hardware security modules hsms benefits and challenges
play

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, - PowerPoint PPT Presentation

Jun 08, 2023 •128 likes •255 views

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014 richard.lamb@icann.org Hardware Security Modules Cool but what are you protecting? This works fine in many cases ..but this may be the real problem No

  1. Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014 richard.lamb@icann.org

  2. Hardware Security Modules

  3. Cool but what are you protecting?

  4. This works fine in many cases

  5. ..but this may be the real problem No Documented Processes

  6. ..and sometimes this

  7. Analysis • What are you protecting? • Who is your customer? • What is at risk? • Set expectations • Cost

  9. Common API (sort of): PKCS11 • A common interface for HSM and smartcards – C_Sign() – C_GeneratePair() • Avoids vendor lock-in – somewhat – Also see Key Management Interoperability Protocol (KMIP) • Vendor Supplied Drivers (mostly Linux, Windows) and some open source KMIP: http://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol

  10. Certifications (CYA) FIPS 140-2 Level 3 • – Sun SCA6000 (~30000 RSA 1024/sec) ~$10000 (was $1000!!) – Thales/Ncipher nshield (~500 RSA 1024/sec) ~$15000 – Ultimaco FIPS 140-2 Level 4 • – AEP Keyper (~1200 RSA 1024/sec) ~$15000 – IBM 4765 (~1000 RSA 1024/sec) ~$9000 Recognized by your national certification authority • – Kryptus (Brazil) ~ $2500 EAL / Common Criteria • – >= EAL 4 - Protection Profile for Secure Signature Creation Devices (SSCD) (European standard CWA 14169) http://www.opendnssec.org/wp-content/uploads/2011/01/A-Review-of-Hardware-Security-Modules-Fall-2010.pdf http://csrc.nist.gov/groups/STM/cmvp/validation.html http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm https://wiki.opendnssec.org/display/DOCREF/HSM+Buyers'+Guide

  11. Smartcards / Tokens Smartcards (PKI) (card reader ~$12) • – AthenaSC IDProtect ~$30 (JP) – Feitian ~$5-10 (CN) – Aventra ~$11 (FI) – CardContact ~$20 (DE) TPM • – Built into many PCs (Messy API) Token • – Aladdin/SafeNet USB e-Token ~$50 Open source PKCS11 Drivers available • – OpenSC Has RNG • Slow ~0.5-10 1024 RSA signatures per second •

  12. Random Number Generator X rand() X Netscape: Date+PIDs  LavaRand ? System Entropy into /dev/random (FBSD=dbrg+entropy/Linux=entropy?)  H/W, Quantum Mechanical (laser) $  Standards based (FIPS, NIST 800-90 DRBG ;-)  Built into CPU chips

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer Laboratory http://www.cl.cam.ac.uk/~mgk25/ Applications of Tamper Resistant Modules Security of cryptographic applications is based on secure

564 views • 23 slides
Hardware Security Modules What they are and why it's likely that you've (indirectly) used one

Hardware Security Modules What they are and why it's likely that you've (indirectly) used one

Hardware Security Modules What they are and why it's likely that you've (indirectly) used one today Insert Your Name Insert Your Title Insert Date RWC 2015 Paul Hampton 8 th January 2015 What Am I Going to Talk About? What Is A Where Will

746 views • 30 slides
The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection

The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection

The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection Man-Ki Yoon, Mihai Christodorescu, Lui Sha, Sibin Mohan University of Illinois at Urbana-Champaign Qualcomm Research Silicon Valley June 6, 2016

928 views • 46 slides
How nCipher HSMs enhance security for Red Hat OpenShift Platform www.ncipher.com Red Hat and

How nCipher HSMs enhance security for Red Hat OpenShift Platform www.ncipher.com Red Hat and

How nCipher HSMs enhance security for Red Hat OpenShift Platform www.ncipher.com Red Hat and nCipher partnership history Long standing 10+ years technology partnership Supported integrations Red Hat Enterprise Linux Certificate System

712 views • 10 slides
Root Zone KSK: A fu er ICANN 53 Edward Lewis | ICANN 53 | June2015 edward.lewis@icann.org

Root Zone KSK: A fu er ICANN 53 Edward Lewis | ICANN 53 | June2015 edward.lewis@icann.org

Root Zone KSK: A fu er ICANN 53 Edward Lewis | ICANN 53 | June2015 edward.lewis@icann.org Agenda Setting the scene Change of Hardware Security Modules (HSMs) Roll (change) the Key Signing Key (KSK) The big finish | 2

272 views • 15 slides
SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security

SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security

SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security Sanjeev Das , Jan Werner, Manos Antonakakis, Michalis Polychronakis, and Fabian Monrose SoK: The Challenges, Pitfalls, and Perils of Using Hardware

529 views • 28 slides
Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada,

Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada,

Trusted Platform Modules and Hardware-based Security Andreas Nilsson Masters Student at Nada, KTH Pointsec Mobile Technologies TPM Introduction Microcontroller affixed to the motherboard. Cryptographic functions like key storage

834 views • 35 slides
Secure upgrade of hardware security modules in bank networks Riccardo Focardi 1 Flaminia Luccio

Secure upgrade of hardware security modules in bank networks Riccardo Focardi 1 Flaminia Luccio

Secure upgrade of hardware security modules in bank networks Riccardo Focardi 1 Flaminia Luccio 1 1 Universit` a Ca Foscari di Venezia, Italy { focardi,luccio } @dsi.unive.it ARSPA-WITS10 Paphos, Cyprus March 27-28, 2010 Work

1.25k views • 69 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin Lukasiewycz TUM CREATE Singapore Outline Motivation (current E/E architectures) Trends (Integrated Architectures / Connected Car) Challenges Overview

496 views • 23 slides
Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just:

Why W3C needs to Remain Neutral and Endorse Brand - free Hardware Security Web + Hardware Security is much, much more than just: Image source: halfelf.org It is about decentralizing ID validation and key storage (my religion)

522 views • 16 slides
Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April

Hardware Security Modules: Attacks and Secure Configuration Graham Steel Graham Steel April 2014 Graham Steel - HSM Attacks and Secure Configuration April 2014 - 2/ 56 Secure Hardware History Military: WW2 Enigma machines - captured

667 views • 56 slides
Modern Systems: Security October 8, 2012 Background: Trusted Platform Modules What is a TPM?

Modern Systems: Security October 8, 2012 Background: Trusted Platform Modules What is a TPM?

Modern Systems: Security October 8, 2012 Background: Trusted Platform Modules What is a TPM? 16 Platform Configuration Registers (PCRs) Random Number Generator (RNG) Endorsement Key (EK) burned in hardware What can it do?

575 views • 33 slides
HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware

HARDSPLOIT Framework for Hardware Security Audit a bridge between hardware & a so0ware pentester Who am I ? Julien Moinard - Electronic engineer @opale-security (French company) - Security consultant, Hardware & SoDware pentester -

803 views • 40 slides
Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco Cifuentes francisco@niclabs.cl

Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco Cifuentes francisco@niclabs.cl

Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco Cifuentes francisco@niclabs.cl Problem description To satisfy security needs, DNS operators use Hardware Security Modules. Specialized hardware that have special security

445 views • 21 slides
XR79110/15/20 22V, 10/15/20A Synchronous Step Down COT Power Modules Key Features Benefits

XR79110/15/20 22V, 10/15/20A Synchronous Step Down COT Power Modules Key Features Benefits

XR79110/15/20 22V, 10/15/20A Synchronous Step Down COT Power Modules Key Features Benefits 10/15/20Amp Power Modules Industrys smallest 20A power module Efficiency > 92% Integrated MOSFETs and inductors 12x14x4mm

522 views • 11 slides
Surrey Social Care Services Board Page 1 Introduction for members Introduction for members

Surrey Social Care Services Board Page 1 Introduction for members Introduction for members

Surrey Social Care Services Board Page 1 Introduction for members Introduction for members Thursday 25 June 2015 Caroline Budden Deputy Director Children, Schools and Families Keeping children safe Our Surrey picture In 2014/15, we

445 views • 22 slides
Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos

Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos

Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos This presentation represents the official position of the Emergent Chaos blog, not our employers Welcome to Sevilla From the Catalan Atlas by Abraham

649 views • 39 slides
Hardrock Proj oject Upd pdate Thunder Bay Chamber of Commerce May 30, 2018 Agenda

Hardrock Proj oject Upd pdate Thunder Bay Chamber of Commerce May 30, 2018 Agenda

Hardrock Proj oject Upd pdate Thunder Bay Chamber of Commerce May 30, 2018 Agenda Introduction Hardrock Project Highlights Environmental Impact Statement/Environmental Assessment Update Impacts to Local and Regional Economy

375 views • 22 slides
OVERALL APPROACH Consultation demonstrated support for A clear emphasis on literacy and

OVERALL APPROACH Consultation demonstrated support for A clear emphasis on literacy and

LITERACY AND NUMERACY FOR LEARNING AND LIFE a concerted national effort to achieve world -class literacy and numeracy skills among our children and young people Ruair Quinn, TD, Minister for Education and Skills 1 OVERALL APPROACH

488 views • 28 slides
The Role of Calcineurin The Role of Calcineurin Inhibitors in the Treatment Inhibitors in the

The Role of Calcineurin The Role of Calcineurin Inhibitors in the Treatment Inhibitors in the

The Role of Calcineurin The Role of Calcineurin Inhibitors in the Treatment Inhibitors in the Treatment of Idiopathic Membranous of Idiopathic Membranous Nephropathy Nephropathy Membranous Nephropathy Membranous Nephropathy Conference,

506 views • 31 slides
Northwood - Kensett Community School District 1:1 MacBook Rollout School Year 2010-2011

Northwood - Kensett Community School District 1:1 MacBook Rollout School Year 2010-2011

Northwood - Kensett Community School District 1:1 MacBook Rollout School Year 2010-2011 A quick look at the MacBook Specifications and features MacBook 2.26 GHz Intel Core2 Duo 2 Gigabytes of RAM 250 Gigabyte Hard Drive

776 views • 39 slides
Canvas/Chromebook Technology Initiative - UHS March 2018 Objective To provide a recommendation

Canvas/Chromebook Technology Initiative - UHS March 2018 Objective To provide a recommendation

Canvas/Chromebook Technology Initiative - UHS March 2018 Objective To provide a recommendation to the School Board regarding a path forward with the Canvas/Chromebook technology initiative at the high school. 2 2013 - 2014 Timeline UCFSD

313 views • 18 slides
Asiasoft Corporation PLC. (AS) Asiasoft Talk 2013 13 th March 2013 Disclaimer Agenda The

Asiasoft Corporation PLC. (AS) Asiasoft Talk 2013 13 th March 2013 Disclaimer Agenda The

Asiasoft Corporation PLC. (AS) Asiasoft Talk 2013 13 th March 2013 Disclaimer Agenda The information contained in this presentation is for information purposes only and does not constitute an offer or invitation to sell or the solicitation of

746 views • 55 slides

More recommend