[Cryptography] HSMs or Intel SGX? Which is harder to hack?

Wasa Bee wasabee18 at gmail.com
Fri Feb 17 07:03:14 EST 2017 

On Fri, Feb 17, 2017 at 7:51 AM, Mike Hamburg <mike at shiftleft.org> wrote:

>
>
> On Feb 16, 2017, Bill Cox <waywardgeek at gmail.com> wrote:
>
> The cost per signature is the main metric for being "practical" in this
> case.  A 100K/second signature capable HSM that costs $1M would be worse
> than a 10/second signature capable device that costs $1.  I don't care
> about FIPS compliance, as it no longer seems well correlated with good
> security.
>
>
> The image of 10,000 smart card readers dangling out of your host gives me
> a chuckle.
>

this company is building a rack full of smart cards to build a cheap HSM
with high throughput -  see https://enigmabridge.com/


>
> I could keep reading manufacturer's claims of their HSM security, but I
> just can't read any more unsubstantiated claims of "military grade"
> security.  I was hoping some of you folks might know the real story, and
> save me the effort of discerning reality from fiction based on HSM
> marketing material.
>
>
> Unfortunately, I’m not up to date on what all the certifications mean, but
> it is independent security analyses and certifications that you will want
> to look at.
>
> Here's an example of what makes it hard for me to read about HSMs.  I'm
> picking on Thales here only by chance.  I know for a fact that they are a
> well respected HSM vendor, but OMG, reading their web page is very hard for
> even an arm-chair crypto-geek like me.  Some quotes from this page
> <https://www.thales-esecurity.com/solutions/by-technology-focus/tamper-resistant-security>
> :
>
> "While devices from Thales have been proven in a range of settings
> including some of the world’s most stringent environments, you do not need
> to take our word for the fact that they are more secure. Thales products
> have been independently certified to meet FIPS 140-2 and Common Criteria
> standards.”
>
>
> Yeah, FIPS 140-2 means little, and CC depends on what level.
>
> What is the actual state of real-world security from respectable HSMs?
> How hard is it to extract secrets from a "level 4" tamper-resistant HSM
> that attempts to erase secrets when a potential attack is detecte?
>
>
> I’m not sure.  It’s supposed to be hard, but I’ve never looked closely at
> the evaluation of such HSMs.  There certainly are shoddy HSMs on the
> market, which leak their secrets (presumably accidentally) through radio
> emissions.  I’d look carefully at what the certifications claim.
>

some high-end Thales HSMs have protection against TEMPEST attacks, I hear.


>
> Overall, it should be significantly harder to extract the key from a
> high-quality HSM than from SGX, because SGX is not designed to resist side
> channels at all.  Furthermore, to have even minimal resistance to side
> channels, you’d have to write a power analysis resistant enclave, which
> would be somewhat annoying.
>
> However, you often can’t program an HSM with your business logic.  If the
> host is compromised and an attacker can sign data of his choice, then you
> might not be getting the security you want.  I guess in principle you could
> even log into the HSM from an SGX enclave with your business logic, but
> maybe at that point you’re just being silly.
>

some Thales HSMs have a CodeSafe option for you to run your own code inside
a shielded environment... whatever shielded means... see
https://www.thales-esecurity.com/products-and-services/products-and-services/hardware-security-modules


>
> Cheers,
> — Mike
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170217/0e12a5af/attachment.html>

More information about the cryptography mailing list