Overview

Luna SA is designed with the security of your cryptographic keys in mind, and is the choice for enterprises requiring strong security for cryptographic keys.

As a general purpose hardware security module (HSM), Luna SA can be easily integrated into a wide range of applications to accelerate cryptographic operations, secure the crypto key lifecycle, and acts a root of trust for your entire encryption infrastructure.

Approach to Key Security: Keys in Hardware

Luna SA is the most trusted general purpose HSM on the market in part because of our unique approach to protecting cryptographic keys. Unlike other methods of key storage which move keys outside of the HSM into a “trusted layer,” the keys-in-hardware approach protects the entire key lifecycle within the FIPS 140-2 validated confines of the Luna SA HSM appliance. This method ensures that your keys always benefit from both physical and logical protections of the Luna SA.

Scalable Security for Virtual and Cloud Environments

Luna SA can be separated into twenty cryptographically isolated partitions, with each partition acting as if it was an independent HSM. This provides a tremendous amount of scalability and flexibility, as a single HSM can act as the root of trust that protects the cryptographic key lifecycle of twenty dependent applications.

What’s more, Luna SA partitions are designed to protect key material from other tenants on the appliance, meaning different lines of business, or customers in the case of service provides, can leverage the same appliance without fear of losing their keys to another tenants.

Available in Two Performance Models

Luna SA is available in two performance models; Luna 7000 and Luna SA 1700.

Luna SA 7000 is a high performance HSM capable of best in class performance across a breadth of algorithms including ECC, RSA, and symmetric transactions. Luna SA 7000 also features a dual, hot-swappable power supply that ensures consistent performance and no down-time.

The Luna 1700 variant includes a single power supply, and is capable of 1700 RSA 1024-bit transactions per second.

Algorithm                  Luna SA 1700 Model                Luna SA 7000 Model

RSA-1024                           1,700                                            7,000

RSA-2048                            350                                             1,200

ECC P256                            500                                              2,000

ECIES                                  200                                                300

AES-GCM                          3700                                              3700

Features & Benefits

Sample Applications:

• PKI key generation & key
• Storage (online CA keys & offline CA keys)
• Certificate validation & signing
• Document signing
• Transaction processing
• Database encryption
• Smart card issuance

Security at a Glance:

• FIPS 140-2 (available in Level 2 and 3) validated
• Common Criteria EAL 4+ certified cryptographic module
• Keys in hardware
• Remote management
• Secure transport mode for high-assurance delivery
• Multi-level access control
• Multi-part splits for all access control keys
• Intrusion-resistant, tamper-evident hardware
• Secure Audit Logging
• Strongest cryptographic algorithms
• Suite B algorithm support
• Secure decommission

Features:

• Dual Hot Swap Power Supplies
• Multi-level access control
• Intrusion-resistant, tamper-evident hardware
• Field Serviceable Components
• Software upgradable
• Up to 100 clients
• Multiple Roles for Administration
• Strong Separation of Duties
• Partitioning and strong cryptographic separation
• Load Balancing and Scalability
• Host Trust Links – secure binding of client to HSM in Virtual Cloud Environment

Specification

Operating System Support

OS Support : Windows, Linux, Solaris, AIX, HP-UX
: Virtual: VMware, Hyper-V, Xen

Cryptographic Support

Cryptography : Full Suite B support
: Asymmetric: RSA (1024-8192), DSA (1024-3072), Diffie-Hellman, KCDSA, Elliptic Curve Cryptography (ECDSA, ECDH, ECIES) with named, user-defined and Brainpool curves
: Symmetric: AES, RC2, RC4, RC5, CAST, DES, Triple DES, ARIA, SEED
: Hash/Message Digest/HMAC: SHA-1, SHA-2 (224-512), SSL3-MD5-MAC, SSL3-SHA-1-MAC
: Random Number Generation: FIPS 140-2 approved DRBG (SP 800-90 CTR mode)
Crytographic APIs : PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL

Physical Characteristics

Rack Mountable : Standard 19″ EIA rack mount chassis (1U height)

Dimensions : 19″ x 21″ x 1.725″ (482.6mm x 533.4mm x 43.815mm)

Weight : 28lb (12.7kg)

Input Voltage : 100-240V, 50-60Hz

Power Consumption : 180W maximum, 155W typical

Temperature : Operating 0° to 40°C

Relative Humidity : 5% to 95% (38°C) non-condensing

Hardware Redundancy : 2 redundant/hot-swappable power supplies

Security Certifications

Certifications : FIPS 140-2 Level 2 and Level 3
: Common Criteria EAL4+
: BAC & EAC ePassport Support
Safety and Environmental Compliance

Compliance : UL, CSA, CE
: FCC, KC Mark, VCCI, CE
: RoHS, WEEE

Management, Logging, and Monitoring

Management : M of N support for division of command

Logging : Syslog

Monitoring : SNMPv3