Toward scaling hardware security module for emerging cloud services

Han, Juhyeng; Kim, Seong–Min; Kim, Taesoo; Han, Dongsu

doi:10.1145/3342559.3365335

Cited by 9 publications

(3 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…HSMs can be used to protect keys used by certificate authorities, banks, and cryptocurrency wallets. They are present within vehicles [69], operational technology [32], and clouds [31]. HSMs act as trusted security anchors and gateway to the network.…”

Section: Related Workmentioning

confidence: 99%

SocIoTy: Practical Cryptography in Smart Home Contexts

Jois,

Beck,

Belikovetsky

et al. 2024

PoPETs

View full text Add to dashboard Cite

Smartphones form an important source of trust in modern computing. But, while their mobility is convenient, smartphones can be stolen or seized, allowing an adversary to impersonate the user in their digital life: accessing the user's services and decrypting their sensitive files. With this in mind, we build SocIoTy, which leverages a user's existing IoT devices to add a context-sensitive layer of security for non-expert users. Instead of assuming the existence of dedicated hardware, SocIoTy re-uses the devices of a user's smart home to provide cryptographic services, which we term at-home cryptography. We show that at-home cryptography can be built from simple cryptographic primitives, and that our SocIoTy solution is able to provide useful functionalities, like two-factor authentication (2FA) and secure file storage, while protecting against powerful adversaries in this setting. We implement and evaluate SocIoTy in real-world use cases and provide microbenchmarks for individual cryptographic operations on realistic models of IoT devices. We also provide full benchmarks of an end-to-end deployment on a simulated smart home, using a smartphone and 9 IoT devices to generate and display 2FA one-time passwords in less than 200 milliseconds. SocIoTy is able to provide strong, practical cryptography while binding its execution to the smart home itself, all without requiring additional hardware.

show abstract

Section: Related Workmentioning

confidence: 99%

SocIoTy: Practical Cryptography in Smart Home Contexts

Jois,

Beck,

Belikovetsky

et al. 2024

PoPETs

View full text Add to dashboard Cite

show abstract

“…HSMs fulfill a very important role as the root of trust in systems where they are applied. In fact, HSMs are used in different fields; for example, in PKIs [22], network protocols [23], database encryption [24], digital signatures [25], and cloud services [26].…”

Section: Introductionmentioning

confidence: 99%

Blockchain-Based Services Implemented in a Microservices Architecture Using a Trusted Platform Module Applied to Electric Vehicle Charging Stations

et al. 2023

View full text Add to dashboard Cite

Microservice architectures exploit container-based virtualized services, which rarely use hardware-based cryptography. A trusted platform module (TPM) offers a hardware root for trust in services that makes use of cryptographic operations. The virtualization of this hardware module offers high usability for other types of service that require TPM functionalities. This paper proposes the design of TPM virtualization in a container. To ensure integrity, different mechanisms, such as attestation and sealing, have been developed for the binaries and libraries stored in the container volumes. Through a REST API, the container offers the functionalities of a TPM, such as key generation and signing. To prevent unauthorized access to the container, this article proposes an authentication mechanism based on tokens issued by the Cognito Amazon Web Service. As a proof of concept and applicability in industry, a use case for electric vehicle charging stations using a microservice-based architecture is proposed. Using the EOS.IO blockchain to maintain a copy of the data, the virtualized TPM microservice provides the cryptographic operations necessary for blockchain transactions. Through a two-factor authentication mechanism, users can access the data. This scenario shows the potential of using blockchain technologies in microservice-based architectures, where microservices such as the virtualized TPM fill a security gap in these architectures.

show abstract

“…Furthermore, this approach lacks standardization, as it is specifically tailored to work only with SharePoint servers, limiting its applicability and flexibility in diverse server environments. Another strategy involves the use of "Module-OT", a hardware security module (HSM) developed by the National Renewable Energy Laboratory (NREL) to secure communication between distributed energy resource systems [26]. HSMs are tamper-resistant hardware devices that facilitate end-to-end encryption, authentication, and authorization by generating cryptographic keys and X.509 certificates and performing various cryptographic and certificate management operations.…”

mentioning

confidence: 99%

HSM4SSL: Leveraging HSMs for Enhanced Intra-Domain Security

Aref,

Ouda

2024

Future Internet

View full text Add to dashboard Cite

In a world where digitization is rapidly advancing, the security and privacy of intra-domain communication within organizations are of critical concern. The imperative to secure communication channels among physical systems has led to the deployment of various security approaches aimed at fortifying networking protocols. However, these approaches have typically been designed to secure protocols individually, lacking a holistic perspective on the broader challenge of intra-domain communication security. This omission raises fundamental concerns about the safety and integrity of intra-domain environments, where all communication occurs within a single domain. As a result, this paper introduces HSM4SSL, a comprehensive solution designed to address the evolving challenges of secure data transmission in intra-domain environments. By leveraging hardware security modules (HSMs), HSM4SSL aims to utilize the Secure Socket Layer (SSL) protocol within intra-domain environments to ensure data confidentiality, authentication, and integrity. In addition, solutions proposed by academic researchers and in the industry have not addressed the issue in a holistic and integrative manner, as they only apply to specific types of environments or servers and do not utilize all cryptographic operations for robust security. Thus, HSM4SSL bridges this gap by offering a unified and comprehensive solution that includes certificate management, key management practices, and various security services. HSM4SSL comprises three layers to provide a standardized interaction between software applications and HSMs. A performance evaluation was conducted comparing HSM4SSL with a benchmark tool for cryptographic operations. The results indicate that HSM4SSL achieved 33% higher requests per second (RPS) compared to OpenSSL, along with a 13% lower latency rate. Additionally, HSM4SSL efficiently utilizes CPU and network resources, outperforming OpenSSL in various aspects. These findings highlight the effectiveness and reliability of HSM4SSL in providing secure communication within intra-domain environments, thus addressing the pressing need for enhanced security mechanisms.

show abstract

Toward scaling hardware security module for emerging cloud services

Cited by 9 publications

References 8 publications

SocIoTy: Practical Cryptography in Smart Home Contexts

SocIoTy: Practical Cryptography in Smart Home Contexts

Blockchain-Based Services Implemented in a Microservices Architecture Using a Trusted Platform Module Applied to Electric Vehicle Charging Stations

HSM4SSL: Leveraging HSMs for Enhanced Intra-Domain Security

Contact Info

Product

Resources

About