Secure Upgrade of Hardware Security Modules in Bank Networks

Focardi, Riccardo; Luccio, Flaminia L.

doi:10.1007/978-3-642-16074-5_7

Cited by 5 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This will be the subject of section 4.3. As upgrading the bank network HSMs worldwide is complex and very expensive in [30] the authors have proposed a method for the secure upgrade of HSMs in wide networked systems. This method incrementally upgrades the network so to obtain upgraded, secure subnets, while preserving the compatibility towards the legacy system.…”

Section: Pin Processingmentioning

confidence: 99%

An Introduction to Security API Analysis

Focardi

Luccio

Steel

2011

Foundations of Security Analysis and Design VI

Self Cite

View full text Add to dashboard Cite

A security API is an Application Program Interface that allows untrusted code to access sensitive resources in a secure way. Examples of security APIs include the interface between the tamper-resistant chip on a smartcard (trusted) and the card reader (untrusted), the interface between a cryptographic Hardware Security Module, or HSM (trusted) and the client machine (untrusted), and the Google maps API (an interface between a server, trusted by Google, and the rest of the Internet). The crucial aspect of a security API is that it is designed to enforce a policy, i.e. no matter what sequence of commands in the interface are called, and no matter what the parameters, certain security properties should continue to hold. This means that if the less trusted code turns out to be malicious (or just faulty), the carefully designed API should prevent compromise of critical data. Designing such an interface is extremely tricky even for experts. A number of security flaws have been found in APIs in use in deployed systems in the last decade. In this tutorial paper, we introduce the subject of security API analy- sis using formal techniques. This approach has recently proved highly successful both in finding new flaws and verifying security properties of improved designs. We will introduce the main techniques, many of which have been adapted from language-based security and security protocol verification, by means of two case studies: cryptographic key management, and Personal Identification Number (PIN) processing in the cash machine network. We will give plenty of exam- ples of API attacks, and highlight the areas where more research is needed

show abstract

Section: Pin Processingmentioning

confidence: 99%

An Introduction to Security API Analysis

Focardi

Luccio

Steel

2011

Foundations of Security Analysis and Design VI

Self Cite

View full text Add to dashboard Cite

show abstract

“…Also, the HSM hardware allows executing cryptographic operations in a trusted environment. On top of that, the HSM device is equipped with a fully self-protecting circuit, so if tamper sensors detect a possible attack, all critical keys are immediately destroyed and the HSM device becomes permanently inoperable [5].…”

Section: Introductionmentioning

confidence: 99%

HSM-based Key Management Solution for Ethereum Blockchain

Shbair

Gavrilov²,

State

2021

2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC)

View full text Add to dashboard Cite

The security of distributed applications backed by blockchain technology relies mainly on keeping the associated cryptographic keys (i.e. private keys) in well-protected storage. Since they are the unique proof of ownership of the underlying digital assets. If the keys are stolen or lost, there is no way to recover the assets. The cold wallet is a good candidate for basic use cases, but it has a substantial challenge for more complex applications as it does not scale. Warm and hot wallets are more convenient options for blockchain-based solutions that aim to transact in a cloud environment. In this work, we focus on Hardware Security Module (HSM) based wallet. The HSM is the de-facto standard device designed to manage high-value cryptographic keys and to protect them against hacks. In this demonstration, we present an HSM-based working prototype that secures the entire life cycle of Ethereum public and private keys.

show abstract