Trusted Cyber Technologies
Luna G5 for Government
USB-Attached HSM
The Luna G5 for Government is a small form factor HSM that is widely Secure Transport Mode
used by government agencies for data, applications and digital
identities to reduce risk and ensure regulatory compliance. Derived The G5 tamper response circuits have also allowed the introduction
from industry leading technology, the Luna G5 for Government is of a secure transport mode. Security Officers use the device’s tamper
manufactured, sold, and supported exclusively by Thales Trusted Cyber recovery role keys to cryptographically lock down the HSM prior to
Technologies (TCT). transporting the device. The recovery role keys can be shipped separately
and re-combined at the destination to cryptographically verify the HSM’s
integrity.
Luna G5 for Government Overview
Luna G5 for Government delivers industry leading key management in a
small and portable form factor. All key material is maintained exclusively Common Luna Architecture
within the confines of the hardware. The small form-factor and offline key
All Luna HSMs benefit from a Common Luna Architecture where the
storage capability sets the product apart, making it especially attractive
supported client, APIs, algorithms, and authentication methods are
to customers with business critical keys that need to physically detach
consistent across the entire Luna HSM product line. This eliminates the
and store the HSM in a secure offline environment.
need to design applications around a specific HSM, and provides the
flexibility to move keys from form factor to form factor.
Tamper Recovery Role
The Luna G5 for Government features sophisticated tamper detection Cryptographic Capabilities
and response circuitry to automatically zeroize internal keys in the
Luna G5 for Government supports a broad range of asymmetric key
event of an attempted attack on the HSM. Balancing this extreme
encryption and key exchange capabilities, as well as support for all
security posture with end user ease of use concerns, the Luna G5 for
standard symmetric encryption algorithms. It also supports all standard
Government includes a capability for properly authenticated security
hashing algorithms and message authentication codes (MAC). The
officers to recover from an inadvertent tamper event and quickly put the
Luna G5 for Government also supports ECC key pairs for use in Suite B
HSM back into its usable state without the loss of any keys or sensitive
applications that require a permanent, factory generated digital ID.
data.
�Security Certification Technical Specifications
The Luna G5 for Government has received FIPS 140-2 Level 2
and 3 validation from the National Institution of Standards and Operating System
Technology (NIST). This validation signifies that TCT’s Luna HSMs • Windows, Linux
for Government comply with these stringent standards.
Cryptographic APIs
• PKCS#11, Java (JCA/JCE), Microsoft CAPI and CNG, OpenSSL
Performance and Scalability
Cryptography
Luna G5 for Government • Full Suite B support
• Asymmetric: RSA (1024-8192), DSA (1024-3072), Diffie-Hellman,
• RSA-1024 200 tps KCDSA, Elliptic Curve Cryptography (ECDSA, ECDH, ECIES) with
• RSA-2048 63 tps named, user-defined and Brainpool curves
• ECC P256 43 tps • Symmetric: AES, RC2, RC4, RC5, CAST, DES, Triple DES, ARIA,
• AES-GCM 71tps SEED
• Hash/Message Digest/HMAC: SHA-1, SHA-2 (224-512), SSL3-
Benefits MD5-MAC, SSL3-SHA-1-MAC
• Random Number Generation
Most Secure
• Keys in hardware Physical Characteristics
• Remote Management • Dimensions: 8.5” x 6.7” x 1.7”
• Secure transport mode for high-assurance delivery • Weight: 3.3lb (1.5kg)
• Multi-level access control • Power Consumption: 12W maximum, 8W typical
• Multi-part splits for all access control keys • Temperature: operating 0°C – 50°C
• Intrusion-resistant, tamper- evident hardware
• Suite B algorithm support Security Certifications
• Secure decommission • FIPS 140-2 Level 2 and Level 3 Validation
• Secure Audit Logging
• Strongest cryptographic algorithms Safety and Environmental Compliance
• UL, CSA, CE
Sample Applications • FCC, KC Mark, VCCI, CE
• PKI key generation & key storage (online CA keys & offline • RoHS, WEEE
CA keys)
• Certificate validation & signing Host Interface
• Document signing • USB 2.0
• Transaction processing
• Database encryption Reliability
• Smart card issuance • Mean Time Between Failure (MTBF) 858,824 hours
About Thales Trusted Cyber Technologies
Thales Trusted Cyber Technologies, a business area of Thales Defense
& Security, Inc., protects the most vital data from the core to the cloud
to the field. We serve as a trusted, U.S. based source for cyber
security solutions for the U.S. Federal Government. Our solutions
enable agencies to deploy a holistic data protection ecosystem where
data and cryptographic keys are secured and managed, and access
and distribution are controlled. ©2019 SafeNet Assured Technologies, LLC 3.5.21
Contact Us: For more information, visit www.thalestct.com
3465 Box Hill Corporate Center Drive, Suite D, Abingdon, MD 21009 •443-484-7070 •[email protected]
thalestct.com
