[Cryptography] Durable HSM with fingerprint reader?

Ray Dillinger bear at sonic.net
Sun May 20 18:54:09 EDT 2018 


On 05/20/2018 08:14 AM, jrose citsus.com wrote:
> Bear,
> 
> Nice wish list I know of nothing  currently in the market that would qualify please let me know if you find such a device.
> Additionally, you don’t mention if your need is for 10 or for 10,000 or if you require FIPS compliance ?
> 
> Jasper


It would need to be FIPS-3 for a regulated industry (finance/insurance)
and if we managed to sell a few people on deploying their plan in that
particular form, it would be a market in the tens of thousands.

But it looks like we're going to be focusing on trying to sell them on a
different form, at this point; in the first place we can't find a device
sufficiently robust and long-lived with absolutely minimum attack surface.

In the second place it's unrealistic to expect that no (or very few)
devices would be just plain lost over such a long period of time, no
matter how motivated clients are to keep track of them. In turn that
means critical keys used to create secrets to be later revealed only
when the device reveals them, can't be permanently resident in the device.

So the clients can't really be expected to keep absolute control of
their sensitive data by keeping it in an irreplaceable secure enclave
which they can just lose.  The risk of possibly losing the device,
multiplied by large financial stakes, is just too dire for people to be
expected to accept.  They'll prefer to trust an authority with their
data who can, at least, re-key or replace them.  And with the authority
knowing who they are, they can occasionally contact people to make sure
they're really okay, so we don't wind up totally reliant on the devices
to avoid long-running fraud.

That makes the particular device, far less critically important.  We
may still deploy a device, but it would be a convenience, not a
linchpin, and probably used for additional purposes.

So now we're looking at building a cryptographic chinese wall elsewhere,
between people with different pieces of information that would need to
be used together to bring about the "moral hazard" or to speak more
plainly "criminal opportunity" we're trying to prevent.  It brings about
a collusion risk, but it would be a collusion between people subject to
regular reviews and audits, who don't normally have any direct contact.

				Bear,
				speaking, of necessity, in generalities.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180520/f42d365a/attachment.sig>

More information about the cryptography mailing list