Tamper Protection
Physical Security
Luna HSMs are equipped with intrusion-resistant, tamper-evident hardware, and use the strongest cryptographic algorithms to ensure that your data is secure. If a security breach is detected, a tamper event occurs and the HSM becomes locked until the tamper is cleared by the appropriate authority or the HSM is reset.
Luna Network HSM
The Luna Network HSM appliance is a commercial-grade secure appliance. This means that:
>It is provided with anti-tamper external features that make physical intrusion into the unit difficult. These measures deter casual intrusion and leave visible evidence of attempts (successful or otherwise) to open the unit.
>Vents and other paths into the unit are baffled to prevent probing from the outside.
>It includes a hardened OS that constantly monitors for security vulnerabilities.
>The HSM Keycard inside the appliance houses the actual HSM components. It is encased in an aluminum shell, filled with hardened epoxy. Attempts to gain access to the circuit board itself would result in physical evidence of the attempted access and likely physical destruction of the circuitry and components, thus ensuring that your keys and sensitive objects are safe from an attacker.
If an attacker with unlimited resources were to simply steal the appliance, and apply the resources of a well-equipped engineering lab, it might be possible to breach the physical security. However, without the password (password-authenticated HSMs) or the PED keys (PED-authenticated HSMs), such an attacker would be unable to decipher any signal or data that they manage to extract.
With that said, it is your responsibility to ensure the physical security of the unit to prevent such theft, and it is your responsibility to enforce procedural security to prevent an attacker ever having possession of (or unsupervised access to) both the HSM and its authentication secrets.
Surrounding Environment
The data sheets provided for individual products show the environmental limits that the device is designed to withstand. It is your responsibility to ensure that the unit is protected throughout its working lifetime from extremes of temperature, humidity, dust, vibration/shock that exceed the stated limits.
We do not normally specify operational tolerances for vibration and shock, as the Luna HSM is intended for installation and use in an office or data center environment. We perform qualification testing on all our products to ensure that they will survive extremes encountered in shipping, which we assume to be more demanding than the intended operational environment.
It is also your responsibility to ensure that the HSM appliance is installed in a secure location, safe from vandalism, theft, and other attacks. In summary, this usually means a clean, temperature-, humidity-, and access-controlled facility. We also strongly recommend power conditioning and surge suppression to prevent electrical damage, much as you would do for any important electronic equipment.
Authentication Data Security
It is your responsibility to protect passwords and/or PED keys from disclosure or theft and to ensure that personnel who might need to input passwords do not allow themselves to be watched while doing so, and that they do not use a computer or terminal with keystroke logging software installed.