An open discussion list for topics related to the eduGAIN interfederation service.

[Muhammad Farhan SJAUGI <farhan AT sifulan.my>]

Hi Alan,

We, SIFULAN Malaysian Access Federation uses a smart-card based usb security token (https://shop.nitrokey.com/shop/product/nitrokey-pro-2-3) to secure our metadata signing key and also sign the federation metadata. So far I works very well in our environment. However, the product can only store one key pair that can be used to sign the federation metadata.

Recently, Nitrokey launched their new version of usb-based HSM (https://www.nitrokey.com/news/2019/new-nitrokey-hsm-2-rsa-4096-ecc-521-aes-256) that can support multiple key-pairs storage with key-length up to 4K bit.

Regards

--

Muhammad Farhan SJAUGI, S.Kom. M.Sc. 

SIFULAN Malaysian Access Federation

Email: farhan AT sifulan.my

Homepage: https://sifulan.my  

On Wed, Mar 27, 2019 at 12:07 AM Alan Lewis <alan.lewis AT geant.org> wrote:

Hello all,

 

Within the GEANT project we have an activity in WP5 T2 which is looking at possible use cases for HSMs (and specifically the Cryptech defined HSM) within T&I services.

If you are not familiar with Cryptech, they are an initiative to produce an open design (hardware, firmware and software) for an HSM which will be both low cost and free from any perceived trust issues that might be associated with commercial products (think Huawei).

See https://cryptech.is/ is you are interested.

Diamond Key Security have been established in order to support the sustainability of the Cryptech initiative by developing and selling HSMs, of which GEANT is one of three current customers.

 

One of the things I would like to understand is what requirements there might be for use of such an HSM in the R&E community and outside of those services which are currently being offered by GEANT.

 

So I would be interested to know for any services you are aware of that might benefit:

 

1. The use cases for secure storage;
2. The current situation – what is being done today;
3. The data that is being stored and the quantity;
4. The value of the information that is being protected;
5. Specific HSM requirements for

1. Cryptographic performance;
2. Cryptographic algorithm support;
3. Management, connectivity and access mechanisms;
4. FIPS level or CC compliance;
5. Other stuff I haven’t thought of yet.

 

I look forward to hearing your thoughts.

 

Best regards

 

Alan

 

 

Alan Lewis

Trust and Identity Services Product Manager

 

GÉANT
Direct Tel: +44 (0)1223 371409

Mobile: +44 (0) 7500 891616

Switchboard: +44 (0)1223 371300

Networks • Services • People 

Learn more at www.geant.org​

​

GÉANT Vereniging (Association) is registered with the Chamber of Commerce in Amsterdam with registration number 40535155 and operates in the UK as a branch of GÉANT Vereniging. Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands. UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.

 

DISCLAIMER: This e-mail and any files transmitted with it ("Message") is intended only for the use of the recipient(s) named above and may contain confidential information. You are hereby notified that the taking of any action in reliance upon, or any review, retransmission, dissemination, distribution, printing or copying of this Message or any part thereof by anyone other than the intended recipient(s) is strictly prohibited. If you have received this Message in error, you should delete this Message immediately and advise the sender by return e-mail. Opinions, conclusions and other information in this Message that do not relate to the official business of Perdana University shall be understood as neither given nor endorsed by any of the forementioned.