Hardware Security Module (HSM)

---

A hardware security module (HSM) is cryptoprocessor hardware implemented in a removable or dedicated form factor.

• an appliance for generating and storing cryptographic keys
• e.g., rack-mounted appliances, plug-in PCIe adapter cards, and USB-connected security keys
• possible to provision an HSM as a virtual appliance
• provides either:
  • centralized key storage for network hosts
  • or portable key storage that people can use on different devices
• whereas TPMs,
  • designed to validate the security of a discrete computing platform such as a desktop computer or laptop
• It is also possible to use a removable USB thumb drive to store keys
  • useful when:
    • the computer does not support TPM
    • as a recovery mechanism in case the TPM is damaged
    • or if a disk needs to be moved to another computer

Info

Vendors can certify their products against the Federal Information Processing Standard 140 Level 2 (FIPS 140-2) to establish trust in the market.