Building V-OS with HSM

Kok Yik-Siong, Roddy - Cryptography Architect

V-OS is the world’s first virtual secure element, a software solution with security built into the firmware code.  These include secret cryptographic parameters and data, which need to be randomly generated and securely persisted, and are then transformed into code and data files.

Ensuring that this process is secure is paramount, otherwise it will be the very thing to undermine the security that we have painstakingly put in place.  We have deployed this process on a Hardware Security Module (HSM), to provides high quality random bits from a physical source that we need to guarantee unbiased keys.  V-Key builds our own custom firmware for the HSM, for processing V-OS keys, and executes this firmware within the secure confines of the HSM.

With this arrangement, even while running our proprietary security tools with the HSM, the cryptographic secrets and keys never have to leave the secure environs of the HSM memory, be it encrypting license files or wrapping generated keys.


Manufacturing Software

We liken the secure build process of the virtual secure element to the manufacturing process of a physical secure element.  We impose on ourselves strict requirements we would expect of a physical manufacturing process.  These include clear red/black separation, single step generation, and access control.

Our HSM codes consist of two main portions; the host executable code running in the host server, and the custom firmware running within the HSM.  We utilize emulator tools to develop and test our codes for both portions, using test values for debugging.  These are rebuilt and migrated to our non-production test HSM, where we can undertake the production process mirroring the production HSM server.  Rigorous testing can then take place in this setup, with fully randomized values, to generate firmware for quality assurance testing.

In production, we utilize an offline HSM server housed in a commercial data center that provides round the clock monitoring and biometric access controls for physical security.  With the required administrative controls, all accesses to this production HSM is tracked.


Red/Black Separation

The HSM inherently encourages good red/black separation, which is to ensure that plain data and secrets (red) do not exist in insecure environment (black) like the host machine, and are handled only in the secure (red) environment.  With custom algorithms for building our firmware, we need to find a way to handle these secrets within a HSM’s secure space, prompting us to implement our own custom HSM firmware.  In turn, the design of our key management is done with these in mind.


Single Step Generation 

The generation of a firmware involves setting up the required long-term keys, followed by generation of the required secrets and keys in the HSM.  These are then built with existing source libraries and packaged into binaries to be used by the mobile apps.  In addition, for different customers and use scenarios, the process needs to cater to the different configurations they may use and ensure they have a unique set of firmware keys.

This sophisticated process has been streamlined and handled by our single host executable, to make it seamless and straightforward for ourselves and our customers to generate the required firmware binaries.


Access Control

Software can be built almost everywhere, as long as a compatible OS is available and there is source code and toolchain access.  With access control imposed on the build process for production, we can maintain control over the creation and distribution of the manufactured virtual secure elements.

We utilize the password controls provided by HSM and OS platform, and implement a split password process, where various critical steps can only be undertaken when two parties with each half of the password are present.  Administrative controls then ensure that no single party will gain access to both halves of a password, even at different times.  These passwords when not in use, are stored securely, and require authorization from management before they can be retrieved for use.  Coupled with the administrative controls imposed by the data center hosting our offline production HSM, we are able to maintain a tight control over the access to our production process.


Security Consciousness

When V-Key first embarked on our first batch of production firmware, we made sure that we have a secure process put in place from the start, from getting a trusted data center for physical security to designing the workflow to ensure that security is not compromised for the sake of convenience.  We believe that this security consciousness is essential for building virtual secure elements that we ourselves can trust enough to use.


Other articles:
How do we determine the effectiveness of mobile apps’ security systems?

With the spate of remote working regime due to Coronavirus pandemic, the reliance and growth for video conferencing platform has been exponentially escalated. However, most mobile apps today are nowhere near as secure as we would like them to be.

Is the detection of jailbroken/rooted phone sufficient against threats?

Functions that detect jailbroken/rooted devices are most commonly added to transactional mobile applications, serving as the most basic defense against threats. However, this is nothing but a drop in a bucket.

Why Existing Mobile Software Protections are Insufficient

Recognizing that existing mobile software protections are insufficient against today’s cyber threat landscape, we take a closer look at the main types of software protections in the market.

V-OS Protection against CPU vulnerabilities

Virtually every computing device in the world is made unsafe by the latest disclosures on Central Processing Unit (CPU) vulnerabilities. Find out how the virtual secure element technology is protecting millions of mobile application users against such vulnerabilities.

V-OS Protection against Android Plugin malware

There has been a recent surge in Android malware abusing Android Plugin Frameworks for malicious behavior. DroidPlugin, Parallel Space and VirtualApp are several plugin frameworks that have been abused by malware in recent months to spread Android malware.

Three steps to fight the Mobile Security status quo

Have financial institutions accepted a status quo that sacrifices user experience for increased security? With mobile digital identity quickly becoming central to an entire suite of online services, those who challenge the status quo will set themselves up to prosper and grow. Read more to find out three oft-ignored areas of research.

Cryptography in V-OS

V-OS is the world’s first virtual secure element. Cryptography plays a dual-role in these; to secure and manage the secrets kept within V-OS, and to provide a lightweight yet comprehensive cryptographic library.

How does a Virtual Smart card protect a customer if they lose or change their mobile phone?

From banks to government agencies, many organisations are intrigued by and exploring software security solutions such as mobile tokens and mobile identity systems for individual identification, authorisation and authentication.

Is software-based Biometrics Authentication the solution to ASEAN’s regulatory challenges?

Banks in Southeast Asia should look towards software-based biometrics as the way forward to navigate the regulatory differences in the region and secure their customers’ transactions.

Infographic: The next frontier in Banking transformation

As technology evolves, banks and financial institutions have no choice but to innovate. However, when it comes to security, many still rely on traditional, costly methods.

Mobile Security that works for everyone

Safe, convenient and simple.

The next wave of Finance: Singapore’s growing Fintech market

With global cumulative investment in financial technology (fintech) forecast to exceed US$150 billion in three to five years, economies around the world are vying to attract fintech innovators and cash in on this growing industry.