A portable hardware security module and cryptographic key generator

It has been noted with concern that the ability of a password to keep an information system secure is diminishing. Increasingly sophisticated attack vectors and low memorability associated with complicated passwords are among the leading reasons limiting security provisioned by passwords. Cryptographic keys suffer from issues including lack of memorability, vulnerable storage mechanisms, key retrieval attacks, lockouts due to key loss and risk of using the same key for multiple services. This study proposes a novel Hardware Security Module (HSM) as a basis for the generation/ re-creation of cryptographic keys. The designed hardware module entirely eliminates the stored cryptographic keys thus eliminating attacks against stored keys. The HSM derives the cryptographic key from sub-components behaving similar to multi-factor authentication, where each factor is an independent authenticator. The proposed scheme enhances security by incorporating physical security into digital security, i.e. as long as either the crypto provider device remains secure or the human component remains secure, the system security remains intact. The scheme proposes a strategy based on defense in depth to secure the HSM, its user, the related service from attacks ranging from simple shoulder surfing to sophisticated Man-in-the-Middle attacks. The proposed HSM is based on commodity hardware components thus having limited cost implications.