Abstract

Abstract: There is a strong demand for a secure cryptographic platform in cloud and mobile computing to support variety of sensitive applications. When used in large scale distributed environments, one of the options is to provide cryptography operations as a service (CaaS) instead of computed on end-user device. It is crucial for CaaS to be trusted by its users as the cryptographic material is accessed and can be compromised. One option is to execute sensitive operations inside a trusted hardware module (HSM) so even platform operator is not able to access used cryptographic material. Current HSMs provides reasonable computational performance for closed centralised systems (e.g., top HSMs can perform up to 9,000 RSA 1024b signatures per second). But implementing CaaS for different operations with distinct keys submitted by many users in parallel with currently available HSMs comes with a number of challenges, though. The talk will summarize existing challenges and introduce alternative architecture capable to host large number of applications, cryptographic material and concurrent users. The experience obtained from building such architecture will be also discussed.

Bio: