x

English
Deutsch

Solutions
Products
Services & Support
Blog
About
Contact

Stories and Papers

Stories
Use Cases
Solution Briefs
Whitepapers
Research Papers

Stories

HARDWARE IS THE KEY TO INFORMATION SECURITY

Networks have evolved to carry information with varying degrees of sensitivity, and they need to be protected on several levels. On the technical level, purely software-based solutions are not enough. Trusted hardware components are equally essential.

HOW TO TRANSFORM A VPN INTO A FULLY PROTECTED NETWORK

VPN and fiber optic networks are not per se inherently secure. Hence, a company sharing its business between two or more office locations has to allocate extra resources to protect its IT network. For this security measure and the protection of sensitive company data, two complementary devices are required: Layer-2 encryptors and hardware security modules.

SECURITY IN PAYMENT TRANSACTIONS THANKS TO HSM FROM SECUROSYS

The previous system for payment transactions in Switzerland, SIC 3, will be deactivated: As of July 2017, the successor version SIC4 will go into operation. This is secured with the Primus HSM S500 from Securosys. It will process transactions in the amount of up to 480 billion Francs per day. What were the requirements for the system, which factors contributed to its success, and how does Securosys now stand?

QUANTUM COMPUTERS - A THREAT FOR PKI?

What are the prerequisites for a secure PKI today? Will quantum computers make PKIs obsolete in the future? Could blockchain provide a solution? The speakers attended such questions at a SIGS event. Another question also discussed was when quantum computers would be ready for production at all.

Use Cases

NETWORK ENCRYPTORS: ESSENTIAL FOR THE PROTECTION OF SENSITIVE CUSTOMER DATA

FLYNT bank uses network encryptors and a cluster of Securosys Primus HSMs for its IT security. The company hence has to protect highly sensitive customer information. In his keynote speech, Stefan Thiel specified the security requirements for FLYNT’s IT security architecture and how he had proceeded in the evaluation of the network encryptor.

Solution Briefs

Transaction Security Broker for Crypto Assets

This workflow engine combined with other capabilities of Securosys Hardware Security Modules, provides protection superior to that of the traditional Multi-signature or secure Multi-Party Computation.

Security Microsoft PKI deployment based on Microsoft active directory certificate services (AD CS)

The Microsoft (MS) Server package already contains a PKI. With that PKI a Certificate Authority (CA) can be established. The trust of the entire system and validity of each issued certificate depends upon the protection of the CA key issuing the identities.Therefore, Microsoft best practices recommend storing private keys on a HSM.

Remote Administration of Primus HSM and user partitions with DECANUS Terminal

Decanus allows easy and cost-effective management of your HSMs without compromising security. The Remote Control Terminal allows you to manage up to 64 Primus HSMs in different locations worldwide - or it can manage only one partition on the Primus HSM without the need to turn on or trust the HSM administration.

Take control of your CloudsHSM partition

Customers who opt for Primus HSM as a service do not need to trust Securosys to handle their security. Instead, they can control their partition access and security settings without any interference – even from Securosys administrator.

Whitepapers

Safeguarding of Crypto Assets

We take a look at different technologies and methods available for custodial platform, ranging from open-source cold-storage standards using on-chain multi-signature schemes, through Secure Multi-Party Computation to Hardware Security Modules by both legacy manufacturers and Securosys.

We also explore advantages and shortcomings of Hardware Security Modules, how they must evolve to keep up with the paradigm change introduced by cryptocurrencies to help us understand how to lead that change.

Securing Oracle with Primus HSM

Protecting an Oracle environment requires a Securosys Primus HSM together with a supporting library implementing the standard interfaces such as Microsoft Cryptographic Service Provider (MS CNG), Java JCE and PKCS#11. Data are encrypted and decrypted using Transparent Data Encryption (TDE). The installation and benefits of this solution are described by Marcel Suter of our partner firm libC Technologies SA in a solution brief.

HOW TO ATTACK A PROVENLY SECURE ALGORITHM AND HARDEN IT THEREAFTER

Why do encryption algorithms, even if recognized as highly secure by the cryptographic community, show unexpected weaknesses? How does information need to be encrypted and corresponding algorithms modified, assuming that attackers are able to exploit side channels using high-precision measurement tools? A research team from Securosys and the University of Applied Science (HSR) in Rapperswil, Switzerland, worked on exactly these topics in a project supported by the Federal Commission for Technology and Innovation (CTI).

PROBABLY THE MOST EFFICIENT ARCHITECTURE FOR ECC-BASED AUTHENTICATION

The digital signature is an effective method to protect information from modifications by fraudsters. However, the more sophisticated the attacks of cybercriminals get, the more complex authentication algorithms have to be decommissioned. This additional complexity increases execution time and requires additional computing resources.

Research Papers

On Power-Analysis Resistant Hardware Implementations of ECC-Based Cryptosystems.

Roman Willi, Andreas Curiger, and Paul Zbinden, “On Power-Analysis Resistant Hardware Implementations of ECC-Based Cryptosystems.”

In 2016 Euromicro Conference on Digital System Design, DSD 2016, pages 665-669. IEEE Computer Society, 2016.

Defeating NewHope with a Single Trace.

Amiet, Dorian; Curiger, Andreas; Leuenberger, Lukas; Zbinden, Paul: "Defeating NewHope with a Single Trace."

In: Post-Quantum Cryptography, 2020

FPGA-based Accelerator for Post-Quantum Signature Scheme SPHINCS-256.

Amiet, Dorian; Curiger, Andreas; Zbinden, Paul: "FPGA-based Accelerator for Post-Quantum Signature Scheme SPHINCS-256."

In: IACR Transactions on Cryptographic Hardware and Embedded Systems, 1, 2018

FLEXIBLE FPGA-BASED ARCHITECTURES FOR CURVE POINT MULTIPLICATION OVER GF(P).

Amiet, Dorian; Curiger, Andreas; Zbinden, Paul: "Flexible FPGA-Based Architectures for Curve Point Multiplication over GF(p)."

In: 2016 Euromicro Conference on Digital System Design (DSD), 2016

FPGA-based SPHINCS+ Implementations: Mind the Glitch.

Dorian Amiet, Lukas Leuenberger, Andreas Curiger, and Paul Zbinden, “FPGA-based SPHINCS+ Implementations: Mind the Glitch.”

In 2020 Euromicro Conference on Digital System Design, DSD 2020.

Link will follow later (publication at conference in 2020)

Solutions
Products
Services
Blog
About
Contact

Language

English
Deutsch

Address

Förrlibuckstr. 70
8005 Zürich
Switzerland

Phone

+41 44 552 31 00

Fax

+41 44 552 31 99

Follow us on social media

Copyright © 2020 Securosys SA. All rights reserved.

Sitemap
Privacy Policy
Terms and Conditions
Imprint