CVRČEK, Daniel and Petr ŠVENDA. Architecture Considerations for Massively Parallel Hardware Security Platform. In Rajat Subhra Chakraborty, Peter Schwabe, Jon Solworth. Lecture Notes in Computer Science 9354. Berlin: Springer. p. 269-288. ISBN 978-3-319-24125-8. doi:10.1007/978-3-319-24126-5_16. 2015.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Architecture Considerations for Massively Parallel Hardware Security Platform
Authors CVRČEK, Daniel (203 Czech Republic) and Petr ŠVENDA (203 Czech Republic, guarantor, belonging to the institution).
Edition Berlin, Lecture Notes in Computer Science 9354, p. 269-288, 20 pp. 2015.
Publisher Springer
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher Germany
Confidentiality degree is not subject to a state or trade secret
Publication form printed version "print"
Impact factor Impact factor: 0.402 in 2005
RIV identification code RIV/00216224:14330/15:00086107
Organization unit Faculty of Informatics
ISBN 978-3-319-24125-8
ISSN 0302-9743
Doi http://dx.doi.org/10.1007/978-3-319-24126-5_16
UT WoS 000365953300016
Keywords in English security; secure hardware; smart cards; cryptography as a service
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 13/5/2020 20:50.
Abstract
Cryptography as a service (CaaS) provides means for executing sensitive cryptographic operations when the primary computing platform does not offer the required level of trust and security. Instead of executing operations like document signing directly by an application running in untrusted environment, the operation keys are only present in trusted environment used by CaaS. Once the operation keys are put in place, the applications use a CaaS interface to obtain results of sensitive operations - document signatures - executed by CaaS. A typical scenario is the use of virtual computing platform in the cloud. Use of CaaS reduces impact of the potential compromise of this virtual platform and simplifies subsequent recovery. The attacker will not learn the value of sensitive keys (e. g., signing keys) and is only able to use the keys for a limited time. The CaaS is enabling technology for a large number of use cases where security is important. The concept of scalable and universally available CaaS has also far-reaching usability, security, legal, and economics consequences of cloud use. In this position paper, we focus on requirements for building a CaaS platform - what are the options and challenges to build hardware and software components for CaaS suitable for usage scenarios with different load patterns and user requirements. We propose a suitable architecture for CaaS that can be shared by a large number of concurrent users, i. e., providing access to a large number of cryptographic keys. We also provide practical results from our prototype implementation.
PrintDisplayed: 28/3/2024 12:59