Allow to externalize crypto operations to HSM

[frank-bee]

For better security, crypto operations should ideally be done on hardware --> HSM / Smartcard / ...
Standard for this is typically PKCS#11 (see https://en.wikipedia.org/wiki/PKCS_11)
This would be particularely required for witnesses

Example for ethereum transaction done with AWS Cloud HSM
https://ethereum.stackexchange.com/questions/73192/using-aws-cloudhsm-to-sign-transactions

[tonyofbyteball]

Thanks for the suggestion. HSM does improve security, however please understand that its impact is limited. HSM protects key storage, while what we need to protect is key use.

Regarding Cloud HSM... I'm very cautious about having "cloud" and "HSM" on the same line.

[frank-bee]

You are totally right, HSM is about storage of crypto material. Some people mix that up with securing key use.

Cloud is another topic, I think most of nowadays servers are running in "the cloud" (whatever cloud means, could be also a private cloud or let's say a k8s cluster....).
From security point of view cloud has besides some downsides also advantages, e.g. no attacks by physically having access to the hardware or protections against DDOS.
Which HSM to use and how to attach it to the service depends on several factors. One main factor is: cost. In a privately maintained node, a smart card or Ubikey might be a good joice, in the cloud you have other options (you can even buy your own HSM and attach it via something like DirectConnect - but the cost might exceed 50000$, depending on the HSM you buy and where you host it, ;-) )

[tonyofbyteball]

Yes, cloud HSM is cheap, the offers look really attractive.

However, to access your HSM, you use your cloud credentials. The security you get is as good as the security of your cloud credentials, you don't get real "hardware grade" security.

Second, keys are safely stored in HSM but key use is guarded by a cloud provider. Cloud HSM is so cheap because expensive hardware is shared among many clients. And while your key alone might not justify an attacker's effort of breaching a well-protected big cloud provider, many keys combined might make it worthwhile. With cloud HSM, we get centralization of sensitive key material, which creates systemic risks and might actually reduce security for everybody.

[frank-bee]

However, to access your HSM, you use your cloud credentials.

Ideally not. Cloudproviders typically offer a way to allow one service to access another service based on some credentials-less policy model (e.g "EC2 profiles" in AWS)

Second, keys are safely stored in HSM but key use is guarded by a cloud provider

To some extend I agree but again: security and cost always have to be somehow balanced.
E.g. running a user's "small expense wallet" is a totally different thing than a decentralized market place with a lot of money staked/ stored.
Anyway, I don't want to promote the usage of cloud services here, node hosters should decide what they use.