HSM for Dummies
User Management API:
This API is used to access all the functions necessary to create and manage
users and their corresponding roles in the HSM.
For today’s function interfaces for HSMs, such as PKCS#11, the designing
committees realize some of the key management and user
management functions over the command interface. Unfortunately,
developers have mixed different APIs here, which can result in security
vulnerabilities in the device if application programmers don’t implement
it properly.
Now we take a look at the APIs of HSMs from the viewpoint of the calling application.
We start with a definition of the security API:
The security API enables non-trusted code run within an application to access
the sensitive resources of an HSM in a secure manner. It’s the interface between
running processes on the host system and the HSM.
Examples of security APIs are the interface between the (tampersecure)
chip on a smartcard (trusted) and the card reader (not trusted);
the interface between a cryptographic hardware security module
(trusted) and the host server (not trusted); and the Google Maps API
(an interface between a server and Google, trusted) and the rest of the
internet.
An HSM interface has the following primary features:
Implementation of the security policy for external access to the secured area.
Protection of the security area from commands, irrespective of parameters
and command sequences. This means that when the code on the host system
is compromised or erroneous, it has no effect on the HSM or the critical
data.
Overview of the Current Interfaces for HSMs
We now come to the current HSM interfaces. We first introduce the interfaces
with international standardization.
22