Comments Konrad WIP
This commit is contained in:
jaseg
parent
428ed276bb
commit
2197956736
2 changed files with 6 additions and 5 deletions
|
|
@ -29,6 +29,7 @@ orders on particular customers or traffic types, and datacenter operators common
|
|||
authorities. The design decisions in cryptographic protocols generally hold, and the gold standard for backdoor access
|
||||
to modern systems is either exploiting a \emph{zero-day} flaw that is not yet publically known, or acquiring physical
|
||||
access to the target system.
|
||||
\todo{Make sure all figures have nice short titles for list of figures}
|
||||
|
||||
\section{Research Questions}
|
||||
|
||||
|
|
|
|||
|
|
@ -17,8 +17,8 @@ following three properties.
|
|||
This use of the term \emph{HSM} aligns with common usage of the term both in the academic literature and in everyday
|
||||
conversation. Particularly the requirement of active tamper detection and response is crucial to distinguish a HSM from
|
||||
simpler devices such as TPMs, smart cards or secure enclaves in SoCs. Note that our use of the term HSM is slightly
|
||||
different from its use in government standards, from its use in the PCI (card payment industry asscociation) standards,
|
||||
and from its industry use.
|
||||
different from its use in government standards, from its use in the PCI SSC (Payment Card Industry Security Standards
|
||||
Council) standards, and from its industry use.
|
||||
|
||||
In industry, the term HSM is often used for solutions that are only logically segregated and that do not include any
|
||||
particular defense against hardware attacks. Our conjecture is that this is a consequence of the standardization
|
||||
|
|
@ -46,12 +46,12 @@ active tamper detection and response when cryptographic secrets are transmitted
|
|||
\section{Use in card payment processing (PCI SSC) standards}
|
||||
|
||||
The Payment Card Industry Security Standards Council (PCI SSC) is an association of credit card network operators that
|
||||
defines standards for all layes of card payment processing from card payment terminals in stores through the handling of
|
||||
defines standards for all layers of card payment processing, from card payment terminals in stores to the handling of
|
||||
payment data in online shop backend systems.
|
||||
|
||||
PCI SSC terminology aligns with our use and with common everyday use of the term HSM. In PCI SSC terminology, a HSM is a
|
||||
crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology only differs
|
||||
from our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device used for
|
||||
crytographic device that has active tamper detecion and response circuitry. However, PCI SSC terminology differs from
|
||||
our use of the term HSM in one nuance: In PCI SSC terminology, a HSM is specifically a datacenter device used for
|
||||
backend processing of payment data. The general class of ``hardware devices performing some security function with or
|
||||
without particular physical security requirements'' that ISO/IEC 19790 and other standards call a \emph{Hardware
|
||||
Cryptographic Module}, in PCI SSC terminology is termed \emph{Secure Cryptographic Device (SCD)} in more recent standard
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue