low cost threshold cryptography hsm for opendnssec
play

Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco - PowerPoint PPT Presentation

Aug 20, 2022 •222 likes •445 views

Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco Cifuentes francisco@niclabs.cl Problem description To satisfy security needs, DNS operators use Hardware Security Modules. Specialized hardware that have special security

  1. Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco Cifuentes francisco@niclabs.cl

  2. Problem description ● To satisfy security needs, DNS operators use Hardware Security Modules. ● Specialized hardware that have special security properties. o http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

  3. Problem description ● HSM are expensive. o $50 - $50000 o FIPS 140-2 level 1 to level 4. o High security level implies high price. ● Small institutions want to deploy DNSSEC but they can not buy them.

  4. Problem description ● What if ... – we could achieve a good security level without paying that much? – we use old and not in use hardware, and we achieve a good security level not paying at all...

  5. Proposed solution: Low-Cost Threshold Cryptography HSM for OpenDNSSEC Francisco Cifuentes francisco@niclabs.cl

  6. Solution description ● Threshold Cryptography N1 N2 N3 N4 N5 SD

  7. Solution description ● Threshold Cryptography N1 N2 N3 N4 N5 SD

  8. Solution description ● Threshold Cryptography

  9. Solution description ● Threshold Cryptography: – Secure – Fault tolerant – Robust

  10. Solution description ● HSM basic architecture

  11. Solution description ● TCHSM Architecture

  12. Solution description OpenDNSSEC Architecture

  13. Solution description OpenDNSSEC Architecture TCHSM

  14. Solution description

  15. Experiments and results 2 Configuration ● Typical desktop computer ● Raspberry PI ● Intel dual-core processors at 2.8 GHz ● Broadcom BCM2835 ARM unicore at ● 4 MB of memory cache and 1 GB of 700 MHz, 128 KB of memory cache RAM ● 512 MB RAM ● (one of them used as DNS server with OpenDNSSEC) Gigabit LAN with latency lower than 1 second, 8 machines of the same type connected.

  16. Our Raspberry PI Cluster!

  17. Experiments and results Experiment ● 8 nodes try to sign the zone registry. ● The signature dealer waits until the first 5 not compromised nodes sign the zone registry. ● Measuring the average time of the generation of 1000 RRSIG signatures. ● Also measuring the average time of the generation of 1000 RRSIG signatures using the SoftHSM solution made by OpenDNSSEC's developers.

  18. Experiments and results Results Key Size 1024 bits 2048 bits Project Cost SoftHSM TCHSM SoftHSM TCHSM Desktop PC 5 ms 69 ms 14 ms 283 ms $0 † Raspberry PI 21 ms 382 ms 81 ms 1408 ms $35 x 8 = $280 † We use old computers that were not in use :-)

  19. Implementation problems ● Managed systems memory zeroization.

  20. Future Work ● Implementation diversity. ● Full distributed threshold RSA. ● GPU Usage. ● Replication / Migration.

  21. Distributed HSM Francisco Cifuentes - francisco@niclabs.cl Links: ● www.niclabs.cl ● github.com/niclabs/tscrypto

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Enter the Threshold The NIST Threshold Cryptography Project National Institute of Standards and

Enter the Threshold The NIST Threshold Cryptography Project National Institute of Standards and

Enter the Threshold The NIST Threshold Cryptography Project National Institute of Standards and Technology NIST Threshold Cryptography Workshop 2019 (#NTCW2019) March 11, 2019 @ NIST campus, Gaithersburg MD, USA Contact email:

1.21k views • 80 slides
Whats new with OpenDNSSEC Berry van Halderen Nlnet Labs / OpenNetLabs Place of OpenDNSSEC

Whats new with OpenDNSSEC Berry van Halderen Nlnet Labs / OpenNetLabs Place of OpenDNSSEC

Whats new with OpenDNSSEC Berry van Halderen Nlnet Labs / OpenNetLabs Place of OpenDNSSEC DNSSEC adds a new dimension to DNS; Zone files do no longer sit statically in your nameserver; DNSSEC requires constant resigning, key management

361 views • 8 slides
OpenDNSSEC Error recovery Aleksandar Kasabov Research project II July 5th, 2012 Outline

OpenDNSSEC Error recovery Aleksandar Kasabov Research project II July 5th, 2012 Outline

OpenDNSSEC Error recovery Aleksandar Kasabov Research project II July 5th, 2012 Outline OpenDNSSEC (ODS) Key rollovers test Error recovery Environment changes Components crash What are the best TTL settings

653 views • 15 slides
Confium: an open-source framework to support threshold cryptography standardization NIST MPTS

Confium: an open-source framework to support threshold cryptography standardization NIST MPTS

Confium: an open-source framework to support threshold cryptography standardization NIST MPTS 2020 November 5, 2020 Ronald Tse, Ribose Jointly prepared by Daniel Wyatt, Nickolay Olshevsky, Jeffrey Lau Mozilla Thunderbirds OpenPGP email is

392 views • 14 slides
Lecture 9: Secret Sharing, Threshold Cryptography, MPC Helger Lipmaa Helsinki University of

Lecture 9: Secret Sharing, Threshold Cryptography, MPC Helger Lipmaa Helsinki University of

T-79.159 Cryptography and Data Security Lecture 9: Secret Sharing, Threshold Cryptography, MPC Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi T-79.159 Cryptography and Data Security, 24.03.2004 Lecture 9: Secret Sharing,

1.45k views • 33 slides
Methods to Estimate the Cost Effectiveness Threshold for the NHS Mark Sculpher, PhD Professor of

Methods to Estimate the Cost Effectiveness Threshold for the NHS Mark Sculpher, PhD Professor of

Methods to Estimate the Cost Effectiveness Threshold for the NHS Mark Sculpher, PhD Professor of Health Economics University of York, UK HERG Seminar, September 6 th 2011 Acknowledgements Co-investigators: Karl Claxton Nancy Devlin

821 views • 25 slides
How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE Rikke Bendlin, Sara

How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE Rikke Bendlin, Sara

How to Share a Lattice Trapdoor: Threshold Protocols for Signatures and (H)IBE Rikke Bendlin, Sara Krehbiel , Chris Peikert Georgia Institute of Technology June 26, 2013 ACNS 2013, Banff, Alberta, Canada 1/11 Threshold Cryptography Setting: A

678 views • 39 slides
Dynamic Threshold Public-Key Encryption C ecile Delerabl ee David Pointcheval Ecole

Dynamic Threshold Public-Key Encryption C ecile Delerabl ee David Pointcheval Ecole

Dynamic Threshold Public-Key Encryption C ecile Delerabl ee David Pointcheval Ecole normale sup Orange Labs erieure CRYPTO 2008 August 20th, 2008 Formal Model Our Construction Conclusion Threshold Cryptography When one cannot

286 views • 11 slides
Cost-benefit analysis of quantum cryptography D. J. Bernstein University of Illinois at Chicago

Cost-benefit analysis of quantum cryptography D. J. Bernstein University of Illinois at Chicago

Cost-benefit analysis of quantum cryptography D. J. Bernstein University of Illinois at Chicago NSF ITR0716498 2004 PatersonPiperSchack: Why quantum cryptography? 2007 All eaume et al.: SECOQC white paper on quantum key

561 views • 37 slides
Watershed Below TMDL Threshold At TMDL Threshold Above TMDL Threshold Water Quality Overview

Watershed Below TMDL Threshold At TMDL Threshold Above TMDL Threshold Water Quality Overview

Nantucket Harbor Watershed Below TMDL Threshold At TMDL Threshold Above TMDL Threshold Water Quality Overview Routine monitoring: June-September. Water quality, dissolved oxygen, algae, eelgrass. Work with State agencies to

631 views • 19 slides
NICE Cost Effectiveness Threshold Karl Claxton, 1,2 Steve Martin, 2 Marta Soares, 1 Nigel Rice,

NICE Cost Effectiveness Threshold Karl Claxton, 1,2 Steve Martin, 2 Marta Soares, 1 Nigel Rice,

Methods for the Estimation of the NICE Cost Effectiveness Threshold Karl Claxton, 1,2 Steve Martin, 2 Marta Soares, 1 Nigel Rice, 1,2 Eldon Spackman, 1 Sebastian Hinde, 1 Nancy Devlin, 3 Peter C Smith, 4 Mark Sculpher 1 1. Centre for Health

526 views • 39 slides
Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure

Threshold Implementations Svetla Nikova Threshold Implementations A provably secure countermeasure Against (first) order power analysis based on multi party computation and secret sharing 2 Outline Threshold Implementations

990 views • 58 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi

Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi

Threshold resummation far from threshold GGI, Firenze, September 7 th , 2011 Giovanni Ridolfi Universit` a di Genova and INFN Genova, Italy Plan of the talk: 1. When is threshold resummation relevant? 2. Ambiguities in resummed results

939 views • 69 slides
Real-time updates to signed zones using dynamic update, OpenDNSSEC and BIND views Gavin

Real-time updates to signed zones using dynamic update, OpenDNSSEC and BIND views Gavin

Real-time updates to signed zones using dynamic update, OpenDNSSEC and BIND views Gavin Brown <gavin.brown@centralnic.com> ICANN 50 London PRIVATE & CONFIDENTIAL A Brief History of CentralNics DNS System 1994: Altos Series 1000

505 views • 18 slides
1 I t Introduction d ti

1 I t Introduction d ti

Secret Sharing and Threshold Cryptography 1 I t Introduction d ti Story #1: A millionaire put all his estate in a safe and leaves y p the combination to his seven

690 views • 47 slides
An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security

An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security

An Introduction to Quantum Computers and Quantum Cryptography Computer Network Security Prepared by: Nima Bayan, P.Eng. Fall 2003 Contents ! Introduction " Cryptography and Relativity " Quantum Algorithms " Quantum Computers !

227 views • 11 slides
Cryptography in a Quantum World Grgoire Ribordy ID Quantique May 2016 ID Quantique

Cryptography in a Quantum World Grgoire Ribordy ID Quantique May 2016 ID Quantique

Cryptography in a Quantum World Grgoire Ribordy ID Quantique May 2016 ID Quantique PROPRIETARY Cybersecurity Cybertechnologies are becoming Cybersecurity is a growing and increasingly pervasive. fundamental part of safety and

427 views • 18 slides
An Upda te on Post Qua ntum Cr yptog r a phy Mike Bro wn, CT O & Co -fo unde r, ISARA

An Upda te on Post Qua ntum Cr yptog r a phy Mike Bro wn, CT O & Co -fo unde r, ISARA

An Upda te on Post Qua ntum Cr yptog r a phy Mike Bro wn, CT O & Co -fo unde r, ISARA Co rpo ra tio n ounde d | 2015 F He a dqua rte rs | Wa te rlo o , Onta rio , Ca na da unding from Qua ntum Va lle y Inve stme nts| $11.5M Initia l

397 views • 26 slides
Table of Contents 1. Trusted Objects 2. PRIDE 3. CEMA 4. DFA 5. Costs analysis 6.

Table of Contents 1. Trusted Objects 2. PRIDE 3. CEMA 4. DFA 5. Costs analysis 6.

O N THE IMPORTANCE OF CONSIDERING PHYSICAL ATTACKS WHEN IMPLEMENTING LIGHTWEIGHT CRYPTOGRAPHY Alexandre Adomnicai 1 , 6 Benjamin Lac 2 , 6 Anne Canteaut 5 Jacques J.A. Fournier 3 Laurent Masson 1 Renaud Sirdey 4 Assia Tria 2 1Trusted Objects,

299 views • 25 slides
Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John

Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John

Hardening PGP using GnuPG and Yubikey hybrid multifactor authentication and cryptography John Roman Linux System Administrator RAND Corporation SCALE 2017 Roman, John PGP PGP 101 public/private keyrings Roman, John PGP PGP 101

471 views • 43 slides
p -Adic Dynamical Systems and Cryptography Non-Archimedean View on T -functions Vladimir Anashin

p -Adic Dynamical Systems and Cryptography Non-Archimedean View on T -functions Vladimir Anashin

p -Adic Dynamical Systems and Cryptography Non-Archimedean View on T -functions Vladimir Anashin Russian State University for the Humanities Faculty of Information Security p -Adic Dynamical Systems and Cryptography p. 1/65 T -functions:

2.1k views • 198 slides
APPLIED CRYPTOGRAPHY: FROM ALGORITHMS TO LIBRARIES @ABSTRACTJ GOAL OF THIS PRESENTATION

APPLIED CRYPTOGRAPHY: FROM ALGORITHMS TO LIBRARIES @ABSTRACTJ GOAL OF THIS PRESENTATION

APPLIED CRYPTOGRAPHY: FROM ALGORITHMS TO LIBRARIES @ABSTRACTJ GOAL OF THIS PRESENTATION ALGORITHMS An algorithm must be seen to be believed. Donald E. Knuth THIS TALK IS NOT ABOUT ALGORITHMS, ONLY SECURITY the state of being

1.03k views • 74 slides
Constrained Environments A. Murat Fiskiran and Ruby B. Lee Princeton Architecture Laboratory for

Constrained Environments A. Murat Fiskiran and Ruby B. Lee Princeton Architecture Laboratory for

Workload Characterization of Elliptic Curve Cryptography and other Network Security Algorithms for Constrained Environments A. Murat Fiskiran and Ruby B. Lee Princeton Architecture Laboratory for Multimedia and Security Princeton University A.

330 views • 15 slides

More recommend