Security++ Hide your secrets via a distributed Hardware Security Module.pdf

1、Iris DingCloud Software Engineer,Malini BhandaruSenior Principal Engineer,Thanks to my colleagues:QimingLiu,HuailongZhang,XintongChen,XinHuang,RuijingGuo,RuoyuYing,ChangranWang,ForrestZhao,SoodKapil,PoussaSakari,PuustinenIsmo,ValluriAmarnath,Venkatasubramanian SankaranarayananSecurity+:Hide your sec

2、rets via a distributed Hardware Security Module(HSM)Agenda Cloud HSM and Challenges Distributed HSM Use CasesHardware Security Module(HSM)A physical computing device that safeguards and manages secrets(most importantly digital keys),performs encryption and decryption functions for digital signatures

3、,strong authentication and other cryptographic functions.Traditionally a plug-in card or an external device that attaches directly to a computer or network server.A hardware security module contains one or more secure cryptoprocessor chips.https:/en.wikipedia.org/wiki/Hardware_security_moduleHSM Mar

4、ketExpected to reach USD 2.0 Billion by 2028,growing at a CAGR of 13.1%Driven by:Growing data breaches and cyberattacksIncreasing demand for data security in cloud environments*Data source:https:/ HSMPros Lower cost from sharing Flexibility and simplicityCons:Higher latency crypto operations Lower t

5、ransaction rate(TPS)Migration difficulty No substitutes on edgeDistributed HSMWhere you need it,sized to your needsHighly Secure,even at the EdgeLower Latency and Greater ThroughputLower CostHow?UsingTrusted Execution Environments!APPTrusted Execution Environments(TEEs)Hardware and firmware supporte

6、d confidentiality and integrity of code and dataProtect even from privileged processes(OS,Hypervisor.)Demonstrate trust-quotes and attestationData at RestData in MotionData in UseSECURECPU-TrustedOperating System/Virtual Machine Monitor-UntrustedTEEIntel SGX:a Process-based TEEMe