Ultra-compact HSMs for a New Security Era
As rapid digitalization and remote work expand the scope of security threats, HSMs are drawing attention as a cornerstone of security measures.
We handle two types of ultra-compact HSM products: 'YubiHSM 2' by Yubico and 'iShield HSM' by Swissbit. Here we introduce what these ultra-compact HSMs are and what features they offer.
What is HSM?
What is an HSM (Hardware Security Module)?
Encryption is essential to protect highly confidential information such as personal information and confidential company data from unauthorized access.
An HSM (Hardware Security Module) is hardware that can safely store the private keys used for such data encryption and decryption, as well as digital signatures and certificates.
Simply put, it acts as a 'safe' that securely protects private keys.
Why Needed?
Why is an HSM necessary?
Because security operations such as encryption and digital signatures are performed using private keys, the private keys must be sufficiently protected. Attackers will try to find stored or in-use private keys.。
If a private key is stored on a server's storage, it can be easily stolen. Even if the private key is encrypted and protected, it is impossible to prevent attacks that read the information expanded in memory when the private key is used.

Example of discovering key data from a memory dump Data in computer memory is dumped and displayed as a pattern of 0s (black) and 1s (white). Key data is highly random and easy to spot.
モジュール内で完結する処理
An HSM not only stores keys but also has built-in arithmetic functions such as encryption and digital signatures within the module, so operations such as encryption and digital signatures can be performed without ever extracting the key from the hardware. This means that key data is not even expanded in memory, preventing attacks that steal key data from memory dumps.
物理攻撃からの防御
What about attacks that destroy the HSM to directly access the key data inside? It is equipped with mechanisms to prevent physical attacks, such as erasing data or leaving traces of tampering in response to physical access. (Tamper resistance)
In this way, by using dedicated hardware to store keys, it can be physically separated from the server, making it possible to respond to various attacks.
Features
Four Main Features of an HSM
Securely store keys
Resistant to physical attacks that destroy the HSM to extract its contents. It has mechanisms such as erasing data or leaving traces of tampering when attempting to extract data from the outside. This is called tamper resistance.
Perform cryptographic and digital signature operations
Cryptographic processing and digital signature processing can be performed inside the HSM. Since the cryptographic processor is highly functional, it is possible to accelerate encryption and digital signatures.
Generate keys
Keys generated inside the HSM are never taken out of the HSM, allowing for secure operation.
Generate random numbers
HSMs have a mechanism to physically generate random numbers, making it possible to create high-quality random numbers. Compared to generating random numbers with software, it creates high-quality random numbers that do not give hints to attackers.
Product Features
Features of the HSMs we handle
Originally, HSMs were used in systems that perform massive processing, such as financial institutions, and general HSMs are known as server types. These are highly functional but very expensive and large in size, making installation difficult. This has created the problem that it is difficult for small and medium-sized enterprises to adopt them.
In recent years, cybercrime has continued to become more sophisticated, and the need for security is increasing not only for a very small number of highly confidential systems but also for small-scale systems.
The HSMs we handle are compact in size so they can be connected to USB, and because they are inexpensive, they are easy to incorporate into small-scale systems and IoT that were previously difficult to introduce, making it easy to enhance security.

YubiHSM 2

iShield HSM
Easy to introduce and manage
These products are compatible with the industry-standard PKCS#11 and can be quickly implemented in the products and applications that customers use for business. For YubiHSM 2, we have also released the open-source YubiHSM 2 SDK, making introduction even easier.
Comparison
Performance Comparison
| Item | YubiHSM 2 | iShield HSM |
|---|---|---|
| Manufacturer | Yubico | Swissbit |
| Form factor | ・USB Type-A (12mm x 13mm x 3.1mm) | ・USB Type-A (24.0 mm x 12.1 mm x 4.5 mm) ・eMMC (*Scheduled for release in late 2024) |
| Target application | ・Cryptocurrency ・IoT | ・Manufacturers of connected devices such as IoT gateways and PLC controllers ・SIers building industrial IoT systems and industrial automation systems ・Cryptographic key storage with tamper resistance for IoT applications |
| API / Standard | ・YubiHSM KSP ・PKCS #11 ・Microsoft CNG via the Yubico Key Storage | ・PKCS#11 & PKCS#15 (IsoApplet pre-loaded) ・OpenSC compatible ・AWS IoT Greengrass ・Azure IoT Hub ・Mednor (Over-the-Air Software Updates for IoT Devices) |
| Secure element | ・AES up to 256 bit ・RSA up to 4096 bit // ... ECC omitted for brevity but actually included in content | |
| Secure element | ・AES up to 256 bit ・RSA up to 4096 bit ・ECC up to 521 bit | ・CC EAL 6+ ・RSA up to 2048 bit ・ECC up to 384 bit |
| Storage capacity | ・126KB | ・8GB |
| Operating temperature | ・0°C - 40°C | ・-25°C to 85°C |
| Performance | ・Performance varies depending on usage Example) RSA-2048-PKCS1-SHA256: ~139ms ECDSA-P256-SHA256: ~73ms | ・Read performance: Sequential read max 100MBytes/sec, random read IOPS max 2,500 ・Write performance: Sequential write max 25MBytes/sec |
| FIPS | ・FIPS 140-2 (FIPS version) | ・Planned support |
| Country of manufacture | ・USA, Sweden | ・Germany |
Inquiries about HSM
We are authorized distributors of Yubico and Swissbit. If you are interested in HSM, please contact us via the inquiry page.
Contact Us*Please note that it may take some time from ordering to delivery for HSMs. Please check the specific delivery time when making an inquiry.