Abstract
Hardware Security Modules (HSM) are special purpose devices designed for cryptographic operations, mostly used for cryptographic keys management. To achieve high security standard, an HSM stores keys internally and never exposes them in plaintext; operations involving the keys are performed internally and only the result is given outside the HSM. Thus an HSM must have storage space to store all the keys that have to be managed. In real-world application this might require a huge amount of space (e.g. millions of keys) resulting in large data centers needed to host many HSMs. Related costs, such as cost of the hardware, energy consumption, hosting, management, etc. are directly proportional to the number of HSMs used. In this paper we present a technique that allows to save space for storing keys in an HSM, thus reducing the number of needed HSMs. While saving space allows to reduce direct costs, it comes at the expense of computation time. We provide a preliminary experimental evaluation of the extra time needed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
National Institute of Standards and Technologies. Recommendation for Random Number Generation Using Deterministic Random Bit Generators. Technical report SP 800-90A Rev 1 (2015)
National Institute of Standards and Technologies. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Technical report SP 800-22 (2010)
Blum, L., Blum, M., Shub, M.: A simple unpredictable pseudo-random number generator. SIAM J. Comput. 15(2), 364–383 (1986)
Blum, M., Micali, S.: How to generate cryptographically strong sequences of pseudorandom bits. SIAM J. Comput. 13(4), 850–864 (1984)
Salvaro, T.C., Martina, J.E., Custodio, R.F.: Audit and backup procedures for hardware security modules. In proceedings of the 7th Symposium on Identity and Trust on the Internet. ACM press, pp. 89–97 (2008)
Focardi, R., Luccio, F.L.: Secure upgrade of hardware security modules in bank networks. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 95–110. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16074-5_7
Katz, J., Lindell, Y.: Introduction to Modern Cryptography (Second Edition). CRC Press (2015). ISBN-13: 978-1466570269
Mavrovouniotis, S., Ganley, M.: Hardware security modules. In: Markantonakis, K., Mayes, K. (eds.) Secure Smart Embedded Devices, Platforms and Applications, pp. 383–405. Springer, New York (2014). doi:10.1007/978-1-4614-7915-4_17. ISBN 978-1-4614-7914-7. Chap. 17
Goldrech, O., Goldwasser, S., Micali, S.: How to construct random functions. J. Assoc. Comput. Mach. 33(4), 792–807 (1986)
Park, S.K., Miller, K.W.: Random number generators: good ones are hard to find. Commun. ACM 31(10), 1192–1201 (1988)
Acknowledgements
We thank the eTuitus staff, in particular Oliviero Trivellato, Pompeo Faruolo, Fabio Petagna and Maurizio Cembalo, for useful technical discussions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
De Prisco, R., De Santis, A., Mannetta, M. (2017). Reducing Costs in HSM-Based Data Centers. In: Au, M., Castiglione, A., Choo, KK., Palmieri, F., Li, KC. (eds) Green, Pervasive, and Cloud Computing. GPC 2017. Lecture Notes in Computer Science(), vol 10232. Springer, Cham. https://doi.org/10.1007/978-3-319-57186-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-57186-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57185-0
Online ISBN: 978-3-319-57186-7
eBook Packages: Computer ScienceComputer Science (R0)