[Cryptography] HSMs or Intel SGX? Which is harder to hack?

[Dirk-Willem van Gulik]

On 20 Feb 2017, at 01:30, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Dirk-Willem van Gulik <dirkx at webweaving.org> writes:
> 
>> While 10k is a bit much - it is pretty common in some industries to have in
>> the mid 1000’s in something called simbanks, poolGSM or simtrays; typically
>> 128 or 256 cards; often fitting by two per 1U enclosure.
> 
> There's a legitimate use for those things?  The only use I knew for them was
> for phone fraud.

Hmmm.. do not tell that to the cruise ships, hotel's in the Alps, remote factories, dead normal corporate phone installs in the 2nd and 3rd world (and 1st world countries with a painful incumbent telco hoarding BRI lines) or what not.  Or international B2B trade/merchant supporting banks that have to do 2FA in countries where mosts of its myriad MVO's are in essence so numerous and foreign so that direct SMC connections are too complex (e.g. no SMPP v3.4) or legally impossible to set up without a domestic presence (UCP/EMI, CIMD2).

And given this world of Something as a Service - is it not our legitimate professional duty to move slippery things like WhatsApp messaging into the cloud & nicely centralised - WAaaS is your trusted man in the middle! 

>> [...] which you then swap/take offsite on a weekly or so basis
> 
> ... or when the cellular provider cottons on and blocks them, at which point
> you swap in your next batch of SIMs.

Assuming they are in cahoots with WhatsApp or whomever you are fooling - and not overly interested in simply selling MB's.  I find it surprising what tiny MVO's get away with - despite their somewhat conflicting business models with their upstream. 

I guess the remains of ancient regulation oversight and modern competition watchdog oversight of incumbents does keep some playing fields messy but fair. 

Dw.