论文信息 - Reducing Costs in HSM-Based Data Centers

Reducing Costs in HSM-Based Data Centers

Hardware Security Modules (HSM) are special purpose devices designed for cryptographic operations, mostly used for cryptographic keys management. To achieve high security standard, an HSM stores keys internally and never exposes them in plaintext; operations involving the keys are performed internally and only the result is given outside the HSM. Thus an HSM must have storage space to store all the keys that have to be managed. In real-world application this might require a huge amount of space (e.g. millions of keys) resulting in large data centers needed to host many HSMs. Related costs, such as cost of the hardware, energy consumption, hosting, management, etc. are directly proportional to the number of HSMs used. In this paper we present a technique that allows to save space for storing keys in an HSM, thus reducing the number of needed HSMs. While saving space allows to reduce direct costs, it comes at the expense of computation time. We provide a preliminary experimental evaluation of the extra time needed.

[1] Stathis Mavrovouniotis,et al. Hardware Security Modules , 2014, Secure Smart Embedded Devices, Platforms and Applications.

[2] S. K. Park,et al. Random number generators: good ones are hard to find , 1988, CACM.

[3] Silvio Micali,et al. How to construct random functions , 1986, JACM.

[4] Elaine B. Barker,et al. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[5] Yehuda Lindell,et al. Introduction to Modern Cryptography, Second Edition , 2014 .

[6] Jean Everson Martina,et al. Audit and backup procedures for hardware security modules , 2008, IDtrust '08.

[7] Flaminia L. Luccio,et al. Secure Upgrade of Hardware Security Modules in Bank Networks , 2010, ARSPA-WITS.

[8] Manuel Blum,et al. How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[9] Manuel Blum,et al. A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..