Traditional Hardware Security Modules vs Real World Requirements. Is There a Gap? (G23a)
Hardware based security (like HSMs, TPMs, smart cards etc) is a well established concept and there is a variety of hardware security modules of different flavours available on the market. However the HSM technology hasn’t changed during the last 10+ years although the systems, deployment concepts and applications which are to protect changed massively. Cloud or outsourced deployments require a new level of integrity protection for the applications, IoT is bringing a new level of scalability requirements into the game and new technology stacks for critical applications redefine the need for a secure execution environment which goes beyond the protection of the cryptography part of the application.
This session will look at “the state of the nation“ regarding hardware security and related technologies like cryptographic APIs or management schemes in the context of todays cloud computing, Industrial IoT, and critical applications. It will analyze current requirements and put the state of technology and certification schemes on a test bench based on practical experience from the last years. Also, the session will ask and try to answer questions like: Is PKCS#11 really best suited for cloud and Industrial IoT use cases? Is it really sufficient to protect only cryptographic keys in a hardware security module? Do we have a gap when it comes to certification schemas?
Last but not least the presentation will try to answer the question: Is the current state of the hardware security technology with it’s deployments models, APIs and management concepts sufficient to address the requirements coming with latest technology stacks, cloud technologies and IoT use-cases?