The design of your cryptographic infrastructure, a fundamental part of the digital transformation
By Xaviero Cervera, Project Director - CEGA Security (Mexico)
The pandemic we have been facing since the beginning of 2020 has forced organizations in practically all economic sectors to rethink their digital transformation strategy and what is actually possible and required in order to evolve to a paperless process. With this evolution also comes the need to reinforce the security infrastructure of our information and most sensitive assets, but also those of our customers as well. The design of or cryptographic infrastructure is a fundamental part of the digital evolution or transformation that has become the focus of most companies, especially in the market for digital identity and trust service providers.

Precisely, the trust service providers are organizations that carry out legal and technological operations to guarantee the integrity and authenticity of documents, signatures, files and even digital identities. These trust providers, for example, could help us create, validate and send an electronic invoice, in addition to being a trusted entity between our company and the tax authority. Similarly, they could grant us an online identity through a digital certificate that contains our information or digital identity to carry out operations such as signing a contract or converting our dead file vault to a digital document repository.

For trust providers, as in the case of a Certification Authority (CA), we have observed two main cybersecurity trends that have gained strength to impact their security infrastructure. We can highlight the implementation of hybrid clouds and devices with high security standards such as Hardware Security Modules (HSM) that provides their clients the security and integrity of the most sensitive cryptographic material, but part of the critical infrastructure that provides compliance for certification requirements.

HSMs have evolved since their creation, from a large and complex operating devices to becoming light, dynamic and user-friendly, contributing to the reduction of time and complexity in the implementation of this type of device. This is how FutureX has revolutionized the implementation of Hardware Security Modules in a corporate environment through its virtualization technology of these cryptographic devices (Virtual HSM).

In a solution that by its very own nature typically sees very little innovation or evolution beyond required standards, FutureX has developed groundbreaking technology. With the virtualization of these types of solutions, we can convert our physical HSM into up to 20 independents Virtual HSMs, providing greater security to our most sensitive information. With each virtual device, you get an individual master key, custodians (quorum) and independent cryptographic tokens, isolating all security controls and access to the HSMs.

Likewise, it allows the virtualization of cryptographic services (maintaining both FIPS 140-2 level 3 policies, as well as PCI compliance) by implementing multiple environments with Virtual HSM for the separation of functions such as the issuance/validation of transactions.

Let's move on from theory to the application of this technology in real life. Let's analyze the virtualization’s implementation with different use cases.

Every trust provider must maintain high levels of availability in their service and in many cases, the HSM configuration is not as redundant as the architecture used in the application. In other words, an application could run two or three servers or instances of an application so that there is redundancy to maintain the service operating.

But on many occasions, we see providers that only have one HSM in their production environment to satisfy all the transactions of these instances of the application (Fig 1.1); With only one instance, what would happen when updating the firmware of that HSM? This architecture leads us to not only bring offline the HSM, but also the pool of applications accessing that HSM, forcing all transactions to be redirected to a DRP environment (Fig 1.2). In this case, the multi- instance application architectures go to a single HSM.

Every trust provider must maintain high levels of availability in their service and in many cases, the HSM configuration is not as redundant as the architecture used in the application. In other words, an application could run two or three servers or instances of an application so that there is redundancy to maintain the service operating.

But on many occasions, we see providers that only have one HSM in their production environment to satisfy all the transactions of these instances of the application (Fig 1.1); With only one instance, what would happen when updating the firmware of that HSM? This architecture leads us to not only bring offline the HSM, but also the pool of applications accessing that HSM, forcing all transactions to be redirected to a DRP environment (Fig 1.2). In this case, the multi- instance application architectures go to a single HSM.

The provider can make this architecture more robust through the use of Virtual HSMs. By using virtualization technology for HSMs you could have up to three instances of Hardware Security Module on the same device and make a cluster of Virtual HSMs to respond to the same set of applications, simply alternating the different services of the cryptographic module, round robin (Fig 2.1). Likewise, by cloning the main HSM, we would have the ability to bring the Virtual HSM offline and update it without affecting the service, while the other two are in the cluster attending the workload. We can change and update the hardware one by one and the application could continue operating with one or two instances without a problem (Fig 2.2)

Another implementation case could be a trust provider offering specialized services to a client that requires certified protection of their cryptographic keys that are linked to the processing or service of an application.

The provider can make this architecture more robust through the use of Virtual HSMs. By using virtualization technology for HSMs you could have up to three instances of Hardware Security Module on the same device and make a cluster of Virtual HSMs to respond to the same set of applications, simply alternating the different services of the cryptographic module, round robin (Fig 2.1). Likewise, by cloning the main HSM, we would have the ability to bring the Virtual HSM offline and update it without affecting the service, while the other two are in the cluster attending the workload. We can change and update the hardware one by one and the application could continue operating with one or two instances without a problem (Fig 2.2)

Another implementation case could be a trust provider offering specialized services to a client that requires certified protection of their cryptographic keys that are linked to the processing or service of an application.

To be able to offer trusted services, an HSM must be implemented to protect the keys with which the most sensitive transactions are signed. Generally, this provider can protect their keys through a FIPS 140-2 Level 3 certified HSM, but in some cases users' keys are not protected with the same levels of security. Sometimes these are stored in a directory of the operating system, in a database or in different places that do not offer the end customer all the security and non-repudiation guarantees to their keys.

By having this virtualization service, we provide a higher level of security between the keys that the client gives us for safekeeping. If we store them in a database, directory or any part of the application, they are exposed to third parties who could access them. With virtualization technology, we could create for each client their own Virtual HSM that exclusively protects their keys and has a log that records all their transactions; this provides a new level of security for that client by completely separating it from all the processing of other clients or systems that are stored in our HSM.

As you can see, the implementation of virtualization technology offered by FutureX can help trust providers to strengthen their processing architecture and provide their customers with a more secure environment for sensitive keys and transactions, offering them a Virtual HSM on the device they are currently operating with.

Xaviero Cervera

Xaviero Cervera

Project Director

CEGA Security
Media Contacts

For CEGA Security: Tania López

Follow us on social media:
CEGA Security
Xaviero Cervera

For Futurex: Kelly Stremel

Follow us on social media:
Futurex
Santos Campa