polito.it
Politecnico di Torino (logo)

Design and Development of a Hardware-based Key Management System

Vahid Eftekhari Moghadam

Design and Development of a Hardware-based Key Management System.

Rel. Paolo Ernesto Prinetto. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2020

[img]
Preview
PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.

Download (2MB) | Preview
Abstract:

We are living in an era where communication and data exchange are at the center of everyday life and fundamental cornerstone of almost all the daily interactions. We are increasingly leveraging online services that are provided to facilitate our tasks. These actions involve a continuous exchange of private and sensitive information as in online payments, work data, medical information, and so on. Thus, information security and data privacy play paramount importance. Today, information is considered to be an important asset and has a huge impact on societies, governments, and perhaps the future of our home planet. Cybersecurity, which is the practice of protecting information systems, networks, and programs from digital and physical attacks, helps in establishing a secure medium to data exchange and communication. Cryptography, one of the major topics in cybersecurity, emerged to solve the important pitfall of communication, the privacy and its goal is to make information exchange between parties involved, private and undisclosed to others. The mechanisms which are developed to establish security in cryptography are referred to as cryptographic algorithms, providing their users’ features to maintain secure interaction. These features can be categorized into two main topics: encryption, the act of producing a cipher out of the user data, and decryption which is the act of retrieving information out of the cipher and is complementary to the encryption. The analogy for these processes can be shown as if a piece of information is locked within a box (encryption), and later it’s been accessed through unlocking (decryption). As can be referred from the example, keys, are the means to lock and unlock. The digital representation of keys is known as cryptographic keys that have unique attributes, like their real-world counterparts. There is a wide range of algorithms that are developed to produce these digital keys, usually involving true random number generation, and define the procedures to encrypt and decrypt data, such as AES and RSA. Key management is an important aspect in this context. Due to a large number of interactions and the unfeasibility of manual approaches to control and use keys, automatic systems are developed to uphold these needs which are referred under the term Key Management Systems (KMS). This thesis aims at developing device-side APIs for the SEcubeTM open security platform firmware together with a GUI application for it. The APIs are used to implement a distributed hardware-oriented KMS, in which every user posses a SEcubeTM Hardware Security Module (HSM). Each device functions both as KMS and as a cryptographic coprocessor, providing all the required cryptographic primitives. The implementation provides an environment in which clients can manage encryption keys, users, and groups, impose policies over them, and implement management schemes for their applications. The GUI application is supported under Windows and Linux and designed such that it provides a proof of concept for the KMS, allowing users to interact and use the entire system in a more simple and user-friendly way.

Relators: Paolo Ernesto Prinetto
Academic year: 2020/21
Publication type: Electronic
Number of Pages: 72
Subjects:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: UNSPECIFIED
URI: http://webthesis.biblio.polito.it/id/eprint/15857
Modify record (reserved for operators) Modify record (reserved for operators)