The INI has a new website!

This is a legacy webpage. Please visit the new site to ensure you are seeing up to date information.

Skip to content

SAS

Seminar

Storage encryption and key management

Cachin, C (IBM Research, Zurich)
Tuesday 31 January 2012, 11:00-11:45

Seminar Room 1, Newton Institute

Abstract

Data encryption has become a key requirement for enterprise storage systems. As a consequence of this I have looked into storage encryption methods and contributed to several storage security products at IBM. Research has formulated the notion of tweakable encryption modes, which specifically address a requirement of storage encryption. On the other hand, practitioners have used specific key-wrapping modes for a long time before researchers came up with a formal notion. We highlight where and how they are used. The biggest concern in storage encryption are cryptographic keys, which must be maintained securely and reliably. Users struggle with the key-management problem because operating procedures and formats differ across systems. When multiple users access a key server, its interface must be designed with special consideration for cryptographic relations among keys. Cryptographic hardware-security modules (HSMs) face the same problem. Some logical attacks through the key-management operations of HSMs have been reported in the past, which allowed to expose keys merely by exploiting their interfaces in unexpected ways. We show how to model the security of key-management systems formally and protect them from interface attacks. This work originates in the context of creating the OASIS Key Management Interoperability Protocol (KMIP), a new open standard for enterprise-level key management.

Video

The video for this talk should appear here if JavaScript is enabled.
If it doesn't, something may have gone wrong with our embedded player.
We'll get it fixed as soon as possible.

Back to top ∧