BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:Storage encryption and key management - Cachin\, C (IBM Research\,
  Zurich)
DTSTART:20120131T110000Z
DTEND:20120131T114500Z
UID:TALK36041@talks.cam.ac.uk
CONTACT:Mustapha Amrani
DESCRIPTION:Data encryption has become a key requirement for enterprise st
 orage systems.  As a consequence of this I have looked into storage encryp
 tion methods and contributed to several storage security products at IBM. 
  Research has formulated the notion of tweakable encryption modes\, which 
 specifically address a requirement of storage encryption.  On the other ha
 nd\, practitioners have used specific key-wrapping modes for a long time b
 efore researchers came up with a formal notion.  We highlight where and ho
 w they are used. \n      The biggest concern in storage encryption are cry
 ptographic keys\, which must be maintained securely and reliably.  Users s
 truggle with the key-management problem because operating procedures and f
 ormats differ across systems.  When multiple users access a key server\, i
 ts interface must be designed with special consideration for cryptographic
  relations among keys.  Cryptographic hardware-security modules (HSMs) fac
 e the same problem.  Some logical attacks through the key-management opera
 tions of HSMs have been reported in the past\, which allowed to expose key
 s merely by exploiting their interfaces in unexpected ways.  We show how t
 o model the security of key-management systems formally and protect them f
 rom interface attacks.  This work originates in the context of creating th
 e OASIS Key Management Interoperability Protocol (KMIP)\, a new open stand
 ard for enterprise-level key management.
LOCATION:Seminar Room 1\, Newton Institute
END:VEVENT
END:VCALENDAR