Cryptographic hardware in the cloud
HSM (Hardware Secure Module) is a hardware component with specific cryptographic functions that has two main characteristics:
- It allows to accelerate cryptographic operations like encryption, decryption, signing, keys generation…
- It has a certified anti-tamper secure design that makes impossible to watch what is happening inside, even physically.
HSMs are commonly used to develop ad-hoc solutions in which these secure components can guarantee confidentiallity in an unreliable environment. However, they can be programmed and configured to be integrated with cloud technologies in order to be offered as a service. Thus, HSMs can be shared and be ubiquitous, so they become more flexible and allow to reduce costs. This provides a secure place in the cloud to manage keys and sensitive data avoiding this information can be accessible to anyone, even the cloud provider.
CloudSEEP: Secure Encrypted Processing
Cryptosystems based on homomorphic algorithms allow to perform operations directly over encrypted data and obtain the results also encrypted. These techniques are commonly known as Signal Processing in the Encrypted Domain (SPED). This is a technology that allows to build secure solutions for unreliable environments through a set of core operations. Since it is a software solution, it is easily virtualizable and scalable, so it is possible to apply it in the cloud to take advantage of all its advantages without compromising the confidentiality of sensitive data, even during its processing.