HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev

Slides:



Advertisements
Similar presentations
KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,
Advertisements

IS 302: Information Security and Trust Week 4: Asymmetric Encryption
Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Conner Hansen Alex Summer Andreas Floeck Safe Message System.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Accounting Management IACT 918 April 2005 Glenn Bewsell/Gene Awyzio SITACS University of Wollongong.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
KMIP Use Cases Update on the process. Agenda Goals Process Flow, Atomics, Batch, Composites, and Not KMIP Evaluating the Document in light of the Goals.
Diffie-Hellman Key Exchange
Distributed Databases
Understanding Active Directory
Irwin/McGraw-Hill Copyright © 2000 The McGraw-Hill Companies. All Rights reserved Whitten Bentley DittmanSYSTEMS ANALYSIS AND DESIGN METHODS5th Edition.
Enterprise Reporting with Reporting Services SQL Server 2005 Donald Farmer Group Program Manager Microsoft Corporation.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Illustration Assets for KMIP Use Case Document. Users.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Web Security Basharat Mahmood, Department of Computer Science,CIIT,Islamabad, Pakistan. 1.
Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
Advanced Web Forms with Databases Programming Right from the Start with Visual Basic.NET 1/e 13.
Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Bob: Hello and welcome to this webinar on the OASIS Key Management Interoperability Protocol., or KMIP. My name is Bob Griffin, Chief.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.
Additional Security Tools Lesson 15. Skills Matrix.
Group Kiran Thota, VMware Saikat Saha, Oracle. What is Group? Group can be defined as a logical collection or container of objects – Managed Objects –
KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.
Application code Registry 1 Alignment of R-GMA with developments in the Open Grid Services Architecture (OGSA) is advancing. The existing Servlets and.
Module 1: Exploring Replication. Overview Understanding SQL Server Replication Setting Up Replication Understanding Agents in Replication Securing Replication.
Primitive Operations. Communication Operations –Reader to tag Read Write –Tag to Tag Read Write Hash and Encryption Operations –Hash: MD5, Sha-1, Sha-256,
VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wananga o te Upoko o te Ika a Maui SWEN 432 Advanced Database Design and Implementation MongoDB Architecture.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Working with Active Directory Sites BAI516. Logical Versus Physical Structure Logical Forest Trees Domains OUs Leaf objects Physical IP Subnets/Sites.
Working with Active Directory Sites Lesson 3. Skills Matrix Technology SkillObjective DomainObjective # Introducing Active Directory Sites Configure sites2.3.
Chapter 10: Rights, User, and Group Administration.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Secure Sharding.
Managing Applications, Services, Folders, and Libraries Lesson 4.
Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.
Introduction to Active Directory
Bob: Hello and welcome to this webinar on the OASIS Key Management Interoperability Protocol., or KMIP. My name is Bob Griffin, Chief.
KMIP Notes 1.3 – Security Attribute Security 15 May 2014 Chuck White – 1.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Separate Admin and Client Roles  Separation of Client and Admin roles If an app has authenticated as a client, Locate will return owned Managed (Crypto)
April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading Room.
Insert Your Name Insert Your Title Insert Date Client Registration Examples Alan Frindell Denis Pochuev 4/27/2011.
Locate By Value Anthony Berglas. Basic Idea To extend Locate so that it queries managed object’s values (KeyBlock) in the same way that it can now be.
Overview.  Browser Based Application  Accessed From:  Incident Command Post – Internet Optional  Agency Offices  Wherever Internet is Available 
1 © SafeNet Confidential and Proprietary SafeNet KeySecure with Luna HSM Management.
1 Key Management Interoperability Protocol (KMIP) Bob Griffin co-chair, KMIP TC
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
SQL Server Encryption Ben Miller Blog:
Working with Active Directory Sites Lesson 3. Logical Versus Physical Structure Logical Forest Trees Domains OUs Leaf objects Physical IP Subnets/Sites.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Active Directory Replication (Part 1) Paige Verwolf Support Professional Microsoft Corporation © 1999 Microsoft Corporation. All rights reserved.
KMIP Server-to-server: use-cases and status
KMIP Entity Object and Client Registration
Server Side Wrap Operations
RKL Remote key loading.
File System Management
Creating and Managing Folders
TSS Data Documentation (2)
Presentation transcript:

HSM Management Use-case Summary KMIP F2F Sep 2012 Denis Pochuev

2 HSM Management Use-Cases 3 Use-Cases Monitoring with MDO Keys Local Key Foundry with Key Wrapping Remote Key Foundry with MDO Keys

3 Visual Summary

4 HM-1 – Monitoring with MDO keys  Xerxes logs into KMS  Xerxes lists all Object Identifiers known to KMS, which includes all keys residing on HSMs in the enterprise  Xerxes lists attributes of keys on Partition 2A (partition A on HSM-2)  Xerxes queries the server for a list of keys across all HSM partitions that will expire in the next 2 weeks  Xerxes queries the server for a list of HSM partitions that have exhausted over 80% of their capacity  Alice uses her secure application, which results in a usage of an encryption key, stored on an HSM. This also results in an update to the key’s meta-data, which is propagated to the KMS where it can be observed by Xerxes

5 HM-2: Local Key Foundry with Key Wrapping  Xerxes logs into KMS  Xerxes lists all Object Identifiers known to KMS, which includes all keys residing on HSMs in the enterprise  Xerxes creates an AES-256 symmetric key on KMS using KMS HSM Management UI, which is subsequently imported to the Partition B on HSM-1  Xerxes deactivates key KEY1 on KMS; KEY1’s state transition is replicated to Partition C of HSM-2  Using KMS UI, Xerxes finds all DES keys associated with all registered HSMs and destroys them. All keys are destroyed on corresponding partitions across all registered HSMs  Xerxes clones the key material from an existing HSM partition (2A) to a new module using KMS UI

6 HM-3: Remote Key Foundry with MDO Keys  Xerxes logs into KMS  Xerxes lists all Object Identifiers known to KMS, which includes all keys residing on HSMs in the enterprise  Using KMS HSM Management UI, Xerxes creates an AES-256 symmetric key on Partition B on HSM-1 by sending an appropriate command to the HSM  Xerxes deactivates key KEY1 on Partition C of HSM-2 by modifying the state of KEY1, which gets reflected on HSM-2  Using KMS UI, Xerxes finds all DES keys across all HSMs and destroys them  Note that all process flows in this use-case produce very similar results to the first 5 items in the use-case HM-2

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.