Tamper Protection

Physical Security

Luna HSMs are equipped with intrusion-resistant, tamper-evident hardware, and use the strongest cryptographic algorithms to ensure that your data is secure. If a security breach is detected, a tamper event occurs and the HSM becomes locked until the tamper is cleared by the appropriate authority or the HSM is reset.

Luna PCIe HSM

The Luna PCIe HSM, or cryptographic module, is a multi-chip standalone module as defined by FIPS PUB 140–2 section 4.5. This means that:

>The module is enclosed in a strong enclosure that provides tamper-evidence. Any tampering that might compromise the module’s security is detectable by visual inspection of the physical integrity of the module. In addition, any attempts to physically tamper with the token would likely result in the destruction of its circuitry and components, thus ensuring that your keys and sensitive objects are safe from an attacker.

>The module’s physical design also resists visual inspection of the device design, physical probing of the device and attempts to access sensitive data on individual components of the device.

If an attacker with unlimited resources were to simply steal the appliance, and apply the resources of a well-equipped engineering lab, it might be possible to breach the physical security. However, without the password (password-authenticated HSMs) or the PED keys (PED-authenticated HSMs), such an attacker would be unable to decipher any signal or data that they manage to extract.

With that said, it is your responsibility to ensure the physical security of the unit to prevent such theft, and it is your responsibility to enforce procedural security to prevent an attacker ever having possession of (or unsupervised access to) both the HSM and its authentication secrets.

Surrounding Environment

The data sheets provided for individual products show the environmental limits that the device is designed to withstand. It is your responsibility to ensure that the unit is protected throughout its working lifetime from extremes of temperature, humidity, dust, vibration/shock that exceed the stated limits.

We do not normally specify operational tolerances for vibration and shock, as the Luna HSM is intended for installation and use in an office or data center environment. We perform qualification testing on all our products to ensure that they will survive extremes encountered in shipping, which we assume to be more demanding than the intended operational environment.

It is also your responsibility to ensure that the HSM appliance is installed in a secure location, safe from vandalism, theft, and other attacks. In summary, this usually means a clean, temperature-, humidity-, and access-controlled facility. We also strongly recommend power conditioning and surge suppression to prevent electrical damage, much as you would do for any important electronic equipment.

Authentication Data Security

It is your responsibility to protect passwords and/or PED keys from disclosure or theft and to ensure that personnel who might need to input passwords do not allow themselves to be watched while doing so, and that they do not use a computer or terminal with keystroke logging software installed.