Databases are being encrypted more and more often these days, and there have been some recent cases in which a lack of encryption has caused a major data breach. Let’s say you’ve been using secure engineering practices and considered what-if scenarios at every step of your development process. Your Web application is hardened against cross-site scripting, SQL injections and a host of other common Web application vulnerabilities. You’ve looked over all the Open Web Application Security Project (OWASP) checklists, encrypted all data in transit and encrypted sensitive databases or fields in your database. But where are you storing the encryption keys for that database? Are you using a hardware security module (HSM)? Most organizations aren’t using HSMs to perform encryption with secure keys, but they should. Storing the key in plaintext or even obfuscated within the application is akin to leaving the key under the doormat.

Let’s back up a bit and look at the most common Web application architecture. In a typical Web application with database encryption, the keys are stored directly by the application somewhere on the application server. However, this leaves you open to reverse engineering attacks and creates operational security issues. However, with an HSM, you can avoid those issues.

What Is an HSM?

An HSM is essentially a co-processor. In terms of computer architecture, it may well have all the components of a Von Neumann machine — that is, storage, memory and processing capabilities. The point of an HSM, of course, is to provide dedicated encryption services that are offline from the host itself.

Since an HSM is dedicated to processing encryption and securing the encryption process, the server memory cannot be dumped to gain access to key data, users cannot see the keys in plaintext and you can ensure a trusted path exists between an application and the encrypted data elements. If you think you still can’t relax because someone else has physical access, you are wrong. HSMs have tamper-proof seals that prevent attackers from harvesting memory by means of electronic snooping or radio frequency monitoring.

What Does an HSM Guard Against?

HSMs protect against the theft of content from a sensitive database by a determined attacker. If an attacker gains privileged access to an application server where database keys are being stored in the clear, the keys can be retrieved. It doesn’t matter how well the key is obfuscated. Even if it is compiled, packed or otherwise convoluted, it could always be reverse engineered. Using this type of security is known as security through obscurity and is not a best practice from a secure engineering perspective.

From an operational security perspective, it is inadvisable to allow any human to see sensitive, unencrypted data. This includes not just the end users, but the development team, system administrators and database administrators. By extension, from a systems perspective, you also don’t want sensitive data being propagated from production servers to work stations, staging servers or development servers. If your database contains sensitive data, it is best not to let any human have access to the data in its unencrypted form.

How Is an HSM Implemented?

Because an HSM is typically deployed by an application development team, it falls under the application security domain as opposed to, say, infrastructure security. Hardware security modules can be used by applications to enforce a secure, trusted path. To implement one properly, applications must be built specifically to perform cryptographic operations using the application programming interfaces (APIs) provided by the HSM vendor. Those APIs include common cryptographic functions such as symmetric and asymmetric encryption and decryption operations, hashed message authentication code, cipher message authentication code, RSA, Digital Signature Algorithm, Diffie-Hellman, random number generation, prime number generation and format-preserving generation. HSM APIs may be either vendor-specific, such as IBM’s Common Cryptographic Architecture, or follow an open standard, such as PKCS No. 11. Obviously, one would need to do some careful shopping to ensure the appropriate functions are available, in addition to standard architecture considerations such as the hardware/OS platform and language support.


While HSMs are not mandated for PCI compliance, they are used by most payment schemes. The current governing standard for HSMs is called FIPS-140-2 and comes from the National Institute of Standards and Technology. Practically speaking, if you are storing credit card data, you really should be using an HSM. The PCI security requirements from 2009 can be found here, and the update from 2012 can be found here.

While FIPS-140-2 HSMs are widely used in the payment industry, they can dramatically improve the security of your database regardless of your industry. Remember, your medical records are worth more to cybercriminals than your credit cards, so get busy.

How to Get Started With Encryption

Luckily, there exists a clearinghouse for certified HSM products. There are many other discussion topics around hardware security models, including network-based modules specifically for storage systems and other custom designs. However, this article is intended to be a high-level introduction to hardware security modules, and I encourage you to do some further reading from the SANS Institute and Stack Exchange.

Image Source: iStock

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…