Issue No.03 - May-June (2013 vol.11)
Benedikt Koppel , ETH Zurich
Stephan Neuhaus , ETH Zurich
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2013.56
Analysis of a hardware security module (HSM) revealed two flaws that could lead to security problems. The first involved key deletion; the second involved unauthorized members of a group of HSMs. Neither flaw is probably fatal, if organizations develop organizational ways to work around it. However, for organizations to apply the solutions, they must be aware of the flaws.
separation of duties, systems security, hardware security module, HSM, cryptography, high availability
Benedikt Koppel, Stephan Neuhaus, "Analysis of a hardware security module's high-availability setting", IEEE Security & Privacy, vol.11, no. 3, pp. 77-80, May-June 2013, doi:10.1109/MSP.2013.56