How MPC Enables Secure Public Cloud Usability Avi Rose, vHSM Business Development - Europe November 2018
The Perimeter is Dead 2
Keys: The Foundation of the Foundation The foundation of any security model – is the crypto layer. * Crypto keys are the Foundation of the Foundation 3
Welcome to Unbound Best of Both Worlds Based on cryptographic breakthroughs that draw strength from math (not matter), Unbound eliminates the single point of compromise providing a secure path for digital innovation. 4
Never Whole. Never Compromised. Keys Protected by Math, Not Matter 1 2 3 Each private key exists Key shares are never Key material never exists as two separate random shares combined at any point in the clear at any point stored on separate locations & in time – not even when of its lifecycle refreshed constantly used or when created You can’t steal what isn’t there… 5
Multi Party Computation Pure-software approach • The key never exists as one entity. It is created and maintained as N random shares • You can place the random shares at different places • Use of shares without ever bringing them together • The Share are refreshed after each transaction Underlying technology • MPC cryptography protocol • Machines jointly working while keeping inputs private (Zero Knowledge Proof) • Security guarantee – mathematically proven 6
Serving the Fortune 500 companies Developed by World-Renowned Scientists powering the digital era: in the field of in Multi-Party Computation Prof. Yehuda Lindell Chief Scientist, Co-founder Wikipedia Our Investors: Prof. Nigel Smart Co-founder Wikipedia Certifications: Pending 7
The Benefits of vHSM Technology V V V V V Hardware-level Supports all Infinitely scalable Available anywhere: Future ready security in a pure- industry-standard key management on-premise, any and agile software solution cryptography cloud, any BYOD cryptography 8
A Mathematical Guarantee for a Digital & Secure Future Protect and manage any Trusted computing on secrets even while in use, the cloud, where data so they never ever exist in is protected in the whole, anywhere. cloud at all times, even during processing. Share and collaborate to gain insights from sensitive data without exposing it. 9
Why does transforming to a Public Cloud Can increase security risks? Management of your Cryptographic Keys using cloud provider KMS (Azure/KMS/GCP) expose the following risks : 1. Key Material is not within your control (GDPR? PSD2?) 2. Cloud Providers system administrators can get access to YOUR Key Material. 3. Pending a US Subpoena YOUR data will be provided without acknowledging you. For those risks most enterprises in Europe declined using the cloud provider’s KMS…… 10
Controlling Keys in the Cloud is Now a Best Practice “Businesses really need a solution that grants them full and sole control of their encryption keys at all times, so that keys and data can never be exposed to government agencies, privileged insiders, or hackers during a breach.” “Encrypt, tokenize or mask all data at rest. Control the key.” 1. OneLogin hacker swiped AWS keys, can decrypt stolen data , Doug Olenick, SC Network Security, June 2nd 2017 2. Securing Workloads and Information in Amazon Web Services , Neil MacDonald, Gartner Security & Risk Management Summit, June 2017 11
Control Your Own Key (CYOK) in the Public Cloud The first solution to allow SaaS and IaaS customers to keep full control of their cryptographic keys, while maintaining full functionality of their applications and services in the cloud. You maintain full Key material never exists in Real-time, tamper proof control of your crypto the clear – anywhere audit log that logs ANY keys in the cloud key operation Instant key revocation with No HSM or any the click of a button hardware appliance needed Next 12
Control Your Own Key (CYOK) in the Public Cloud Two Practical Examples Architecture On-Premises Unbound Key Control CYOK Data Center Unbound Key Control Secure Boundary Secure Boundary Real time tamper proof audit for any key operation Code Signing Service SaaS Provider Saas Customer 1 The key can be used for any purpose. Real time tamper Unbound Key Control The key material never proof audit for any exists in the cloud. Secure Boundary CYOK key operation Hybrid SIEM Unbound Key Control Code Signing Secure Boundary Service SaaS Provider Saas Customer 2 BACK 13
Hybrid Cloud Key Management – Any Key, Anywhere You can now use a unified cluster of UKC to securely manage all crypto keys across all sites and across all workloads from one centralized system with a single pane of glass. Keys automatically sync between different sites and workloads to ensure no more key management in silos. SW-only solution that Can be deployed on any Single pane of glass for achieves HW-grade cloud, on-premises, key management across security for cryptographic physical/virtual machines any hybrid and multi-site keys and secrets & containers environment Seamless integration with Compatible with all CSPs, existing HSMs and key no vendor lock-in management systems Next 14
Hybrid Cloud Key Management: How does it work? Hybrid environment Global organization with multiple with multiple workloads branches spread worldwide Unbound Key Control Cluster HSM/KM On-Premises Private Cloud Unbound Key Control Cluster BACK 15
Deploy Elastic and Automated Key Management Unbound offers a centralized and fully automated, scalable key management that meets even the strictest security requirements No dependency on Supports all environments and Scale up and down underlying hardware and app delivery models, including instantly to support any physical infrastructure VMs and containers level of capacity REST API provides easy Easy maintenance and automation of initial setup and automated updates day-to-day management Next 16
Database What Would You Like to Unbind? Encryption App-level Encryption Secure Manufacturing Code Signing Hybrid Cloud Key Secure Cloud Control Your Own Deploy Elastic & Management for Any Native Key (CYOK) in the Automated Key Blockchain Key Key, Any Cloud Applications Public Cloud Management Management Go >> Go >> Go >> Go >> Secure Authentication on any BYOD Replace Hardware Tokens with BYOD GDPR Add a Root of Trust Secure Identities, Deliver Future- Go Passwordless Secure for Apps into any Keys and Credentials Ready, Crypto- Now Mobile PKI BYOD on IoT Devices Agile Applications PCI-DSS Go >> Go >> Go >> Go >> Compliance 17
Thank You avi.rose@unboundtech.com
Decrypt Process using MPC in Unbound UKC vHSM M1 M2 6EBA928UPIIET 3U3NJI28VZ10T DECRYPT TLS TLS 00XI401LQIRL1 Hello, Alice! TLS TLS Private Key Private Key Share K2 Share K1 19
Recommend
More recommend
