SLIDE 1
Insert Your Name Insert Your Title Insert Date
Hardware Security Modules
What they are and why it's likely that you've (indirectly) used one today
RWC 2015 Paul Hampton 8th January 2015
Hardware Security Modules What they are and why it's likely that - - PowerPoint PPT Presentation
Hardware Security Modules What they are and why it's likely that - - PowerPoint PPT Presentation
Hardware Security Modules What they are and why it's likely that you've (indirectly) used one today Insert Your Name Insert Your Title Insert Date RWC 2015 Paul Hampton 8 th January 2015 What Am I Going to Talk About? What Is A Where Will
SLIDE 2
SLIDE 3
A Hardware Security Module is…
…a dedicated crypto processor… …designed for the protection of keys throughout their lifecycle… …validated as secure by third parties… …a Trust Anchor…
SLIDE 4
A Hardware Security Module is…
…a source of high quality random numbers… …a vault for holding cryptographic keys…
…Cryptographic Acceleration Hardware…
…a hardware solution that implements the cryptographic algorithms you want to use…
SLIDE 5
How is a HSM deployed?
Application Servers
Application Crypto Services Key Management Services Key Vault Services
Tamper Resistance/Response Separation of Duties MFA with M of N Controls PKCS #11 CAPI / CNG Java CSP OpenSSL XML-DIGSIG Backup/Restore Access Controls Export Controls EKM Interface Policy Def’n and Enforcement FIPS 140-2 Level 3 Common Criteria EAL4+
Offload Multiple Partitions
Availability and Load Balancing
Cryptographic Processing
Security Officer Application Owner Auditor IT Admin
Role Separation Certifications
SLIDE 6
Certifications
- Provide independent verification of the security of a HSM
6
Common Criteria
SLIDE 7
Physical Security Features
Features of a Validated HSM Appliance
Intrusion detection Tamper Resistant Fasteners Tamper Resistant Fan Mounts Tamper Resistant I/O Mounts Serialised Tamper Evident Labelling Internal Baffles to Prevent Probing Protected Electronics
SLIDE 8
HSM Form Factors
SLIDE 9
So What Do HSMs Get Used For?
- 1. Secure Documents
SLIDE 10
HS HSMs secur ure e passpor
- rt
t issuance uance
SLIDE 11
HSM SMs secur ure e documents ents for governm nment ents, s, hospitals, itals, and the cour urt system tem
SLIDE 12
Secure Manufacturing
SLIDE 13
HSM SMs secur ure e enter ertai ainmen ment t devices, ices, includin cluding g video eogam game e consoles soles and Person sonal al Video eo Recor
- rder
ers
SLIDE 14
HSM SMs secur ure e Sm Smart Meteri ering g Sy System ems s and the deliver ivery y of Meter er messages ages in our homes s to H Head d End Utility ility systems ems
SLIDE 15
Banking and Payments
SLIDE 16
HSM SMs secur ure e mobile le money y paymen ments ts and verbal bal banking king transac nsactio tions s made by teleph ephone
- ne
SLIDE 17
HSM SMs secur ure e card data and the deliver ivery y of Personal
- nal Identific
ificatio ation n Number ers s (P (PINs) s)
SLIDE 18
HSM SMs secur ure e the production uction of credit edit and debit it cards ds and mobile le phone SI SIM cards. ds.
SLIDE 19
And Yet More Payments Use Cases…
SLIDE 20
HSM SMs secur ure e SS SSL for the websit sites es we use every y day
SLIDE 21
Transport and Infrastructure
SLIDE 22
HSM SMs secur ure e Devic vice e Manufacturing ufacturing in the deliver livery y of Trust usted ed Devic vice e Identities ities we used Ever ery y Day
SLIDE 23
Railway lway signalli nalling g infras rastruct tructur ure e is secur ured ed by Hardwar ware e Se Security urity Modules les
SLIDE 24
HSM SMs are used to p protec ect t the communication unication protocols
- cols for large
ge industri strial al equipm pment ent
SLIDE 25
HSM SMs secur ure e the softwar are e and physical sical component nents s of safety ety critica itical l systems tems
SLIDE 26
HSM HSM HSM HSM HSM HSM HSM HSM
SLIDE 27
HSM SMs secur ure e automated ated toll l booth passes es
SLIDE 28
Online Content
SLIDE 29
HSM SMs secur ure e the deliver ivery y of streamin eaming g media
SLIDE 30