Abstract

Abstract: There is a strong demand for a secure cryptographic platform in cloud and mobile computing to support variety of sensitive applications. When used in large scale distributed environments, one of the options is to provide cryptography operations as a service (CaaS) instead of computed on end-user device. It is crucial for CaaS to be trusted by its users as the cryptographic material is accessed and can be compromised. One option is to execute sensitive operations inside a trusted hardware module (HSM) so even platform operator is not able to access used cryptographic material. Current HSMs provides reasonable computational performance for closed centralised systems (e.g., top HSMs can perform up to 9,000 RSA 1024b signatures per second). But implementing CaaS for different operations with distinct keys submitted by many users in parallel with currently available HSMs comes with a number of challenges, though. The talk will summarize existing challenges and introduce alternative architecture capable to host large number of applications, cryptographic material and concurrent users. The experience obtained from building such architecture will be also discussed.

Bio: Petr Švenda is Assistant Professor at the Masaryk University, Brno, Czech Republic. He engages in the research of an authentication and key distribution protocols usable for distributed systems with multiple parties, often with the devices significantly limited in performance capabilities and/or working in partially compromised environment like cryptographic smart cards or wireless sensor networks. He also focus on a utilization of secure hardware in complex scenarios and the development of secure applications on such platforms. Presented work is a part of applied research done by Enigma Bridge @ ideaSpace, Cambridge, UK.