Tag Archives: hsm

Apple 打算把 iCloud 加密用的 Key 放到用戶端

在經過最近 FBI 與 Apple 的戰鬥中 (FBI–Apple encryption dispute),Apple 正規劃把 iCloud 加密所使用的 key 放到用戶端裝置上,而非放在伺服器端:「Apple to Hand iCloud Encryption Key Management to Account Holders」: In effect, Apple is following the lead of secure cloud services such as SpiderOak which has been offering … Continue reading

Posted in Cloud, Computer, Murmuring, Network, Political, Security, Software | Tagged , , , , , , , , , , , , , , , | Leave a comment

Amazon EC2 預定要推出的 Dedicated Hosts

Amazon EC2 愈定要推出新的購買方案:「Coming Soon – EC2 Dedicated Hosts」。 Dedicated Hosts 的租用是以整台主機為單位,以確保整台實體機器不會有其他人使用,對安全性的要求會比較好。這邊拿 c3.xlarge 來舉例,一次就是八台的費用:(這邊「八台」的數字是未定的,真正的數字要等正式公告上線後才知道) Each host has room for a predefined number of instances of a particular type. For example, a specific host could have room for eight c3.xlarge instances (this … Continue reading

Posted in AWS, Cloud, Computer, Hardware, Murmuring, Network, Security | Tagged , , , , , , , , , , , , , , , , , , | 1 Comment

AWS 的 CloudHSM...

AWS 推出 CloudHSM 服務:「AWS CloudHSM - Secure Key Storage and Cryptographic Operations」。 不便宜,看起來是為了需要 NIST FIPS 140-2 需求而設的吧?跑的是 Luna SA - Ethernet-Attached HSM,可以達到 Level 3 的安全性... 然後遇到安全性時的老問題,要怎麼 audit: Amazon claims that they have no access to keys stored on #AWS #CloudHSM, … Continue reading

Posted in AWS, Cloud, Computer, Hardware, Murmuring, Network, Security | Tagged , , , , , , , , | Leave a comment

RSA SecurID 800 被破...

在「Scientists crack RSA SecurID 800 tokens, steal cryptographic keys」這篇報導裡提到了已經有辦法從 RSA SecurID 800 內取出 secret key,方法將會在 CRYPTO 2012 上發表... (取自「RSA SecurID SID800 Authenticator Token」) 如果攻擊者可以碰觸到實體 token 並取出 secret key,他就可以準備一顆新的 token (HSM,Hardware security module) 把取出來的 secret key 灌進去,而原來的使用者不太容易會發現... 所以硬體式的 OTP 系統除了提供一次性密碼外,另外需要有能力阻擋從硬體取出 secret … Continue reading

Posted in Computer, Hardware, Murmuring, Security | Tagged , , , , , , , | Leave a comment