Hardware Security Module - Executing Unsigned Code in HSM TEE

Conference:  BlackHat USA 2021



The presentation discusses the speaker's research objectives and findings on a threat model and administrative tools used in a highly trusted environment. The speaker also provides insights on the use of HSMs in critical security operations.
  • The speaker's research objectives were to create a threat model, invalidate security objectives, and explore administrative tools used in a highly trusted environment.
  • The speaker discovered weaknesses in the administrative tools, such as the lack of relocation protection and canary protection, and the use of unsafe functions from the standard library.
  • The speaker also discusses the use of HSMs in critical security operations and the importance of their certification and evaluation.
  • The Luna SP HSM, designed by SafeNet and owned by Gemalto, is described as a FIPS-certified device with level three security.
  • The speaker emphasizes the importance of using HSMs in critical security operations due to their security properties.
The speaker describes a kill switch in the Luna SP HSM that satisfies level three PIP certification. The switch has two wires directly connected to a device that triggers the key array procedure when activated. The HSM also has a metal cover that effectively removes basic skill set adversaries from the plate.


Trusted Execution Environment, or TEE, defines an isolation between trusted and untrusted environment. In terms of TEE environment executing the code, the protected area is guaranteed to execute only authenticated code and reject any instructions which are not exclusively provided by a legitimate authority. Furthermore, TEE should protect assets' confidentiality and integrity. To ensure these security requirements, cryptographic measures are applied. These are enclosed in a scheme, for instance - a digital signature scheme. The security level of the system built on top of TEE is reduced to the strength of used primitives and chosen scheme. Even if primitives were proven to be unbreakable within a reasonable time, adversaries may discover vulnerabilities in the implementations, scheme itself or mount an attack against a private key which is used to prove legitimacy to a given code or data. As it occurs, the underlying technology used for embedding a proof or evidence of authority (i.e. signature), may bring surprising functionalities, which at the end may be overlooked by TEE designers and lead to security breaches. In this session, we will introduce a novel attack against verification code of digital signature scheme provided by Gemalto (ex. SafeNet) company in their Hardware Security Module - LunaSP. By abusing it, we are able to execute arbitrary, unsigned code within the LunaSP HSM protected application layer. Due to the nature of the issue, we think that similar attacks could be propagated to other systems as well.