the integrated advanced cryptographic functionality that only Primus HSM offers. This allows non-critical business logic to run separately on servers, while critical cryptographic functions, including rights-of-use checks, are only performed in redundant Primus HSM clusters. Especially for blockchain applications, our Smart Key Attributes (SKA) enable multi-signature/authorization of asset keys, adding another important layer of security.
Securosys Primus HSM is available in three product lines: the high-performance and high-availability X-Series, the smaller, economical E-Series and the S-Series for limited use. The Primus HSM of the X- and E-series are software compatible and certified according to FIPS 140-2 Level 3. Please contact us to learn more about Securosys and Securosys Primus HSM.