Steve Weymann, Principal Advisor, UL. Physical security is often the foundation on which secure systems are built, but how is this addressed by the various security standards that may apply to cryptographic modules? Using experience in actual testing built over decades, UL will outline how the different security standards – such as FIPS140-2, Common Criteria, ISO13491, and PCI HSM – address the minimum requirements and testing of physical security. General best practice will be outlined, as well as newer methods of protection and attack.
The speaker will compare and contrast the stance of the different standards with an aim to assist vendors attempting to design solutions that must comply with these disparate criteria, and comment on the potential for software security to overtake and end the reign of hardware in the cryptographic module space.