V-OS is the world’s first virtual secure element, a software solution with security built into the firmware code. These include secret cryptographic parameters and data, which need to be randomly generated and securely persisted, and are then transformed into code and data files.
Ensuring that this process is secure is paramount, otherwise it will be the very thing to undermine the security that we have painstakingly put in place. We have deployed this process on a Hardware Security Module (HSM), to provides high quality random bits from a physical source that we need to guarantee unbiased keys. V-Key builds our own custom firmware for the HSM, for processing V-OS keys, and executes this firmware within the secure confines of the HSM.
With this arrangement, even while running our proprietary security tools with the HSM, the cryptographic secrets and keys never have to leave the secure environs of the HSM memory, be it encrypting license files or wrapping generated keys.
We liken the secure build process of the virtual secure element to the manufacturing process of a physical secure element. We impose on ourselves strict requirements we would expect of a physical manufacturing process. These include clear red/black separation, single step generation, and access control.
Our HSM codes consist of two main portions; the host executable code running in the host server, and the custom firmware running within the HSM. We utilize emulator tools to develop and test our codes for both portions, using test values for debugging. These are rebuilt and migrated to our non-production test HSM, where we can undertake the production process mirroring the production HSM server. Rigorous testing can then take place in this setup, with fully randomized values, to generate firmware for quality assurance testing.
In production, we utilize an offline HSM server housed in a commercial data center that provides round the clock monitoring and biometric access controls for physical security. With the required administrative controls, all accesses to this production HSM is tracked.
The HSM inherently encourages good red/black separation, which is to ensure that plain data and secrets (red) do not exist in insecure environment (black) like the host machine, and are handled only in the secure (red) environment. With custom algorithms for building our firmware, we need to find a way to handle these secrets within a HSM’s secure space, prompting us to implement our own custom HSM firmware. In turn, the design of our key management is done with these in mind.
Single Step Generation
The generation of a firmware involves setting up the required long-term keys, followed by generation of the required secrets and keys in the HSM. These are then built with existing source libraries and packaged into binaries to be used by the mobile apps. In addition, for different customers and use scenarios, the process needs to cater to the different configurations they may use and ensure they have a unique set of firmware keys.
This sophisticated process has been streamlined and handled by our single host executable, to make it seamless and straightforward for ourselves and our customers to generate the required firmware binaries.
Software can be built almost everywhere, as long as a compatible OS is available and there is source code and toolchain access. With access control imposed on the build process for production, we can maintain control over the creation and distribution of the manufactured virtual secure elements.
We utilize the password controls provided by HSM and OS platform, and implement a split password process, where various critical steps can only be undertaken when two parties with each half of the password are present. Administrative controls then ensure that no single party will gain access to both halves of a password, even at different times. These passwords when not in use, are stored securely, and require authorization from management before they can be retrieved for use. Coupled with the administrative controls imposed by the data center hosting our offline production HSM, we are able to maintain a tight control over the access to our production process.
When V-Key first embarked on our first batch of production firmware, we made sure that we have a secure process put in place from the start, from getting a trusted data center for physical security to designing the workflow to ensure that security is not compromised for the sake of convenience. We believe that this security consciousness is essential for building virtual secure elements that we ourselves can trust enough to use.