Encryption technologies 1.4

Question 1

Trusted platform module (TPM)

Answer 1

A specification for cryptographic functions. Cryptography hardware on a device.

Cryptographic processor. Random number generator, key generators.

Persistent memory. Unique keys burned in during manufacturing.

Versatile memory. Storage keys, hardware configuration information. Securley store BitLocker keys.

Password protected. No dictionary attacks.

Question 2

Hardware security module (HSM)

Answer 2

Used in large environments. Clusters, redundant power, securely store thousands of cryptographic keys.

High end cryptographic hardware. Plug in card or separate hardware device.

Key Backup. Secure storage in hardware.

Cryptographic accelerators. Offload that CPU overhead from other devices.

Question 3

Key management system

Answer 3

Services are everywhere. On premises, cloud based. Many different keys for many different services.

Manage all keys from centralized manager. Often provided as third party software. Separate the encryption keys from the data.

All key management from one console. Create keys for a specific service or cloud provider (SSL/TLS, SSH, etc.). Associate keys with specific users, rotate keys on regular intervals, log key use and important events.

Question 4

Dashboard of key management system (see video).

Question 5

Keeping data private importance

Answer 5

Our data is located in many different places. Mobile phones, cloud, laptops, etc. Most private data is often physically closest to us.

Attackers are always finding new techniques. It’s a race to stay one step ahead.

Our data is changing constantly.

Question 6

Secure enclave

Answer 6

Protected area for our secrets. Often implemented as a hardware processor. Isolated from the main processor. Many different technologies and names.

Provides extensive security features. Has its own ROM. Monitors the system boot process. True random number generator. Real time memory encryption, root cryptographic keys, performs AES encryption in hardware.