Hardware Security Module - Executing Unsigned Code in HSM TEE

Explore a novel attack against the verification code of digital signature schemes in Gemalto's LunaSP Hardware Security Module. Delve into the methodology for executing arbitrary, unsigned code within the HSM's protected application layer. Examine key aspects of HSMs, FIPS 140-2 compliance, and internal components. Investigate research objectives, binary analysis of admin tools, and command injection techniques. Analyze the HSM's Trusted Execution Environment threat model, Java Archive structure, and JAR signature verification process. Learn about threat model invalidation through ZIP rewriting and patching. Discuss failed attempts and the disclosure process for this security vulnerability. Gain insights into potential implications for similar systems and the broader field of hardware security.

Intro
HSM: size and prize
HSM: key aspects
FIPS 140-2
HSM: inside
HSM: PCle Card
HSM under investigations
Research Objectives
HSM: Admin Tools - Binary Analysis
HSM: Admin Tools - cmd injection
HSM: TEE Threat Model
HSM: Java Archive
HSM: JAR Signature
JAR: The Files
JAR: Signature Verification (11)
Threat Model Invalidation (III)
Threat Model Invalidation by ZIP rewrite
Threat Model Invalidation by ZIP patching
Threat Model Invalidation (IV)
Failed Attempts
Disclosure Process