Architecture Considerations for Massively Parallel Hardware
Security Platform

D 2015

Architecture Considerations for Massively Parallel Hardware Security Platform

CVRČEK, Daniel a Petr ŠVENDA

Základní údaje

Originální název

Architecture Considerations for Massively Parallel Hardware Security Platform

Autoři

CVRČEK, Daniel (203 Česká republika) a Petr ŠVENDA (203 Česká republika, garant, domácí)

Vydání

Berlin, Lecture Notes in Computer Science 9354, od s. 269-288, 20 s. 2015

Nakladatel

Springer

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Německo

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

tištěná verze "print"

Impakt faktor

Impact factor: 0.402 v roce 2005

Kód RIV

RIV/00216224:14330/15:00086107

Organizační jednotka

Fakulta informatiky

ISBN

978-3-319-24125-8

ISSN

DOI

http://dx.doi.org/10.1007/978-3-319-24126-5_16

UT WoS

000365953300016

Klíčová slova anglicky

security; secure hardware; smart cards; cryptography as a service

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 13. 5. 2020 20:50, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

Cryptography as a service (CaaS) provides means for executing sensitive cryptographic operations when the primary computing platform does not offer the required level of trust and security. Instead of executing operations like document signing directly by an application running in untrusted environment, the operation keys are only present in trusted environment used by CaaS. Once the operation keys are put in place, the applications use a CaaS interface to obtain results of sensitive operations - document signatures - executed by CaaS. A typical scenario is the use of virtual computing platform in the cloud. Use of CaaS reduces impact of the potential compromise of this virtual platform and simplifies subsequent recovery. The attacker will not learn the value of sensitive keys (e. g., signing keys) and is only able to use the keys for a limited time. The CaaS is enabling technology for a large number of use cases where security is important. The concept of scalable and universally available CaaS has also far-reaching usability, security, legal, and economics consequences of cloud use. In this position paper, we focus on requirements for building a CaaS platform - what are the options and challenges to build hardware and software components for CaaS suitable for usage scenarios with different load patterns and user requirements. We propose a suitable architecture for CaaS that can be shared by a large number of concurrent users, i. e., providing access to a large number of cryptographic keys. We also provide practical results from our prototype implementation.

Citovat

CVRČEK, Daniel a Petr ŠVENDA. Architecture Considerations for Massively Parallel Hardware Security Platform. In Rajat Subhra Chakraborty, Peter Schwabe, Jon Solworth. Lecture Notes in Computer Science 9354. Berlin: Springer, 2015, s. 269-288. ISBN 978-3-319-24125-8. Dostupné z: https://dx.doi.org/10.1007/978-3-319-24126-5_16.

@inproceedings{1331562,
   author = {Cvrček, Daniel and Švenda, Petr},
   address = {Berlin},
   booktitle = {Lecture Notes in Computer Science 9354},
   doi = {http://dx.doi.org/10.1007/978-3-319-24126-5_16},
   editor = {Rajat Subhra Chakraborty, Peter Schwabe, Jon Solworth},
   keywords = {security; secure hardware; smart cards; cryptography as a service},
   howpublished = {tištěná verze "print"},
   language = {eng},
   location = {Berlin},
   isbn = {978-3-319-24125-8},
   pages = {269-288},
   publisher = {Springer},
   title = {Architecture Considerations for Massively Parallel Hardware Security Platform},
   year = {2015}
}

TY  - JOUR
ID  - 1331562
AU  - Cvrček, Daniel - Švenda, Petr
PY  - 2015
TI  - Architecture Considerations for Massively Parallel Hardware Security Platform
PB  - Springer
CY  - Berlin
SN  - 9783319241258
KW  - security
KW  - secure hardware
KW  - smart cards
KW  - cryptography as a service
N2  - Cryptography as a service (CaaS) provides means for executing sensitive cryptographic operations when the primary computing platform does not offer the required level of trust and security. Instead of executing operations like document signing directly by an application running in untrusted environment, the operation keys are only present in trusted environment used by CaaS. Once the operation keys are put in place, the applications use a CaaS interface to obtain results of sensitive operations - document signatures - executed by CaaS. A typical scenario is the use of virtual computing platform in the cloud. Use of CaaS reduces impact of the potential compromise of this virtual platform and simplifies subsequent recovery. The attacker will not learn the value of sensitive keys (e. g., signing keys) and is only able to use the keys for a limited time. The CaaS is enabling technology for a large number of use cases where security is important. The concept of scalable and universally available CaaS has also far-reaching usability, security, legal, and economics consequences of cloud use. In this position paper, we focus on requirements for building a CaaS platform - what are the options and challenges to build hardware and software components for CaaS suitable for usage scenarios with different load patterns and user requirements. We propose a suitable architecture for CaaS that can be shared by a large number of concurrent users, i. e., providing access to a large number of cryptographic keys. We also provide practical results from our prototype implementation.
ER  -

CVRČEK, Daniel a Petr ŠVENDA. Architecture Considerations for Massively Parallel Hardware Security Platform. In Rajat Subhra Chakraborty, Peter Schwabe, Jon Solworth. \textit{Lecture Notes in Computer Science 9354}. Berlin: Springer, 2015, s.~269-288. ISBN~978-3-319-24125-8. Dostupné z: https://dx.doi.org/10.1007/978-3-319-24126-5\_{}16.

Podrobný výpis o publikaci