hardware security modules hsms benefits and challenges
play

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, - PowerPoint PPT Presentation

Jun 08, 2023 •128 likes •255 views

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014 richard.lamb@icann.org Hardware Security Modules Cool but what are you protecting? This works fine in many cases ..but this may be the real problem No

  1. Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014 richard.lamb@icann.org

  2. Hardware Security Modules

  3. Cool but what are you protecting?

  4. This works fine in many cases

  5. ..but this may be the real problem No Documented Processes

  6. ..and sometimes this

  7. Analysis • What are you protecting? • Who is your customer? • What is at risk? • Set expectations • Cost

  9. Common API (sort of): PKCS11 • A common interface for HSM and smartcards – C_Sign() – C_GeneratePair() • Avoids vendor lock-in – somewhat – Also see Key Management Interoperability Protocol (KMIP) • Vendor Supplied Drivers (mostly Linux, Windows) and some open source KMIP: http://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol

  10. Certifications (CYA) FIPS 140-2 Level 3 • – Sun SCA6000 (~30000 RSA 1024/sec) ~$10000 (was $1000!!) – Thales/Ncipher nshield (~500 RSA 1024/sec) ~$15000 – Ultimaco FIPS 140-2 Level 4 • – AEP Keyper (~1200 RSA 1024/sec) ~$15000 – IBM 4765 (~1000 RSA 1024/sec) ~$9000 Recognized by your national certification authority • – Kryptus (Brazil) ~ $2500 EAL / Common Criteria • – >= EAL 4 - Protection Profile for Secure Signature Creation Devices (SSCD) (European standard CWA 14169) http://www.opendnssec.org/wp-content/uploads/2011/01/A-Review-of-Hardware-Security-Modules-Fall-2010.pdf http://csrc.nist.gov/groups/STM/cmvp/validation.html http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm https://wiki.opendnssec.org/display/DOCREF/HSM+Buyers'+Guide

  11. Smartcards / Tokens Smartcards (PKI) (card reader ~$12) • – AthenaSC IDProtect ~$30 (JP) – Feitian ~$5-10 (CN) – Aventra ~$11 (FI) – CardContact ~$20 (DE) TPM • – Built into many PCs (Messy API) Token • – Aladdin/SafeNet USB e-Token ~$50 Open source PKCS11 Drivers available • – OpenSC Has RNG • Slow ~0.5-10 1024 RSA signatures per second •

  12. Random Number Generator X rand() X Netscape: Date+PIDs  LavaRand ? System Entropy into /dev/random (FBSD=dbrg+entropy/Linux=entropy?)  H/W, Quantum Mechanical (laser) $  Standards based (FIPS, NIST 800-90 DRBG ;-)  Built into CPU chips

Recommend

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer Laboratory http://www.cl.cam.ac.uk/~mgk25/ Applications of Tamper Resistant Modules Security of cryptographic applications is based on secure

564 views • 23 slides
Hardware Security Modules What they are and why it's likely that you've (indirectly) used one

Hardware Security Modules What they are and why it's likely that you've (indirectly) used one

Hardware Security Modules What they are and why it's likely that you've (indirectly) used one today Insert Your Name Insert Your Title Insert Date RWC 2015 Paul Hampton 8 th January 2015 What Am I Going to Talk About? What Is A Where Will

746 views • 30 slides
The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection

The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection

The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection Man-Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan University of Illinois at Urbana-Champaign Qualcomm Research Silicon Valley June 6, 2016

928 views • 46 slides
How nCipher HSMs enhance security for Red Hat OpenShift Platform www.ncipher.com Red Hat and

How nCipher HSMs enhance security for Red Hat OpenShift Platform www.ncipher.com Red Hat and

How nCipher HSMs enhance security for Red Hat OpenShift Platform www.ncipher.com Red Hat and nCipher partnership history Long standing 10+ years technology partnership Supported integrations Red Hat Enterprise Linux Certificate System

712 views • 10 slides
Root Zone KSK: A fu er ICANN 53 Edward Lewis | ICANN 53 | June2015 edward.lewis@icann.org

Root Zone KSK: A fu er ICANN 53 Edward Lewis | ICANN 53 | June2015 edward.lewis@icann.org

Root Zone KSK: A fu er ICANN 53 Edward Lewis | ICANN 53 | June2015 edward.lewis@icann.org Agenda Setting the scene Change of Hardware Security Modules (HSMs) Roll (change) the Key Signing Key (KSK) The big finish | 2

272 views • 15 slides
SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security

SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security

SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security Sanjeev Das , Jan Werner, Manos Antonakakis, Michalis Polychronakis, and Fabian Monrose SoK: The Challenges, Pitfalls, and Perils of Using Hardware

529 views • 28 slides
Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada,

Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada,

Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada, KTH Pointsec Mobile Technologies TPM Introduction Microcontroller affixed to the motherboard. Cryptographic functions like key storage

834 views • 35 slides
Secure upgrade of hardware security modules in bank networks Riccardo Focardi 1 Flaminia Luccio

Secure upgrade of hardware security modules in bank networks Riccardo Focardi 1 Flaminia Luccio

Secure upgrade of hardware security modules in bank networks Riccardo Focardi 1 Flaminia Luccio 1 1 Universit` a Ca Foscari di Venezia, Italy { focardi,luccio } @dsi.unive.it ARSPA-WITS10 Paphos, Cyprus March 27-28, 2010 Work

1.25k views • 69 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin Lukasiewycz TUM CREATE Singapore Outline Motivation (current E/E architectures) Trends (Integrated Architectures / Connected Car) Challenges Overview

496 views • 23 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April 2014 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 2/ 56 Secure Hardware History Military: WW2 Enigma machines - captured

667 views • 56 slides
Modern Systems: Security October 8, 2012 Background: Trusted Platform Modules What is a TPM?

Modern Systems: Security October 8, 2012 Background: Trusted Platform Modules What is a TPM?

Modern Systems: Security October 8, 2012 Background: Trusted Platform Modules What is a TPM? 16 Platform Configuration Registers (PCRs) Random Number Generator (RNG) Endorsement Key (EK) burned in hardware What can it do?

575 views • 33 slides
HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware & SoDware pentester -

803 views • 40 slides
Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco Cifuentes francisco@niclabs.cl

Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco Cifuentes francisco@niclabs.cl

Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco Cifuentes francisco@niclabs.cl Problem description To satisfy security needs, DNS operators use Hardware Security Modules. Specialized hardware that have special security

445 views • 21 slides
XR79110/15/20 22V, 10/15/20A Synchronous Step Down COT Power Modules Key Features Benefits

XR79110/15/20 22V, 10/15/20A Synchronous Step Down COT Power Modules Key Features Benefits

XR79110/15/20 22V, 10/15/20A Synchronous Step Down COT Power Modules Key Features Benefits 10/15/20Amp Power Modules Industrys smallest 20A power module Efficiency > 92% Integrated MOSFETs and inductors 12x14x4mm

522 views • 11 slides
COMPILING FOR THE ARCHER HARDWARE Slides contributed by Cray and EPCC Modules The Cray

COMPILING FOR THE ARCHER HARDWARE Slides contributed by Cray and EPCC Modules The Cray

COMPILING FOR THE ARCHER HARDWARE Slides contributed by Cray and EPCC Modules The Cray Programming Environment uses the GNU modules framework to support multiple software versions and to create integrated software packages As new

586 views • 31 slides
CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security

CrypTech October 2018 Barcelona Hardware Security Module From Wikipedia: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing. These

977 views • 34 slides
Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Advanced Systems Security: Linux Security Modules Trent Jaeger Systems and Internet

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security: Linux Security Modules Trent

872 views • 30 slides
Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB

Cryptech The Open Hardware Security Module Platform Joachim Strmbergson ::1 Assured AB https://github.com/secworks IT security Embedded systems ASIC, FPGA Biometrics Open Crypto Hardware CPU design Assembly hacking Hardware Security

896 views • 50 slides
Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER /

Hardware Security Group at Lab-STICC 8 faculties and 12 PhD students / postdocs / ATER / engineers Hardware security for embedded systems: memory and communication protection Arithmetic Tradeoffs on Performance/Cost/Security secure

310 views • 14 slides
for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1

Attacker Models for hardware or embedded security Erik Poll Digital Security Radboud University Nijmegen 1 Security-sensitive hardware: examples 2 Naive attacker model Attacks on communication channels exploiting lousy crypto or insecure

904 views • 45 slides
MODULES MODULES The Beginner's Guide by Daniela Engert 1 ABOUT ME ABOUT ME Diploma degree in

MODULES MODULES The Beginner's Guide by Daniela Engert 1 ABOUT ME ABOUT ME Diploma degree in

Meeting C++ 2019 MODULES MODULES The Beginner's Guide by Daniela Engert 1 ABOUT ME ABOUT ME Diploma degree in electrical engineering For 40 years creating computers and software For 30 years developing hardware and software in the field

1.09k views • 68 slides
Security Operation Center Concepts and Implementation renaud.bidou@intexxia.com > SOC Modules

Security Operation Center Concepts and Implementation renaud.bidou@intexxia.com > SOC Modules

Security Operation Center Concepts and Implementation renaud.bidou@intexxia.com > SOC Modules > Global Architecture > Collection & Storage > Correlation > SOC Modules R Box R Box reaction and reporting + A Box K Box A Box

673 views • 13 slides

More recommend