I moved some of the contents from an old website of mine. This is one of a small projects back from my time at the University of Cambridge, where we hacked a Chrysalis Luna CA3, which would now be part of SafeNet HSM portfolio.
While at the University of Cambridge, we embarked on a task of reverse-engineering one of the most secure hardware security modules (HSM) at the time – Chrysalis Luna CA3 [link1, link2]. While designed by a company Chrysalis-ITS, it was acquired by SafeNet, which kept the name Luna until it was acquired by Gemalto. While the form-factor changed, the internals are likely to be still resembling what we were looking at in 2003.
The main task of HSMs is to protect stored cryptographic keys and prevent export of keys via an interface facilitating secure operations with keys internally. This allows definition of policies specifying who can use which key for which operation.
The original design of Chrysalis Lune CA3 assumed that the manufacturer would generate a root public key certificate that would be used to sign keys for all HSMs necessary for cloning (copying all keys from one HSM to another. However, this design was breached by an addition of functions allowing use of any (even self-signed) public key certificates, which can be created in ten minutes with widely available tools.
In the end we were able to do unauthorised exporting of all keys stored in the HSM, decrypt them and use them for arbitrary cryptographic operations, like encrypt, sign, or decrypt messages on our PC.
The attack still required authorisation of a Security Officer, but it reduced the security provided to the level of a PC, protecting stored keys with a password. Several organisations using Chrysalis Luna CA3 decided to revise their operational procedures to mitigate risks exposed by our attack.
More details of this project can be found in our report TR-592. Source codes used for the attack are also available online.
Mike still has a nice slidedeck on his website – http://www.mike-bond.com/cl/research/Chrysalis.pdf