2025-07-26 –, Track 2
HSMs (hardware security modules) and their legacy processes are the silent backbone of our core payments infrastructure. Quantum computing poses a significant threat to our cryptographic landscape, and evolving our payments infrastructure to meet new threats requires planning and orchestration between many organisations. This talk is primarily aimed at security professionals in the financial sector who work with HSMs or write policy on managing them. In addition, those preparing for quantum computing or who would like some insight into core payments infrastructure and HSMs will benefit from this talk. Technical topics will be explained sufficiently so that those with no HSM experience can learn how they work and what the ecosystem looks like. Key takeaways are how quantum computing changes the HSM threat model, and the steps that can be taken to prepare for quantum computing. A change in key exchange process is suggested which will assist in preparation for quantum computing and improve operational efficiency.
Contextualising the threat
- Quantum computing is evolving quickly, resulting in shorter timelines for preparing for a post-quantum cryptographic landscape
- A quick google of how to prepare for quantum computing will result in 2 “simple” steps:
1. Adopt quantum-resilient encryption algorithms and key sizes, to protect against quantum computers
2. Become crypto-agile so that algorithms and keys can be changed quickly to meet new improvements in technology
What is an HSM?
- HSM – hardware security module - securely stores encryption keys, generates keys, and performs cryptographic operations
-Typically, HSMs store a master key which is used to encrypt keys that the HSM generates. It is stored across several smartcards
-HSMs encrypt communication between organisations, in addition to communications with their payment infrastructure like POS devices and ATMs
-Symmetric encryption is used, and each organisation maintains a “session key” per receiving organisation
Key generation
- HSMs are managed remotely from a dual controlled, restricted access room, monitored by CCTV, using a special device or an air-gapped laptop
- Alternatively, the air-gapped laptop must be taken from secure storage and plugged into the HSM in the Data Centre
- Accessing the HSM requires coordinating at least 5 people – 2 to access the secure storage, and 3 to perform key custodian duties
- The HSM engineer will generate a key which is split into components by the HSM
- Custodian 1 will step forward and write down their key component, followed by custodians 2 and 3
- Components are stored under dual control (eg a safe with 2 locks)
Session negotiation
- Each component is assigned to a custodian
- Components are either shipped to the receiving organisation or carried there by custodians
- Key components are typed into the HSM at the receiving organisation
- HSM performs a mathematical calculation to combine the components into a key
- HSM encrypts that key under its master key and returns it to the HSM engineer in encrypted format. Keys are never exported in the clear as far as possible
- Session key has been exchanged – a process which takes milliseconds on the internet takes days or weeks with physical exchange
Takeaways about HSMs
- Existing threat model primarily focuses on key management processes to protect against insider threats, physical security to protect against external attackers, and securing network access to the HSM
- All keys are encrypted when they are exported whole, which limits the risk of key exposure through a conventional cyber attack on an employee’s laptop or subsequent communications over the internet using those keys
- Keys are rotated periodically to manage the risk of collisions or cracking keys
- Weak algorithms are phased out over months or years
- Post quantum, any encrypted communications that can be cracked fall in-scope of the threat model and encryption algorithms become insecure quickly with advancements in technology
Quantum Resilience in an HSM context
- Step 1: Adopt quantum-resilient encryption configuration
- Investigate your systems and create a key register, algorithm register, and develop a plan to migrate existing keys to AES 256 (a quantum resistant algorithm and key size)
- Step 2: crypto-agility
- Finding faster and smoother ways to change insecure keys will make the current transition to AES256 easier and prepare us for developments in quantum computing
- My suggestion: share the symmetric session key using an asymmetric keypair, following the same principles as TLS. Modern cloud HSM offerings like AWS Payment Cryptography use this model and the processes are well suited for use in a cloud environment and on-prem
- HSMs facilitate exporting keys encrypted under an asymmetric private key
- Sharing the public key securely becomes the biggest challenge to maintain PCI compliance but can be done according to the standard
Implications of mimicking TLS
- Significantly shorten the time to share keys. A key rotation can be performed in hours in an emergency
- Key storage is easier - keys can simply be stored digitally encrypted under the HSM’s encryption key as backups instead of paper.
- DR in an HSM environment is much simpler – the only key to be safeguarded physically is the HSM’s master key on smartcards. During DR, that key can be loaded on a new HSM and all encrypted stored keys can be used as normal. No paper components need to be recombined
Conclusion
- The symmetric encryption ecosystem in South Africa is community driven – if other organisations won’t adopt a new standard, I can’t either
- The people at this conference work at some of the major participants in the ecosystem, like the banks, and drive policy there. Improving our own systems requires collaborating to improve processes and maintain our compliance at the same time
- The opportunity presented by a new threat can be leveraged to improve legacy processes overall
- This is a request for collaboration
