top of page

Ultra-compact HSMs for the new security era

YubiHSM2 image
YubiHSM2 sample
iShield HSM sample

With security threats becoming more widespread due to the rapid digitization of the world and the spread of telework, HSMs are now attracting attention as the cornerstone of security measures.

We offer two types of ultra-compact HSM products: "YubiHSM 2" manufactured by Yubico and "iShield HSM" manufactured by Swissbit.

We will introduce what kind of products these ultra-compact HSMs are and what kind of features they have.

What is HSM (Hardware Security Module)?

"Encryption" is essential to protect highly confidential information such as personal information and confidential data from unauthorized access.


HSM (Hardware Security Module) is hardware that can encrypt and decrypt such data and securely store private keys used for digital signatures and certificates.


Simply put, it is hardware that acts as a safe for private keys.

HSMは秘密鍵を守る金庫のようなハードウェア

HSM is hardware like a safe that protects private keys.

If the private key used for security is stolen, all security measures will collapse and no longer work. Protecting private keys is extremely important for security.

Why do we need HSM?

Because security-related operations such as encryption and digital signatures are performed using private keys, private keys must be well protected.

An attacker will try to find a private key that is stored or in use.

If the private key is stored on the server storage, it can be easily stolen. Even if the private key is protected by encryption, this does not prevent an attacker from reading the information deployed in memory when the private key is used.

メモリーダンプから鍵データを発見する例

The data in computer memory is dumped and displayed as a pattern with 0's being black and 1's being white.

Key data is highly random and easily distinguishable.

​Key data can be easily stolen from memory dumps

HSMs not only store keys, but also perform cryptographic, digital signature, and other operations without removing the keys from the hardware at all, because the computing functions for cryptography and digital signature are built into the module.

This means that key data is not even deployed in memory, preventing attacks that steal key data from memory dumps.

2024-01-25_17h52_23.png

Since calculation functions such as encryption and electronic signatures are built into the HSM, processing can be performed without taking any keys out.

So, what about attacks that destroy the HSM and directly access the key data inside the HSM?In response to physical access, we have a mechanism to prevent physical attacks, such as erasing data or leaving traces of tampering. I am. (Tamper resistance)

In this way, by using dedicated hardware to store keys, it is possible to physically separate it from the server, making it possible to respond to a variety of attacks.

HSM Features

HSM has four main functions:

  1. Securely store keys

  2. Perform cryptographic and digital signature operations with the key

  3. Generate keys

  4. Generate random numbers

1. It is also resistant to physical attacks that destroy the HSM and remove its contents. Attempts to extract data from the outside will erase the data or leave traces of tampering, etc. This is called tamper resistance.

2. Cryptographic and digital signature processing can be performed inside the HSM. The high performance of the cryptoprocessor can speed up cryptography and digital signatures.

3. Keys generated inside the HSM are never taken outside the HSM, allowing for secure operation.

4. The HSM has a mechanism for physically generating random numbers, which makes it possible to create high-quality random numbers.

In the world of cryptography, random numbers are a very important feature. If the quality of the random numbers is poor, i.e., if the distribution of the random numbers is biased or has even a slight law, it can give an attacker a hint. When generating random numbers in software, it is difficult to produce high quality random numbers.

Features of HSMs we offer

Originally, HSMs were used in financial institutions and other systems that perform enormous amounts of processing, and the most common HSMs are known as server-type HSMs. These HSMs are very expensive for their high performance, and their large size makes them difficult to install, making it difficult for small and medium-sized companies to adopt them.

 

In recent years, cyber crimes in the world have become more sophisticated, and the need for security has increased not only for a small number of highly sensitive systems, as in the past, but also for systems of a smaller scale.

 

Our HSMs are compact enough to be connected to a USB port and inexpensive enough to be easily integrated into small-scale systems and IoT systems, which have been difficult to install in the past, and can easily increase security safety.

Yubico | YubiHSM 2 sample

Yubico - YubiHSM2

Swissbit | iShield HSM

​Swissbit - iShield HSM

Easy to install and manage

These products are compatible with the industry standard PKCS#11 and can be quickly implemented into the products and applications that customers use in their business.

Also, YubiHSM2 is an open source YubiHSM 2 SDK We have released , which makes it easier to implement.

Performance comparison

Inquiry about HSM

We are an authorized distributor for Yubico and Swissbit.

If you are interested in HSM, please contact us through our contact page.

* Please note that it may take some time from order placement to delivery of HSM.

Please confirm the specific delivery date when you contact us.

bottom of page