Appendix 09 · HSM: Hardware Security Module
This appendix introduces hardware security modules as dedicated devices for cryptographic processing and key protection. It explains how HSMs support secure key storage, signing, encryption, random-number generation, access control, tamper response, and controlled key operations in conventional high-security environments.
The appendix also discusses certification, physical protection, zeroization, interfaces, and operational integration. These aspects matter because an HSM's security claim depends on both its internal design and the procedures around administration, backup, maintenance, and auditability.
In the context of MKD, the appendix distinguishes traditional HSM key custody from scenarios where one-time-pad key material may be consumed and deleted quickly. It helps readers decide when an HSM is needed, what role it can play, and where secure storage media or smart cards may take over some functions.
- Explains HSM functions in cryptographic systems
- Covers key protection, access control, and zeroization
- Discusses certification and tamper response
- Relates HSM use to MKD architectures
- Clarifies when HSMs are operationally useful