Hardware security modules (HSMs) are specific hardware components that encap- sulate security functions and provide the necessary trust primitives. HSMs are in- tegrated chips specifically conceived and designed with security use-cases in mind. Typically, implementations range from smart cards [1.94] used for identification and authentication purposes, such as banking cards and identity documents, to Trusted Platform Modules (TPMs) [1.95], which are HSMs commonly used in personal com- puters. HSMs typically consist of a CPU core, data storage, a memory protection unit, sensors, cryptographic accelerators, and further peripheral components. Most HSMs employ sophisticated countermeasures against physical attacks, such as active sensors to detect fault and glitching attacks, and also employ cryptographic imple- mentations which are hardened against side channel attacks [1.31]. Anderson et al. give an overview of cryptographic processors and their use in [1.96].
TPM [1.95] is an international standard for a secure cryptoprocessor, which is a dedicated MCU designed to secure hardware by integrating cryptographic keys into devices. TPM’s technical specification was written by a computer industry consor- tium called Trusted Computing Group (TCG). Many manufacturers make TPMs. The Trusted Computing Group has certified TPMs manufactured by Infineon Tech- nologies, Nuvoton, and STMicroelectronics.
There are five different types of TPM 2.0 [1.97] implementations:
1. Discrete TPM - Discrete TPMs are chips that implement only the TPM functionality in their own package. Functions are implement in hardware to resist software bugs and they also support tamper resistance. Discrete TPM provides the highest level of security;
rity. This level still has a hardware TPM but it is integrated into a chip that provides functions other than security. While they use hardware that resists software bugs, they are not required to implement tamper resistance. Intel has integrated TPMs in some of its chipsets;
3. Firmware TPM - Firmware TPMs are software-only solutions that run in a CPU’s protected software. The code runs on the main CPU, so a separate chip is not required. While running like any other program, the code is protected in a TEE that is separated from the rest of the programs that are running on the CPU. Since these TPMs are entirely software solutions, they are vulnerable to software bugs within themselves. ARM and AMD have implemented firmware TPMs with TrustZone Technology;
4. Software TPM - Software TPMs are software emulators of TPMs that run with no more protection than a regular program that is part of an operating system. They depend entirely on the environment that they run in, so they provide no more security than what can be provided by the normal execution environment, and they are vulnerable to their own software bugs. They are useful for development purposes.
5. Virtual TPM - Virtual TPMs are provided by a hypervisor. These are there- fore reliant on the hypervisor for security beyond the execution environment provided to the software running inside the virtual machine and therefore they provide a security level similar to a firmware TPM.
Barrett et al. discusses several frameworks built on the Trusted Platform Module in [1.98]. TinyTPM [1.99] is a lightweight cryptographic module for IP protection and for building trustworthy embedded systems. TinyTPM makes use of partial reconfiguration to perform hardware updates. The TinyTPM consumes only a few resources and is therefore well-suited to design secure, efficient, and low cost FPGA- based embedded systems. vTPM [1.100] implements the full TPM specification in software, and is integrated into a hypervisor environment to make TPM functions available to virtual machines. The virtual TPM facility supports four designs for certificate chains to link the virtual TPM to a hardware TPM, with security vs. efficiency trade-offs based on threat models.
Bosch developed its own HSM that satisfies automotive requirements [1.101]. The HSM was especially designed for protecting e-safety applications such as emergency break based on communications between vehicles or emergency call based on com- munications between vehicles and (traffic) infrastructures. The core of the HSM is
a secure CPU where security critical tasks are executed. The HSM also possesses its own random-access memory (RAM), boot read-only memory (ROM), Advanced Encryption Standard (AES) engine as well as a true random number generator as cryptographic peripheral. Parts of the HSM are also debug interfaces and an on-chip interconnect interface which is used for communication with the host core and to access the flash. The host core is a typical automotive qualified application proces- sor providing an execution environment for safety-critical tasks. The flash is shared between host core and HSM, and the firmware both of the HSM and the host core is stored into the shared flash. A memory protection unit ensures that only the HSM is allowed to access its own HSM allocated data in the flash. When the HSM is powered up, the local boot code is loaded from the boot ROM and the HSM is initialized with the code stored in the shared flash.
Concluding, Hardware Security Modules are a necessary building block to harden embedded systems against attacks. To provide the necessary trust primitives and resistance to physical attacks, the security mechanisms must be rooted in hard- ware. HSMs are dedicated hardware security components that encapsulate security functions and provide the necessary trust primitives.