Appearance
On-Prem HSM
SplitSecure is a distributed hardware security module. What that means is that we take secrets like keys and credentials and split them across multiple devices, leveraging the hardware security claims of each device. This allows us to offer superior claims to traditional hardware security modules, while being cheaper, more performant, and easier to manage.
Because SplitSecure leverages the security claims of the hardware it runs on, it can make hardware-based security claims (such as physical intrusion resistance) which would not be possible with software alone. This is what allows it to act as a substitute for FIPS-140-3 Level 3 compliant HSMs. However, SplitSecure is significantly cheaper and more performant than the traditional HSMs it replaces.
Enterprises will typically deploy on-prem HSMs (instead of cloud HSMs) when they need any of the following:
- Complete control over their encryption keys and cryptographic operations, including physical control over the secure computation device.
- FIPS-140-3 Level 3 compliant hardware under a threat model that doesn’t allow the use of cloud HSMs.
- Low-latency secure computation which benefits from having the HSM co-located with other hardware.
Let’s go over a specific example of SplitSecure replacing an on-prem HSM and show how it fulfills all three of these needs for a fraction of the cost of traditional HSMs.
Example: Thales Luna Network HSM vs SplitSecure Enabled AMD EPYC 9004
In this example, SampleCo is using the Thales Luna Network HSM for their secrets management needs. This industry-leading HSM is FIPS-140-3 Level 3 certified, and retails for anywhere from $28,000 to $40,000 depending on configuration. In its most performant configuration, it has 64MB of memory and is capable of performing up to 10,000 RSA operations per second.
Using SplitSecure, we will enable SampleCo to replace their Thales Luna Network HSMs with AMD EPYC 9004 processors mounted in a MZ33 server motherboards (along with 32GB of HPE volatile SmartMemory).
First, SampleCo must decide what devices they want to use to store their secrets. The AMD-based boards have no persistent memory, and so cannot be the long-term home of SampleCo’s secrets. To comply with industry regulations, SampleCo selects a dozen FIPS-140-3 Level 3 compliant USB devices as the permanent home of their cryptographic keys.
When they deploy SplitSecure, SampleCo selects what secrets they would like their new HSMs to be able to access. SplitSecure splits these secrets up among the dozen FIPS-140-3 Level 3 compliant USB devices, such that any single device is useless, but the network collectively stores the secrets. This network cannot perform any computation, but it can securely seed secrets into the AMD-based boards as needed.
This is analogous to a serverless application. Instead of the AMD-boards storing secrets permanently, whenever secure cryptographic computation is needed, one is spun-up fresh and secure seeded with the needed material by the SplitSecure network. It then performs the required computation, and does not retain the secret afterwards.
TIP
It is possible to do this securely because the AMD EPYC 9004 supports AMD SEV-SNP technology. On the AMD boards, secrets are only stored encrypted in volatile memory and are only ever unencrypted in-processor while being used. While an attacker could theoretically extract the secret by performing a highly sophisticated physical access attack on the AMD processor while the secret was in-use, the only organizations that reasonably have the ability to execute such attacks are major intelligence agencies. This is outside the threat model of most enterprises.
This approach is dramatically cheaper and more performant than traditional HSMs. Recall that the Thales Luna Network HSM’s most performant configuration costs approximately $40,000, and can perform up to 10,000 RSA sig/s. In comparison, the EPYC 9004 based board retails for under $4,000, and can perform 9,300 RSA operations per second per core, across all 16 cores. This gives a total throughput of 148,000 RSA operations per second.
| Metric | Luna Network HSM | SplitSecure on AMD EPYC 9004 Board |
|---|---|---|
| Throughput | 10,000 RSA sig/s | 148,000 RSA sig/s |
| Memory | 64 MB | 32,000 MB (32 GB) |
| Price | $40,000 | $4,000 |
That’s a 90% reduction in hardware cost. It should be clear that if the AMD EPYC 9004 based board meets SampleCo’s security needs, it will be dramatically more performant, less expensive, and easier to manage.
SplitSecure does have some software costs associated with management that the Network HSM does not, but depending on exact customer configuration they should still achieve an overall 50% reduction in total operating costs.
Let’s review how this deployment fulfills the above three common enterprise needs:
- Complete control over their encryption keys and cryptographic operations, including physical control over the secure computation device.
- FIPS-140-3 Level 3 compliant hardware under a threat model that doesn’t allow the use of cloud HSMs.
- Low-latency secure computation which benefits from having the HSM co-located with other hardware.
Complete Crypto Custody
SplitSecure splits keys and other secrets into shares, which are then distributed across the enterprise’s network of SplitSecure devices. These shares are only combined in the trusted execution environment (remember in this example the AMD board is the trusted execution environment) when used. This ensures the enterprise has complete custody over their secrets at all times – nothing is stored in the cloud or in third-party devices, and SplitSecure has access to nothing.
The SplitSecure code that runs on the AMD board is auditable, enabling the enterprise or the third-party auditing firm of their choice to validate SplitSecure’s security claims regarding the handling of the secret. While the exact security claims that are possible will depend on the code the customer wishes to run in the trusted execution environment (see FIPS-140-3 Level 3 Certification below), when used as a signing oracle, as a tokenizer, or in other common HSM use cases, SplitSecure enables the AMD board to offer competitive security claims to leading HSMs like the Thales Luna Network HSM.
Finally, in regards to hardware access, since the secret is only ever stored encrypted in volatile memory, extracting the secret from the board requires a highly sophisticated attack on the processor at the moment the secret is being used. Attacks of this sort are generally only possible by state-level actors, who would need unrestricted access to the AMD board inside the enterprise’s data center. This sort of attack generally falls outside the threat model for on-prem deployments.
FIPS-140-3 Level 3 Certification
Used in the above configuration or similar, SplitSecure offers a quick path to FIPS-140-3 compliance:
- The secret is only persisted in hardware with FIPS-140-3 Level 3 certification.
- The AMD 9004 processor itself is pending FIPS-140-3 certification. Alternatively, Intel TDX processors can be employed.
- SplitSecure supports communication between the two by FIPS compliant protocols.
And of course, all of the above can be customized by the enterprise to fit their particular threat model and regulatory needs.
SplitSecure supports end-user customization of the code that runs inside the trusted execution environment, so we cannot make a general statement that an AMD EPYC 9004 Board used as a SplitSecure TEE is automatically FIPS-140-3 Level 3 certified. However, SplitSecure does offer an easy path to FIPS-140-3 compliance.
Low-Latency Secure Computation
By enabling high-performance secure hardware to be co-located with other systems, SplitSecure enables low-latency use cases currently served by on prem HSMs. Additionally, by allowing high throughput, low-latency hardware (as compared to HSMs) to be used in this manner, SplitSecure enables colocation use cases that would not have been possible with traditional HSMs.
Our proof of stake validation use case is based on this ability to offer security, high throughput, and low-latency.