🔐

Encryption and Security Hardware

Jun 7, 2025

Overview

This lecture covers encryption, the use of cryptographic keys, and the roles of Trusted Platform Modules (TPMs) and Hardware Security Modules (HSMs) in securing digital information.

Encryption and Keys

  • Encryption is used to keep information secret during storage and transmission.
  • Most encryption and decryption processes use open, standardized algorithms.
  • Access to encrypted data requires possession of a unique digital key.
  • Protecting the encryption key itself is crucial for maintaining security.

Trusted Platform Module (TPM)

  • A TPM is a dedicated hardware component used for encryption on a single system.
  • TPMs can generate random numbers, create and store cryptographic keys, and contain manufacturer "burned-in" keys.
  • The TPM is password-protected and has several security features to prevent unauthorized access.
  • Each TPM contains a unique key specific to its system, providing a "root of trust."
  • TPMs are used for functions like full disk encryption (e.g., BitLocker), tying encrypted data to specific hardware.
  • You can enable, disable, and clear TPM data via the BIOS under "security" settings.
  • The Trusted Computing Group (TCG) sets TPM standards.

Hardware Security Module (HSM)

  • HSMs are hardware devices designed for managing cryptographic keys across multiple systems, often in data centers.
  • HSMs centralize the backup and management of keys, such as web server keys.
  • Personal or lightweight HSMs can store keys for individuals and may be portable.
  • High-end HSMs can accelerate cryptographic operations and offload processing from servers.
  • HSMs are used for protecting critical infrastructure keys, including those for certificate authorities.

Comparing TPM and HSM

  • TPMs secure data on a single local device; usually integrated into laptops, desktops, or mobile devices.
  • HSMs manage security and keys for many systems; typically found in enterprise and data center environments.

Key Terms & Definitions

  • Encryption — The process of converting information into a code to prevent unauthorized access.
  • Cryptographic Key — A unique digital value used to encrypt and decrypt data.
  • Trusted Platform Module (TPM) — Hardware for secure cryptographic operations on a single device.
  • Root of Trust — A set of functions in the TPM that uniquely identifies trustworthy hardware.
  • Hardware Security Module (HSM) — Hardware that centralizes and manages cryptographic keys across multiple systems.
  • Trusted Computing Group (TCG) — Organization that defines TPM standards.

Action Items / Next Steps

  • Review BIOS settings related to TPM on your computer.
  • Read about BitLocker or other full disk encryption technologies.
  • Explore differences between TPM and HSM for system security.

Full transcript