Authors:
Florian Reimair
;
Peter Teufl
;
Christian Kollmann
and
Christoph Thaller
Affiliation:
Graz University of Technology, Austria
Keyword(s):
Cloud Security, Central Cryptographic Solutions, Advanced Cryptographic Protocols, Heterogeneous Applications, Mobile Devices.
Related
Ontology
Subjects/Areas/Topics:
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data Engineering
;
Databases and Data Security
;
Information and Systems Security
;
Information Assurance
;
Management of Computing Security
;
Security and Privacy in Mobile Systems
;
Security and Privacy in the Cloud
;
Security and Privacy in Web Services
;
Security Protocols
Abstract:
Today’s applications need to share data and workload in heterogeneous device environments. Many of these
handle sensitive data and need to make use of cryptography, which induces keys that have to be provisioned,
stored and shared securely. Our Cryptographic Service Interoperability Layer (CrySIL) architecture addressed
these challenges by storing the key material off-device in a central hardened service that provides cryptographic
functions to arbitrary devices via standardised APIs. While CrySIL is typically deployed by a trusted
entity utilising hardware-security-modules (HSMs), the setup of this central trusted instance might be too
complex or not desired in SME/personal deployment scenarios. Therefore, we present MoCrySIL, an extension
to CrySIL that omits the need for a thrusted third party by making use of hardware-backed key-storage
facilities available in today’s smart phones. We describe the MoCrySIL architectures and present a prototype
that performs S/MIME based email enc
ryption/signatures via a PKCS#11 library. We conduct a thorough
security/risk analysis, and reflect on functional achievements and shortcomings.
(More)