Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
hardware security modules hsms benefits and challenges

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, - PowerPoint PPT Presentation

Jun 08, 2023 •128 likes •255 views

Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014 richard.lamb@icann.org Hardware Security Modules Cool but what are you protecting? This works fine in many cases ..but this may be the real problem No

  1. Hardware Security Modules (HSMs) Benefits and Challenges ICANN 50, London, UK 25 June 2014 richard.lamb@icann.org

  2. Hardware Security Modules

  3. Cool but what are you protecting?

  4. This works fine in many cases

  5. ..but this may be the real problem No Documented Processes

  6. ..and sometimes this

  7. Analysis • What are you protecting? • Who is your customer? • What is at risk? • Set expectations • Cost

  9. Common API (sort of): PKCS11 • A common interface for HSM and smartcards – C_Sign() – C_GeneratePair() • Avoids vendor lock-in – somewhat – Also see Key Management Interoperability Protocol (KMIP) • Vendor Supplied Drivers (mostly Linux, Windows) and some open source KMIP: http://en.wikipedia.org/wiki/Key_Management_Interoperability_Protocol

  10. Certifications (CYA) FIPS 140-2 Level 3 • – Sun SCA6000 (~30000 RSA 1024/sec) ~$10000 (was $1000!!) – Thales/Ncipher nshield (~500 RSA 1024/sec) ~$15000 – Ultimaco FIPS 140-2 Level 4 • – AEP Keyper (~1200 RSA 1024/sec) ~$15000 – IBM 4765 (~1000 RSA 1024/sec) ~$9000 Recognized by your national certification authority • – Kryptus (Brazil) ~ $2500 EAL / Common Criteria • – >= EAL 4 - Protection Profile for Secure Signature Creation Devices (SSCD) (European standard CWA 14169) http://www.opendnssec.org/wp-content/uploads/2011/01/A-Review-of-Hardware-Security-Modules-Fall-2010.pdf http://csrc.nist.gov/groups/STM/cmvp/validation.html http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm https://wiki.opendnssec.org/display/DOCREF/HSM+Buyers'+Guide

  11. Smartcards / Tokens Smartcards (PKI) (card reader ~$12) • – AthenaSC IDProtect ~$30 (JP) – Feitian ~$5-10 (CN) – Aventra ~$11 (FI) – CardContact ~$20 (DE) TPM • – Built into many PCs (Messy API) Token • – Aladdin/SafeNet USB e-Token ~$50 Open source PKCS11 Drivers available • – OpenSC Has RNG • Slow ~0.5-10 1024 RSA signatures per second •

  12. Random Number Generator X rand() X Netscape: Date+PIDs  LavaRand ? System Entropy into /dev/random (FBSD=dbrg+entropy/Linux=entropy?)  H/W, Quantum Mechanical (laser) $  Standards based (FIPS, NIST 800-90 DRBG ;-)  Built into CPU chips

Recommend

Hardware Observability Framework Hardware Observability Framework Hardware Observability

Hardware Observability Framework Hardware Observability Framework Hardware Observability

Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware Observability Framework Hardware

746 views • 22 slides
How nCipher HSMs enhance security for Red Hat OpenShift Platform www.ncipher.com Red Hat and

How nCipher HSMs enhance security for Red Hat OpenShift Platform www.ncipher.com Red Hat and

How nCipher HSMs enhance security for Red Hat OpenShift Platform www.ncipher.com Red Hat and nCipher partnership history Long standing 10+ years technology partnership Supported integrations Red Hat Enterprise Linux Certificate System

714 views • 10 slides
DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and Security DNS and

863 views • 71 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical & Computer Engineering SPACE | Dec 2016 1

610 views • 29 slides
Contractor Health and Safety Induction Home Safe Everyday Document Code: MHF-HSMS-6910

Contractor Health and Safety Induction Home Safe Everyday Document Code: MHF-HSMS-6910

Contractor Health and Safety Induction Home Safe Everyday Document Code: MHF-HSMS-6910 Issue Date: 12/06/2019 1 Version: 1.2 Contractor Induction Contents 14. Forklifts, Reach Trucks and other Mobile 1. Welcome to Damar

260 views • 21 slides
Module-3b: Offset and Flicker Mitigation 01 August 2018 14:29 Modules Page 1 Modules Page 2

Module-3b: Offset and Flicker Mitigation 01 August 2018 14:29 Modules Page 1 Modules Page 2

Module-3b: Offset and Flicker Mitigation 01 August 2018 14:29 Modules Page 1 Modules Page 2 Modules Page 3 If Y(f) is filtered, we get rid of flicker noise. Modules Page 4 Module-3c: Chopping Non-Idealities 06 September 2018 16:45 Open

237 views • 10 slides
Health & Welfare Employee Benefits 2015 Benefits Overview AGENDA Benefits Team

Health & Welfare Employee Benefits 2015 Benefits Overview AGENDA Benefits Team

Health & Welfare Employee Benefits 2015 Benefits Overview AGENDA Benefits Team Benefits Overview Benefits Enrollment New Hire Benefits Action Checklist Tools and Resources Q&A 1:30pm-2:30pm Benefits New Employee

368 views • 25 slides
VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

The Business of Making Strategies for Success from Startup to Exit Hardware and Robotic Startup Accelerator what hardware used to be . VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to Entry Open

607 views • 32 slides
Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer

Hardware Security Smartcards and other TamperResistant Modules Markus G. Kuhn Computer Laboratory http://www.cl.cam.ac.uk/~mgk25/ Applications of Tamper Resistant Modules Security of cryptographic applications is based on secure

566 views • 23 slides
Root Zone KSK: A fu er ICANN 53 Edward Lewis | ICANN 53 | June2015 edward.lewis@icann.org

Root Zone KSK: A fu er ICANN 53 Edward Lewis | ICANN 53 | June2015 edward.lewis@icann.org

Root Zone KSK: A fu er ICANN 53 Edward Lewis | ICANN 53 | June2015 edward.lewis@icann.org Agenda Setting the scene Change of Hardware Security Modules (HSMs) Roll (change) the Key Signing Key (KSK) The big finish | 2

276 views • 15 slides
Objects and Modules Two sides of the same coin? Martin Odersky Typesafe and EPFL Milner

Objects and Modules Two sides of the same coin? Martin Odersky Typesafe and EPFL Milner

Objects and Modules Two sides of the same coin? Martin Odersky Typesafe and EPFL Milner Symposium, 16 April 2012 1 Components Modules/Objects Compilers Reflection 2 Modules vs Objects Modules and Objects have the same purpose:

893 views • 46 slides
Modules and Programs 1 / 12 Python Programs Python code organized in modules, packages,

Modules and Programs 1 / 12 Python Programs Python code organized in modules, packages,

Modules and Programs 1 / 12 Python Programs Python code organized in modules, packages, and scripts. Weve already used some modules, now well learn what they are, how theyre orgainized in packages, and how to write Python

439 views • 12 slides
modules Organizing a Project into Packages and Modules As programs grow, you will organize

modules Organizing a Project into Packages and Modules As programs grow, you will organize

modules Organizing a Project into Packages and Modules As programs grow, you will organize them into packages and modules In Python, a package is a directory, and a module is a Python file We will only cover the fundamentals, for a more

591 views • 5 slides
Modules and Programs 1 / 14 Python Programs Python code organized in modules, packages,

Modules and Programs 1 / 14 Python Programs Python code organized in modules, packages,

Modules and Programs 1 / 14 Python Programs Python code organized in modules, packages, and scripts. Weve already used some modules, now well learn what they are, how theyre orgainized in packages, and how to write Python

404 views • 14 slides
External Modules 15-110 Monday 11/25 Learning Goals Learn how to install and use external

External Modules 15-110 Monday 11/25 Learning Goals Learn how to install and use external

External Modules 15-110 Monday 11/25 Learning Goals Learn how to install and use external modules Identify common useful modules for the Python language Python Modules The Python programming language comes with a large set of build-in

514 views • 29 slides
TBEN-S Ultra-Compact Multiprotocol I/O Modules Ultra-Compact Multiprotocol I/O Modules in IP67

TBEN-S Ultra-Compact Multiprotocol I/O Modules Ultra-Compact Multiprotocol I/O Modules in IP67

Your Global Automation Partner TBEN-S Ultra-Compact Multiprotocol I/O Modules Ultra-Compact Multiprotocol I/O Modules in IP67 Your advantages The ultra compact TBEN-S block I/O modules are the smallest multiprotocol Ethernet block I/O

266 views • 4 slides
Surrey Social Care Services Board Page 1 Introduction for members Introduction for members

Surrey Social Care Services Board Page 1 Introduction for members Introduction for members

Surrey Social Care Services Board Page 1 Introduction for members Introduction for members Thursday 25 June 2015 Caroline Budden Deputy Director Children, Schools and Families Keeping children safe Our Surrey picture In 2014/15, we

446 views • 22 slides
Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos

Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos

Data on Data Breaches: Past, Present and Future Adam Shostack and Chris Walsh Emergent Chaos This presentation represents the official position of the Emergent Chaos blog, not our employers Welcome to Sevilla From the Catalan Atlas by Abraham

654 views • 39 slides
Hardrock Proj oject Upd pdate Thunder Bay Chamber of Commerce May 30, 2018 Agenda

Hardrock Proj oject Upd pdate Thunder Bay Chamber of Commerce May 30, 2018 Agenda

Hardrock Proj oject Upd pdate Thunder Bay Chamber of Commerce May 30, 2018 Agenda Introduction Hardrock Project Highlights Environmental Impact Statement/Environmental Assessment Update Impacts to Local and Regional Economy

379 views • 22 slides
OVERALL APPROACH Consultation demonstrated support for A clear emphasis on literacy and

OVERALL APPROACH Consultation demonstrated support for A clear emphasis on literacy and

LITERACY AND NUMERACY FOR LEARNING AND LIFE a concerted national effort to achieve world -class literacy and numeracy skills among our children and young people Ruair Quinn, TD, Minister for Education and Skills 1 OVERALL APPROACH

494 views • 28 slides
The Role of Calcineurin The Role of Calcineurin Inhibitors in the Treatment Inhibitors in the

The Role of Calcineurin The Role of Calcineurin Inhibitors in the Treatment Inhibitors in the

The Role of Calcineurin The Role of Calcineurin Inhibitors in the Treatment Inhibitors in the Treatment of Idiopathic Membranous of Idiopathic Membranous Nephropathy Nephropathy Membranous Nephropathy Membranous Nephropathy Conference,

510 views • 31 slides
Northwood - Kensett Community School District 1:1 MacBook Rollout School Year 2010-2011

Northwood - Kensett Community School District 1:1 MacBook Rollout School Year 2010-2011

Northwood - Kensett Community School District 1:1 MacBook Rollout School Year 2010-2011 A quick look at the MacBook Specifications and features MacBook 2.26 GHz Intel Core2 Duo 2 Gigabytes of RAM 250 Gigabyte Hard Drive

779 views • 39 slides
Canvas/Chromebook Technology Initiative - UHS March 2018 Objective To provide a recommendation

Canvas/Chromebook Technology Initiative - UHS March 2018 Objective To provide a recommendation

Canvas/Chromebook Technology Initiative - UHS March 2018 Objective To provide a recommendation to the School Board regarding a path forward with the Canvas/Chromebook technology initiative at the high school. 2 2013 - 2014 Timeline UCFSD

318 views • 18 slides
Asiasoft Corporation PLC. (AS) Asiasoft Talk 2013 13 th March 2013 Disclaimer Agenda The

Asiasoft Corporation PLC. (AS) Asiasoft Talk 2013 13 th March 2013 Disclaimer Agenda The

Asiasoft Corporation PLC. (AS) Asiasoft Talk 2013 13 th March 2013 Disclaimer Agenda The information contained in this presentation is for information purposes only and does not constitute an offer or invitation to sell or the solicitation of

750 views • 55 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.