Understanding How an HSM Works
Outside of blockchain, the concept of using a piece of hardware to handle cryptographic operations and store keys for a company / enterprise that must handle sensitive data has long since been in deployment.
This tool is called an "HSM".
Hardware Security Modules
As the title suggests, the acronym 'HSM' stands for 'hardware security module'.
Per Thales (a reputable, cyber security firm), HSMs are defined as:
"Hardened, tamper-resistant hardware devices that strengthen encryption practices by generating keys, encrypting and decrypting data, and creating and verifying digital signatures."
Some hardware security modules (HSMs) are certified at various FIPS 140-2 levels. Hardware security modules (HSMs) are frequently used to:
Meet and exceed established and emerging regulatory standards for cybersecurity
Achieve higher levels of security and trust
Maintain high service levels and business agility
And so forth. You probably get the picture at this point.
So What Makes a Hardware Wallet / HSM Any More or Less Useful Than Simply Using a Computer?
This question may seem 'dumb' on its face, but its a good one to ask.
After all, the cryptographic operations that must be performed in order to create a Bitcoin wallet (or perform some other task), must be done on hardware of some sort.
What properties does an HSM have that a normal computer doesn't? They're both pieces of hardware that are performing cryptographic operations.
Since we know that the parameters, specifications and means of generating these cryptographic primitives should be well standardized as at this point in time, there should be no reason to assume that a hardware module would be any more or less accurate at peforming operations than a run of the mill computer would.
The logic above is correct. However, when referring to cryptography, we must understand the consequences associated with any portion of the cryptographic process being compromised (by anything, for any reason).
Remember Mr. Robot?
For all my nerd fans out there that have seen that TV show (don't worry - no spoilers) - you should know that cryptography was a focal point of the entire show's plot.
The main plot was predicated around leveraging cryptography to accomplish an ultimate end goal.
In many instances, cryptography was used as both a "weapon" and an "asset".
The show also exemplifies how cryptography, when compromised, can lead to devastating consequences.
Hackers Are Getting Smarter and More Cabale These Days
Most modern cryptography (just about everything that's not deprecated) - is sufficiently secure by itself.
The chances that a would-be attacker will be able to break a SHA256 hash in order to reverse-engineer your private keys are slim to none at this given point in time (assuming your enemy is not a powerful nation-state of some sort).
There are countless ways for an adversary to break your entire cryptographic scheme in spite of the 'unbreakable' level of encryption that many modern algorithms provide.
Some Examples Are
Side channel attacks
MITM attacks (merely intercepting requests / responses)
Outright theft of encryption / decryption / signing keys
Cryptanalysis using a number of 'knowns' discovered through back and forth transmissions (i.e., a conversation between two entities where each message is signed with the exact same key - certain algorithms provide room for a would-be attacker to decipher the public key based on known hash outputs, the cryptographic primitives being used and other details)
Poorly implemented cryptographic procedures (or incorrect parameters being fed into the operations / non-standard methods to encrypt / decrypt / sign and authenticate data , etc.)
How an HSM Assists
One of the primary functions of the HSM is to isolate cryptographic operations from whatever those operations are being purposed for.
Typically, the device's only purpose is to perform those operations.
And since such operations do not require the device to be online at all (cryptographic primitives can be hard coded down to the kernel and beyond at this point) - there is no reason for the device to ever need access to the internet.
Where Trouble Creeps In
HSMs (and hardware wallets alike) must eventually be used at some point.
And that's where the challenges come in for Bitcoin.
Potential Compromise During the Encryption / Decryption Process
Below is a diagram of the AES-128 encryption process:
While AES is extremely secure against the known tools / resources an adversary may have at their disposal, this security can still be mitigated to some extent by potential 'side channel' attacks.
The following diagram provides an illustration of how such a side-channel (eavesdropping) attack could occur with AES (Rindjael):
Power Dissipation Measurement
Yes, this is rooted in actual electrical circuitry (link = https://www.allaboutcircuits.com/textbook/experiments/chpt-2/power-dissipation/).
Long story - short, power dissipation (and other more complex forms of cryptanalysis used in 'side-channel' attack exploits - both in design and in the wild), can be facilitated by all sorts of enhanced mechanisms, such as gathering information about the electrical output from a given operation to make inference about the information being encrypted / decrypted (i.e., type, length, etc.) as well as the cryptographic primitives being used in said operations.
Below is another brief diagram showing how 'power dissipation' is used (not just as a mechanism to facilitate side channel analysis but as a general concept in the study of electrical engineering as well):
These Attacks Have Been Shelled Out in Great Detail
In fact, there is no shortage of research detailing the types of attacks that can be leveraged against really secure cryptographic primitives (such as AES).
Below is one such example:
(source: Roche, T., Lomné, V., & Khalfallah, K. (2011). Combined Fault and Side-Channel Attack on Protected Implementations of AES. Lecture Notes in Computer Science, 65–83. doi:10.1007/978-3-642-27257-8_5 )
Bitcoin's Unique Challenge
In the case of Bitcoin, after a private / public key pair is generated, the keys are of no use to the owner until a transaciton must be initiated.
Additionally - there is no encryption scheme integrated into Bitcoin's design.
The ECDSA (secp256k1) operation provides a private / public key pair that is used to sign and authenticate data, not encrypt.
Additionally, the use of the private key is needed for each transaction - so many times an unencrypted private key (usually at rest) faces potential threat when:
A user / entity needs to access said key (such as in the case of a transaction). The process of accessing the key itself imposes a certain risk upon the entity performing the access, because they must be sure that this access is being done in a secure manner that prevents eavesdropping / MITM attacks / etc.
In addition to looking out for the aforementioned attack vectors - it is important to ensure that the device used to access said private keys is not compromised as well. If this is the case, then the security of the communication between the HSM / hardware wallet and the entity attempting to access it becomes a moot point.
Once the private key has been obtained, it now must be secured in its operations. In other words - as the private key is used to sign the transaction (that the user wishes to send), the end user must be sure that this process is taking place in a secure manner. At this point, the private key
Do You Need a Hardware Wallet?
No. You don't.
In fact, if you would consider yourself to be "Joe Blow", then using such a device is more than likely to work against you.
Who Should Be Using a Hardware Wallet Then?
A large company.
Probably one that:
Is intelligent enough (at its leadership) understand that you probably don't want to "in-house" such management unless you're entirely sure that you have those with the necessary expertise on board that can securely and efficiently implement such a solution with enough back end standardization to be replicated by future employees when the current ones eventually leave the company in the future.
Manages assets (as in money or simply company data / secrets), that absolutely must be maintained with the utmost level of security (i.e., government agencies / government contractors that are mandated to adhere to a certain ISO / FIPS / HIPAA standard in order to remain compliant).
Said assets may need to be accessed on a fairly consistent basis by more than one member of the organization or perhaps by several dozen individuals (i.e., a 3-letter agency that has a suite of employees that have clearance-based access to sensitive materials).
Even after said assets have been sufficiently secured by access-restrictions, their sensitive nature further mandates that never be left unencrypted for any reason.
Compromise / security breaches could have apocalyptic consequences that are considered to be absolutely untenable for the entity in question seeking such a solution.
Said entity is aware of the fact that they will more than likely need to spend a hefty sum of money outsourcing / perpetually retaining a security firm whose sole duty is to protect sensitive assets such as the ones in question in this list.
If the above does not apply to you - then more than likely a security wallet will have very limited use for you.
"Does That Mean I'm Not Smart Enough to Use It?"
No. You are smart enough (most likely).
What the previous section is trying to say is that you more than likely are able to meet your security needs without a hardware wallet.
But I consider my information to be as important as a top secret military agency!
Yes, we all do.
That's not the point though.
The main point is that you are NOT a top secret military agency.
Thus, your secrets are more than likely not as highly sought out as said agency.
Step Back and Consider For a Second
Close your eyes and think about all of your potential (realistic) adversaries in life.
Don't spare anything in naming them.
Your own mother? The dog across the street? The crips in Compton? The cops?
Take One More Step Back
Close your eyes and think about your country's potential (realistic) adversaries in life.
adversarial (to you) nations that your home country is in conflict with?
With Increased Complexity Comes Increased Burden
Sometimes we tend to only look at the benefit of security solutions without considering the burden associated with their implementation.
If you were reading what was written above very carefully, then you probably noticed that this idea of possessing the adequate resources to hire a cyber security firm (not an individual), on retainer, specifically for the management of your organization's assets and "secrets".