Appendix · HSM (Hardware Security Module)
This chapter introduces HSMs as specialized devices for secure cryptographic processing and key protection. It explains their functions in confidentiality, integrity, and authenticity systems and notes that they typically support symmetric and asymmetric cryptography, hash functions, random number generation, and secure key management. The discussion also highlights tamper-responsive and tamper-evident features such as shielding, sensors, and zeroization.
The chapter then contrasts conventional HSM use with the needs of MKD. In traditional cryptography, HSMs are central because keys remain protected inside the module throughout encryption. In one-time-pad-oriented MKD scenarios, by contrast, the importance of long-term key retention inside an HSM is reduced because individual key bits are consumed once and can be deleted immediately. As a result, HSMs remain relevant, but not always indispensable.
The chapter also gives a brief market overview of selected HSMs that may be suitable for MKD-related environments, including compact and high-end devices. Certifications such as FIPS and Common Criteria are mentioned to place HSMs in a broader assurance context.
- Defines core HSM functions and protections
- Explains tamper response and zeroization
- Contrasts HSM use in mathematical cryptography and MKD
- Notes storage limitations for OTP-scale key material
- Provides a compact market overview