Hardware Security Module (HSM) for data centers architecture research

Abstract

The rationale for this research is to prove the technical feasibility shifting the architecture of HSMs (Hardware Security Module) for application in data centers. The increased demand for encryption for various purposes (payment systems, confidentiality of documents, information and communication) that is underway will require a change in the current model focused solely on selling HSM equipments for the final user to a model of cryptographic offer through the cloud via data centers. Therefore Dinamo is interested in researching a HSM architecture to be used in data centers. Based on the current paradigm of generic multi-use multi-core processors, there is a physical limit to the number of processors that can be parallelized in a single device without mentioning management issues in the data bus and especially heat dissipation device that for HSM is even more critical, given the constraints of ventilation and physical protection of the cryptographic boundary against probes. Thus, we aim in this research to test the technical feasibility of a parallel architecture that combines hardware and firmware and to allow for future developments of an HSM prototype (Hardware Security Module) with capacity to carry millions of signatures per second on RSA standard with 1024-bit key measured in the TCP / IP network (and not directly on the hardware). To conduct this research we will study and select the ASIC suitable for the research, develop a specific firmware for the motherboard to receive the PCIe card with the chosen ASIC, a client library code that perform communication with the firmware on the motherboard (core processor) via TCP / IP network interface using the PKCS # 11 standard API, stagger the amount of motherboards while we perform the necessary to seek a way to achieve the desired amount of signatures. As a result it is expected to generate various reports with the results of the measurements made and understand whether and what architecture would be feasible in the future to search a prototype HSM to be marketed for data centers. Besides the technological impact that this project will generate for Dinamo, making the company worldwide reference in HSMs, the company sees an increase in the encryption market that a device like this could take the company to multiply tenfold their revenues on a horizon of 5 to 8 years. (AU)