Depends on the HSM type and vendor implementation. Example MKEK is stored on HSM and wraps all other keys off the box in an encrypted format.

Nothing does. The HSM only stops the hacker from taking the key, but it doesn't handle the attack you mentioned. The good part is that if the hacker decrypts using the HSM, the use will be logged by the HSM's audit log. Secondly, if access to the HSM is cut off, the hacker can't decrypt anymore. Both of these are better than if the hacker steals the key.

This is a slightly different topic from HSMs, which is cryptography and encryption. It depends on what the setup is for protecting this key, which I don't have a clear understanding of from your description. Keys are usually generated inside the HSM, so that they never ever leave the HSM. So if you want to protect _another_ key, you can use the HSM to encrypt the key. Normally, a HSM would encrypt data, but in this case, your service key is just another piece of data, so you can encrypt it with the HSM key. Then, you store the encrypted key somewhere. When you want to use the key, you ask the HSM to decrypt your encrypted key, getting the original key, then you use the key and then delete it from memory when you're done. This is a technique called envelope encryption. Hope that helps!

It's actually pretty simple - with SQL in particular, when you enable encryption you're actually enabling SQL to create and use a LOCAL (to the SQL server) symmetric key (the same key is used to encrypt and decrypt; usually a smaller bit length and much faster than asymmetric keys by several orders of magnitude. Commonly AES256 algorithm.) Obviously, having the key with the server is bad (as Alex explained in this example) but moving that key off to an HSM would be equally bad (as it would introduce significant latency and hamper performance.) Instead, when we introduce an HSM to the architecture - SQL will utilize the HSM to "wrap" the local symmetric SQL key with an asymmetric key pair (usually RSA - i.e. public/private keys) that are protected within the HSM. You're basically encrypting the local SQL key so that if the key and data are stolen - the data itself is encrypted by that local SQL key but the key itself is also encrypted externally - thus you can't decrypt that data. You'd have to have access to that asymmetric key within the HSM. It usually only decrypts the key during startup in the case of SQL (not every database does it the same - Oracle is different.) No latency is introduced as the local key is cached in its unencrypted state. This doesn't prevent an attacker from gaining access to the database itself and reading data, only protects against an attacker exfiltrating the file that contains the database (and it's local decryption key.) To truly protect against an attacker getting the data, you have to encrypt the data at the column level within the database itself. This is usually done with software although there are some HSM's out there that can do it as well (which protect the key material to do so much better than software will.)

The public and private keys work together. The HSM private key can only decrypt the message if it was encrypted with a corresponding public key. Otherwise it will(and it should) fail.

When the service calls the HSM, it needs to pass valid credentials. The HSM has a list of valid username and passwords in it, and the service needs to provide valid credentials to use the HSM.

Great question! It's true that a hacker can use the service to send a request. However, two things are better than not using the HSM: 1. The calls will show up in the audit logs of the HSM, which can help you figure out what data's been decrypted. 2. You can shut off access from the service to the HSM to cut off the hacker. Without the HSM, if the hacker has the encrypted data and the key, there's nothing you can do about it.

When the service calls the HSM, it needs to pass valid credentials. The HSM has a list of valid username and passwords in it, and the service needs to provide valid credentials to use the HSM. So it's not possible to call the HSM out of the blue, since you need valid credentials. If the service is compromised, it might be able to make bad requests using the service's credentials. There's not really a way to prevent this since a service being compromised means that an attacker can do anything the service does. The advantage of the HSM is that a service being compromised does not leak the keys.

@@StudyingWithAlex thanks for the detail explaination. Keep up the good work here. 👍🏻

Found the answer further below on another comment

If the key is erased, then the encrypted data can't be decrypted. But, if you think about it, if someone steals the HSM and it doesn't erase the key, you've still lost the key because the attacker stole it!

@@StudyingWithAlex how about a tpm?

That's why you have "multiple HSMs" within your Security Domain for high availability. I would imagine most companies probably use 3 or more HSMs for utmost protection. That way if an HSM was stolen, failed or whatever, you still have the keys balanced amongst the HSMs or that can be re-generated across the other available HSMs.

HSMs are a piece of hardware, so it's something you'll need to buy or build yourself. As for key ceremonies, that's part of the HSM feature set.

If you mean "can you use an index with encrypted data", the answer is no, since the data is scrambled while it's in the database. Let me know if I misunderstood your question.

@@StudyingWithAlex what about a symmetric deterministic encryption? Does the index search work with that?

If you have a table with a column C, and you want to do a query like "SELECT * WHERE C = 'something'", and you encrypt the data in C with a symmetric deterministic method before storing it in the table, then you can find rows with "SELECT * WHERE C = 'encrypt(something)'", but you won't be able to do range queries like "SELECT * WHERE C > something" or "ORDER BY C". In addition, deterministic encryption is less secure than encryption that uses a randomized initialization vector because it means that if you encrypt the same thing twice, it will have the same ciphertext. So it would be possible to find matching groups of Cs in your table, which, depending on what you're building, could be pretty bad. I cover some of this in my encryption video kzbin.info/www/bejne/d4nOg6J8hLVgq8k Hope that helps!