This blog is part of the VTPP (VNET Threat Perception Platform) project, a three-year programme co-funded by the European Commission under the DIGITAL-ECCC-2022-CYBER-03 call. The project covers DDoS mitigation with FastNetMon, vulnerability scanning with OpenVAS, custom AI/ML detection plugins for Zeek, HSM-backed key management, RPKI validation and a Krill CA, and a full-scale deployment of Security Onion as the IDS/SIEM/NSM backbone.
Introduction
In modern cryptographic infrastructure, the greatest attention is typically paid to production HSM appliances that perform the actual cryptographic operations. An equally critical—yet sometimes underrated—component of the architecture is the backup of cryptographic keys. Without a reliable and secure backup mechanism, the failure or corruption of an HSM can lead to the loss of access to data, certificates, or the entire cryptographic infrastructure.
To address this challenge, Thales offers the Luna Backup HSM B790, a device designed specifically for the secure backup, archival, and recovery of cryptographic keys from production HSM appliances. Unlike conventional HSMs that actively perform cryptographic operations, a backup HSM functions as a highly secure “vault” intended for the long-term retention of cryptographic material.
Its primary role is to ensure that, even in the event of a production HSM failure, cryptographic keys can be securely restored without compromising security principles such as split knowledge, dual control, or separation of duties. At the same time, it must meet the same rigorous certification standards as production appliances, including FIPS 140-3 Level 3 and enterprise security requirements.
Capabilities and Architecture of the Luna Backup HSM B790
The Luna B790 is engineered as a dedicated HSM appliance intended exclusively for backup and restore operations. It does not perform online cryptographic operations for applications; instead, it serves as a secure target for cryptographic objects exported from production HSMs.
The device supports the following functions:
- Secure storage of cryptographic keys
- Import and export of HSM backups
- Partition recovery
- Replication of cryptographic objects
- Long-term archival of key material
Like a production HSM, the backup HSM relies on hardware-based key protection, with all operations executed within an isolated security boundary. Keys are always protected and never leave the device in cleartext form.
The B790 is typically deployed in a segregated security zone, frequently at a different site or in a geographically separated data center, in order to minimize the risk of data loss during catastrophic events.
Network Configuration and Security Isolation
The Luna Backup HSM B790 is designed as a highly isolated device and should be connected only within defined security zones. It provides a USB-C (USB 3.0 Type-C) connector for host and token connectivity.
Initialization and Initial Configuration
The initialization process for the Luna Backup HSM B790 is very similar to that of a production HSM; however, its objective is to establish a secure environment for storing backups rather than for performing cryptographic operations.
Initialization involves establishing the device’s baseline security state, defining administrative roles, and configuring security policies. On first power-up, the device is in a so-called factory state, which permits no cryptographic operations until the device has been properly configured.
During initial configuration, the access policy is defined as follows:
slot set -slot 101
hsm init -label BACKUP_HSM -initwithpwd -password SO_SECRET -domain DOMAIN
role login -name so -password SO_SECRET
hsm changehsmpolicy -policy 55 -value 1Example Backup Process
The diagram above illustrates a typical client-initiated backup. The operation is driven from the production Luna Network HSM, where the source application partition is visible as slot 0; the Backup HSM B790 is presented to the same client as slot 101. Before any objects can be cloned, the Security Officer authenticates to the source slot, since a backup that creates or resizes a partition on the B790 requires the Backup HSM SO credential. The two devices must also share the same cloning domain (DOMAIN): cryptographic material cannot cross a domain boundary, which is what prevents keys from being copied to an unauthorized device. During the operation, each object is cloned over the encrypted, mutually authenticated channel and is decrypted only inside the destination HSM’s secure boundary, so keys never exist in cleartext outside the hardware. On the B790, all available free space is initially assigned to the new backup partition; once cloning completes, the partition is automatically resized to the minimum needed for the stored objects and the remaining space is reclaimed. The resulting partition can then be retained offline as a tamper-resistant archive and used later as the source for a restore operation.
Restore and Recovery of the HSM Infrastructure
The recovery of cryptographic keys is one of the most critical processes in the entire HSM infrastructure. In the event of a production HSM failure, data loss, or system migration, cryptographic objects must be restored in a manner that preserves the integrity and security of the entire environment.
The restore process is carried out in several strictly controlled steps. First, the security context is restored on the target HSM; next, a trusted connection is established between the backup HSM and the production appliance. Only then can the import of cryptographic objects begin.
Each restore operation requires authentication by multiple administrators and is fully audited. This process ensures that no unauthorized party can recover sensitive keys without the organization’s knowledge.
Restore operations are also frequently used in the following scenarios:
- Disaster recovery scenarios
- Migration of HSM infrastructure
- Recovery following cybersecurity incidents
- Testing of backup strategies
The restore is likewise initiated on the Luna Network HSM partition (slot 0) from the Luna Backup HSM partition (slot 101):
slot set -slot 0
role login -name so -password SO_SECRET_SLOT0
partition clear
partition archive restore -slot 101 -partition BCK_INTERNAL -password BCK_INTERNAL_SECRETSummary
The Luna Backup HSM B790 addresses a part of the cryptographic architecture that is easy to overlook until an incident forces the question: if a production HSM is lost, can its keys be recovered without compromising them? Rather than performing online cryptographic operations, the B790 acts as a dedicated, tamper-resistant vault for the backup, archival, and recovery of key material, holding up to 100 partitions in a device certified to FIPS 140-3 Level 3.
Throughout the backup and restore lifecycle, the same security principles are preserved end to end. Keys are cloned only between devices that share a common cloning domain, they traverse the link encrypted and are decrypted solely within an HSM’s secure boundary, and every operation is authenticated and fully audited so that no single party can move sensitive material unnoticed. Deploying the B790 in a segregated zone—ideally a geographically separate site—extends this protection to catastrophic-failure and disaster-recovery scenarios.
In practice, a sound backup strategy is only as good as its proven ability to restore. Organizations should treat the restore path as a first-class procedure: exercise it regularly against realistic scenarios, confirm that domain and policy settings match between source and target, and keep firmware current so that certification and supported mechanisms remain valid. Used this way, the Luna Backup HSM B790 provides a reliable foundation for protecting the continuity and integrity of the entire cryptographic infrastructure.
Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the granting authority can be held responsible for them.