How MPC Enables Secure Public Cloud Usability Avi Rose, vHSM - - PowerPoint PPT Presentation

how mpc enables secure public cloud usability
SMART_READER_LITE
LIVE PREVIEW

How MPC Enables Secure Public Cloud Usability Avi Rose, vHSM - - PowerPoint PPT Presentation

Sep 04, 2023 371 likes •571 views

How MPC Enables Secure Public Cloud Usability Avi Rose, vHSM Business Development - Europe November 2018 The Perimeter is Dead 2 Keys: The Foundation of the Foundation The foundation of any security model is the crypto layer. *

slide-1
SLIDE 1

How MPC Enables Secure Public Cloud Usability

Avi Rose, vHSM Business Development - Europe November 2018

slide-2
SLIDE 2

2

The Perimeter is Dead

slide-3
SLIDE 3

3

Keys: The Foundation of the Foundation

The foundation of any security model – is the crypto layer.

* Crypto keys are the Foundation of the Foundation

slide-4
SLIDE 4

4

Welcome to Unbound

Based on cryptographic breakthroughs that draw strength from math (not matter), Unbound eliminates the single point of compromise providing a secure path for digital innovation.

Best of Both Worlds

slide-5
SLIDE 5

5

Never Whole. Never Compromised. Keys Protected by Math, Not Matter

You can’t steal what isn’t there…

Each private key exists as two separate random shares stored on separate locations & refreshed constantly Key shares are never combined at any point in time – not even when used or when created Key material never exists in the clear at any point

  • f its lifecycle

1 2 3

slide-6
SLIDE 6

6

Multi Party Computation

Pure-software approach

  • The key never exists as one entity. It is created and

maintained as N random shares

  • You can place the random shares at different places
  • Use of shares without ever bringing them together
  • The Share are refreshed after each transaction

Underlying technology

  • MPC cryptography protocol
  • Machines jointly working while keeping inputs private

(Zero Knowledge Proof)

  • Security guarantee – mathematically proven
slide-7
SLIDE 7

7

  • Prof. Nigel Smart

Co-founder

Wikipedia

  • Prof. Yehuda Lindell

Chief Scientist, Co-founder

Wikipedia

Developed by World-Renowned Scientists in the field of in Multi-Party Computation Our Investors:

Pending

Certifications: Serving the Fortune 500 companies powering the digital era:

slide-8
SLIDE 8

8

The Benefits of vHSM Technology

V V V V V

Hardware-level security in a pure- software solution Supports all industry-standard cryptography Infinitely scalable key management Available anywhere:

  • n-premise, any

cloud, any BYOD Future ready and agile cryptography

slide-9
SLIDE 9

9

Protect and manage any secrets even while in use, so they never ever exist in whole, anywhere.

A Mathematical Guarantee for a Digital & Secure Future

Share and collaborate to gain insights from sensitive data without exposing it. Trusted computing on the cloud, where data is protected in the cloud at all times, even during processing.

slide-10
SLIDE 10

10

Why does transforming to a Public Cloud Can increase security risks?

Management of your Cryptographic Keys using cloud provider KMS (Azure/KMS/GCP) expose the following risks : 1. Key Material is not within your control (GDPR? PSD2?) 2. Cloud Providers system administrators can get access to YOUR Key Material.

  • 3. Pending a US Subpoena YOUR data will be provided without

acknowledging you.

For those risks most enterprises in Europe declined using the cloud provider’s KMS……

slide-11
SLIDE 11

11

Controlling Keys in the Cloud is Now a Best Practice

“Businesses really need a solution that grants them full and sole control of their encryption keys at all times, so that keys and data can never be exposed to government agencies, privileged insiders, or hackers during a breach.” “Encrypt, tokenize or mask all data at rest. Control the key.”

1. OneLogin hacker swiped AWS keys, can decrypt stolen data, Doug Olenick, SC Network Security, June 2nd 2017 2. Securing Workloads and Information in Amazon Web Services, Neil MacDonald, Gartner Security & Risk Management Summit, June 2017

slide-12
SLIDE 12

12

Control Your Own Key (CYOK) in the Public Cloud

The first solution to allow SaaS and IaaS customers to keep full control of their cryptographic keys, while maintaining full functionality of their applications and services in the cloud.

Next

You maintain full control of your crypto keys in the cloud Key material never exists in the clear – anywhere Real-time, tamper proof audit log that logs ANY key operation Instant key revocation with the click of a button No HSM or any hardware appliance needed

slide-13
SLIDE 13

13

Control Your Own Key (CYOK) in the Public Cloud

Architecture Two Practical Examples

BACK

SIEM

The key can be used for any purpose. The key material never exists in the cloud. Real time tamper proof audit for any key operation Real time tamper proof audit for any key operation On-Premises Data Center Unbound Key Control Secure Boundary Code Signing Service SaaS Provider Unbound Key Control Secure Boundary Saas Customer 1 Saas Customer 2 Code Signing Service SaaS Provider Unbound Key Control Secure Boundary Unbound Key Control Secure Boundary

CYOK CYOK Hybrid

slide-14
SLIDE 14

14

Hybrid Cloud Key Management – Any Key, Anywhere

You can now use a unified cluster of UKC to securely manage all crypto keys across all sites and across all workloads from one centralized system with a single pane of glass. Keys automatically sync between different sites and workloads to ensure no more key management in silos.

Next

SW-only solution that achieves HW-grade security for cryptographic keys and secrets Can be deployed on any cloud, on-premises, physical/virtual machines & containers Single pane of glass for key management across any hybrid and multi-site environment Seamless integration with existing HSMs and key management systems Compatible with all CSPs, no vendor lock-in

slide-15
SLIDE 15

15

Hybrid Cloud Key Management: How does it work?

Hybrid environment with multiple workloads Global organization with multiple branches spread worldwide

Unbound Key Control Cluster BACK HSM/KM On-Premises Private Cloud Unbound Key Control Cluster

slide-16
SLIDE 16

16

Deploy Elastic and Automated Key Management

Unbound offers a centralized and fully automated, scalable key management that meets even the strictest security requirements

Next

No dependency on underlying hardware and physical infrastructure Supports all environments and app delivery models, including VMs and containers Scale up and down instantly to support any level of capacity REST API provides easy automation of initial setup and day-to-day management Easy maintenance and automated updates

slide-17
SLIDE 17

17

What Would You Like to Unbind?

Hybrid Cloud Key Management for Any Key, Any Cloud Secure Cloud Native Applications Control Your Own Key (CYOK) in the Public Cloud Deploy Elastic & Automated Key Management Deliver Future- Ready, Crypto- Agile Applications Secure Identities, Keys and Credentials

  • n IoT Devices

Add a Root of Trust for Apps into any BYOD Go Passwordless Now Go >> Go >> Go >> Go >> Go >> Go >> Go >> Go >>

Database Encryption App-level Encryption Secure Manufacturing Code Signing Blockchain Key Management Secure Authentication

  • n any BYOD

Replace Hardware Tokens with BYOD GDPR Secure Mobile PKI PCI-DSS Compliance

slide-18
SLIDE 18

Thank You

avi.rose@unboundtech.com

slide-19
SLIDE 19

19

Decrypt Process using MPC in Unbound UKC

M2 M1

00XI401LQIRL1

TLS

3U3NJI28VZ10T

TLS

vHSM

Hello, Alice!

TLS

6EBA928UPIIET

TLS DECRYPT

Private Key Share K1 Private Key Share K2