[Cryptography] HSMs or Intel SGX? Which is harder to hack?
Bill Cox
waywardgeek at gmail.com
Thu Feb 16 21:43:39 EST 2017
On Thu, Feb 16, 2017 at 3:43 PM, Mike Hamburg <mike at shiftleft.org> wrote:
> What are your performance requirements? Smart cards are much slower than
> HSMs but much cheaper, and you can keep them in your wallet. A good smart
> card will have better security than a bad HSM.
The cost per signature is the main metric for being "practical" in this
case. A 100K/second signature capable HSM that costs $1M would be worse
than a 10/second signature capable device that costs $1. I don't care
about FIPS compliance, as it no longer seems well correlated with good
security.
For being practical, Intel SGX has the advantage here, assuming I have the
SGX capable CPUs I need anyway. However, security comes first. In this
case, I only care about attacks that occur after securely booting the SGX
enclave or HSM.
For an example attack on SGX, IIUC based on what I've read in Intel's
public docs, an SGX enclave can have it's cached data evicted to DRAM, and
that data will be encrypted with a symmetric key derived from the CPU's
fuse settings. If I save that encrypted data, and then extract the keys
from the CPU at a chip debugging/reverse-engineering lab, then I can
decrypt the cache lines, because I assume the attacker knows everything
about how the CPU works.
I imagine that a good HSM should be harder to hack, but I don't know.
First of all, the secrets remain in SRAM inside the device, and never
leave, so the attacker has to extract the secrets while power is on, or
somehow chill the SRAM rapidly so the state remains for a while. A good
HSM might have counter-measures and erase SRAM base secrets when it detects
a potential attack such as power loss (or over-voltage) or a rapid change
in temperature, or vibrations from drilling holes. Maybe there's a shield
layer around the whole thing that would prevent most physical attacks... I
have no idea.
I could keep reading manufacturer's claims of their HSM security, but I
just can't read any more unsubstantiated claims of "military grade"
security. I was hoping some of you folks might know the real story, and
save me the effort of discerning reality from fiction based on HSM
marketing material.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170216/527a925b/attachment.html>
More information about the cryptography
mailing list