3

I came to know recently that HSMs are used in credit card processing on the server side but since I don't work in that space and stumped as to why its needed.

I can see it used in an ATM machine - to encrypt data to be sent to the server for verification.

But once its already inside the firewall would I not just query the card details from the DB, decrypt it and then compare with what I got over the wire and then send it over to my card processor. Why would I need a HSM in this path?

EDIT: I understand how HSMs typically work. What I don't know is how they are used in payment processing. Can some one throw some light on that?

user220201
  • 893
  • 9
  • 22
  • Even in your hypothetical scenario, you mention decrypting card details stored in a database. Why would this operation not benefit from an HSM? – Stephen Touset Aug 13 '14 at 21:44
  • Is it the typical usage of HSMs? – user220201 Aug 13 '14 at 21:49
  • The question user220201 is asking is not about the generic operation of an HSM. The question pertains to, what role does an HSM play in handling the verification of the PIN after being punched in by the user of an ATM terminal? Presumably, the PIN is required (as per compliance and regulations) to be not stored outside of an HSM. So, what happens to the PIN typed by the user - is it delivered securely to the HSM so that the HSM can verify the PIN? Or, does the HSM return a hash of the PIN + Card ID so that the (banking) transaction server can authenticate the card? – user13311 Jan 11 '17 at 21:30

3 Answers3

3

@thomas-pornin and @PwdRsch have explained what an HSM can do, but you've clarified that you want to know what they're used for in payment processing. The short version is - they are used to strengthen the encryption protections that processors use.

Let's assume you mean credit card processors. The PCI HSM Security Requirements suggests a number of places HSM would be applicable:

  • PIN Processing
  • 3-D Secure
  • Card Verification
  • Card Production and Personalization
  • EFTPOS
  • ATM Interchange
  • Cash Card Reloading
  • Data Integrity
  • Chip Card Transaction Processing

Some simple uses can be inferred by the PCI Data Security Standard requirements, which credit card processors must be compliant with. DSS 2.0 Requirement 4 says that the processor must

use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks.

So, DSS says web servers need HTTPS. An HSM can store the private key to make that setup more secure. IPSec might be a way to meet Requirement 4; it can also benefit from HSM.

DSS Requirement 3.4 says that

Render PAN unreadable anywhere it is stored... [such as with] Strong cryptography with associated key-management processes and procedures

So, for example, credit card numbers stored to a database must be encrypted. An HSM can be used to support database encryption.

Payment processors need encryption. HSMs make encryption... better.

gowenfawr
  • 72,355
  • 17
  • 162
  • 199
1

A hardware security module (HSM) is essentially a trusted computer that manages encryption keys (or signing keys) outside of the normal server operating system. It doesn't provide the key to the server, rather the server hands an encrypted blob to the HSM and the HSM provides back the plaintext results, and vice versa.

The main reason HSMs are used in this manner is to make it very difficult for an attacker to gain access to the keys. A criminal can hack the application or server but still not have control over the HSM. They could submit decryption requests one at a time to the HSM via the compromised server, but that is less convenient for them than extracting the encrypted records and key to then carry out decryption at their leisure.

You can skip this step and keep the keys on your servers, but that risk may not be acceptable to some organizations.

PwdRsch
  • 8,361
  • 1
  • 28
  • 35
  • Agreed. In this case (like Stephen mentioned as well), the key to decrypt the card details is in the HSM. So it should be on another machine in the network, which means the HSM should be accessible over a secure connection from the App server. Do HSMs have TLS end points? More over is this the typical architecture? Or are there other modules I am missing here? – user220201 Aug 13 '14 at 22:00
  • I am not familiar with all products in the HSM market, but I believe they are generally implemented as devices directly connected to the server. The server treats it as a peripheral rather than another host on the network. Hopefully someone else can chime in if they've seen HSMs deployed in other configurations. – PwdRsch Aug 13 '14 at 22:07
  • 1
    Some HSM are directly plugged in the host system (e.g. as a PCI card in the motherboard); some other are used through a network (e.g. the Thales nShield Connect). In the latter case, some TLS-like protocol will be used to make sure that the requests only come from allowed hosts, and the results are not altered or spied upon. – Thomas Pornin Aug 13 '14 at 22:11
  • Understood. But what is the actual usage of HSMs in a payment processing stack? Please ignore the example I gave in my question about decrypting card details. Can you tell me how exactly HSMs are used in the payment space? – user220201 Aug 13 '14 at 22:20
  • It may not completely answer your question but take a look at this section of the [Wikipedia page on HSMs](http://en.wikipedia.org/wiki/Hardware_security_module#Card_payment_system_HSMs_.28bank_HSMs.29). – PwdRsch Aug 13 '14 at 22:38
1

A HSM is like a big smart card. It will store cryptographic keys and perform cryptographic operations on behalf of some external system; however, it is designed to never allow extraction of the private keys that it contains, even if the attacker has physical access to the machine.

The actual security gain of a HSM is not as big as is usually assumed. An attacker hacking into the external system which is allowed to ask for cryptographic operations from the HSM can then just do the same. If the HSM stores a signature key, then the attacker will be able to sign at will. However, since the HSM will not allow extraction of the private key, it will prevent the attacker from retreating to his den with the key. This implies that the attacker will be able to use the private key only as long as he maintains control of the external system; or maybe the attacker physically grabbed the HSM and ran away with it, but, there again, it won't be discreet. In a way, HSM are there to defeat some kinds of advanced persistent threats: if a key compromise occurs, it will end soon, or else you will know it.

Some HSM are programmable, and you can push some of the application logic into the HSM, under protection of the hardware shielding. This can conceptually allow for much better security, but it requires some specific development which is not easy (the innards of a HSM are not a typical Unix-like operating system with all its features; it is a lot more barebone).

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
  • Agreed. But how are HSMs used in the payment processing application specifically? What is decrypted/encrypted using the HSM for this specific use case? – user220201 Aug 13 '14 at 22:18
  • If there is some private key used somewhere, be it for signatures or for running a SSL server or whatever, then a HSM _can_ be used. Given the price of HSM, I'd expect that in most cases, no HSM is used. – Thomas Pornin Aug 13 '14 at 22:26