Page 26

HSM_for_Dummies

3 The Interface: The Key to the Application Purposes of Interfaces The interface for communication with cryptographic devices is, unfortunately, an Achilles’ heel in the deployment of HSMs. An HSM is a system offering the capability to represent a very high level of complexity. But from this attribute comes the potential to make major implementation errors and therefore enable a successful attack by means of a combination of different command structures. Oldenburg University has published a very good overview of what form attacks on interfaces take: http://www.uni-oldenburg.de/fileadmin/user_upload/ informatik/download/da.pdf. Also, it’s possible to run multi-protocol functions in an HSM. The consequence here is that command interactions between individual function protocols can result in potential errors. You find these multi-protocol function HSMs, providing different interfaces for diverse applications, in the banking sector in particular. Selecting the Correct Interface One of the most important criteria in selecting an HSM interface is always assessment of the requirements as per the usage environment. This means that 90 percent of the interfaces you require when in a usage environment dominated totally by Microsoft are Microsoft-defined interfaces, such as CNG (Cryptography API: Next Generation). It also always depends on what the application you’re planning to use already has as an interface to an HSM. The last few years have seen advancements in this field in particular, and more and more suppliers of standard business applications have integrated interfaces for HSM or Security Token. Here’s a list of the most well-known applications: Microsoft Windows Server 2012; Active Directory Certificate Services (AD CS) Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Internet Information Server (IIS) Microsoft SQLEKM Provider Bind 9 (Domain Name System) OpenDNSSEC 25


HSM_for_Dummies
To see the actual publication please follow the link above