Diogo Mónica, profile picture
Uploaded byDiogo Mónica
3,618 views

Bletchley

Square has implemented an encryption service called Bletchley that centralizes key management and crypto operations. Bletchley uses HSMs to generate and store keys securely. It provides an API for services to generate keys, decrypt data, and delete keys when no longer needed. The service is designed with high availability, allowing keys to be replicated across multiple servers for redundancy. It also aims to prevent single points of failure by authorizing decryptions locally without relying on a database.

Embed presentation

Downloaded 28 times
Bletchley: dealing with HSM’s so you don’t have to @diogomonica • Square Security
Roadmap ‣ Square’s Service-Oriented Architecture ‣ Why do we need a decryption service? ‣ Our decryption service: Bletchley ‣ Bletchley’s architecture ‣ Use cases for Bletchley ‣ Conclusion
Square ‣ Mobile Payments Company. ‣ 1 Security Team. ‣ Infra: Java & Ruby, some Go. ‣ Moving > $15 billion annually.
Service Oriented Architecture ‣ Move fast! ‣ Loose component coupling. ‣ Independent scaling. ‣ Multiple languages.
‣ Front ends ‣ User data ‣ Payments service ‣ Reader fulfillment ‣ TokenizationExample Architecture
SOA Security Goals Establish Trust at Layer 7 ‣ Authenticate and authorize every request Protect Secrets ‣ Application secrets and customer data Separate Concerns ‣ Principle of least privilege Provide Common Security Infrastructure ‣ Get it right once, other services benefit
Security Services ‣ Login Service: verify user creds, create client cookies ‣ Token Service: associates stable identifier with secret data ‣ Certificate Signing: manages CAs ‣ Secret Management: delivers secrets to other services ‣ Crypto Service: offloaded crypto, manages keys
The Problem(s) ‣ Managing keys is hard. ‣ Infrastructure persists data aggressively. ‣ Crypto is hard ™ ‣ Crypto can be expensive (CPU cycles && time && $$).
Why do we need a decryption service? ‣ Private Key centralization. ‣ Guaranteed key deletion. ‣ Get the code right, once. ‣ Crypto offloading. ‣ Database compromise requires an online attack. ‣ Hide the HSM complexity.
Bletchley
Assumptions ‣ We have a magic way to: • Distribute secrets (e.g. private keys) • Do strong S2S authentication
Our Solution: Bletchley ‣ Very simple API. ‣ Issues public keys, decrypts with private keys. ‣ Supports strong key deletion. ‣ Backed by HSMs (nCipher). • Hides the complexity/pain of dealing with these things.
Bletchley API ‣ (publicKey, keyId) = createKey() Bletchley Host Service createKey() Bletchley Host Service (publicKey, keyId) 1 2
Bletchley API ‣ data = decrypt(keyId, blob) Bletchley Host Service decrypt(keyId, blob) Bletchley Host Service data 1 2
Bletchley API ‣ success = deleteKey(keyId) Bletchley Host Service deleteKey(KeyId) Bletchley Host Service success2 1
Use Case 1: External Partner Square External Partner {message}KprivBletchley Cluster Money Moving App Visa {message} 1 23 4 Kpub Kpriv
Bletchley Architecture ‣ Several servers running the bletchley w/ access to HSMs ‣ Backed by a PG database Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
Key Generation ‣ Each individual bletchley host generates keys on it’s local HSM. ‣ The HSM uses files on disk to represent the keys. Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
Key Replication ‣ New keys are registered in the database ‣ Other bletchley hosts go to the original host and retrieve it Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
Decryption Authorization ‣ ACL could be stored in the Database ‣ On decryption request, verify if service matches ACL Service DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database Bletchley createKey() addPerm(keyId, service) Service DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database Bletchley decrypt(keyId, blob) checkPerm(keyId, service) 1 2
Database Failure ‣ Decryptions become dependent on the database for authorization Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
keyID to the rescue ‣ keyId = base64(key_alias|service1| HMAC(key_alias, service1) Bletchley Host Service decrypt(keyId, blob) Bletchley Host Service data 1 2
Decryption Authorization ‣ Decryption authorization independent from database Service Bletchley createKey(services) 1 newKeyId(services) Service Bletchley decrypt(keyId, blob) 2 decrypt(blob) iff keyId.include?(service)
Key Deletion ‣ The key is marked for deletion in the DB ‣ All bletchley hosts securely delete it from disk Service DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database Bletchley deleteKey(KeyId) markDelete(keyId) Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
Key Rotation ‣ Service requests for new key ‣ Starts encrypting all new requests with new key. Tries to decrypt all requests with both. Service Bletchley createKey(services) 1 keyId2 = newKeyId(services) Service addKey(keyId) 2 [ keyId1, keyId2 ]
Scaling ‣ Just add more hosts Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
Use Case 2: Internal File Transfer Square External Partner {blob}Bletchley Cluster File Transfer App 1 23 Kpriv service1 {blob}Kpub 4 5 createKey(service1)
Use Case 2: Internal File Transfer Square External Partner Bletchley Cluster File Transfer App 1 Kpriv service1 {blob}Kpub 2 decrypt(keyID, {blob}) Kpub
Use Case 2: Internal File Transfer Square External Partner Bletchley Cluster File Transfer App 1 Kpriv service1 {blob}Kpub decrypt(keyID, service1)
Use Case 3: Downstream Outage Square Customer Bletchley Cluster Money Moving App Visa 1 2 {message} {message} Kpub DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch Database {message} Kpub 5 34 Kpriv
Use Case 3: Downstream Outage Database Square Customer Bletchley Cluster Money Moving App Visa Kpub 12 3 {message} DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch 4 Kpriv
Disadvantages ‣ Cross-DC story is sad ‣ Tied to one vendor ‣ HSMs are hard to debug and support is bad.
Conclusions ‣ You should have a crypto service! ‣ Solves a lot of architectural problems. ‣ Get it right once. ‣ Save money by sharing HSM resources with multiple applications. ‣ Not that hard to make HA
Thanks @justincummins @ebolten
@diogomonica diogo@squareup.com https://squareup.com/careers/engineering

More Related Content

PDF
MTLS in a Microservices World
byDiogo Mónica
 
PPTX
Leveraging Honest Users: Stealth Command-and-Control of Botnets
byDiogo Mónica
 
PDF
Moby SIG Orchestration Security Summit Presentation
byDiogo Mónica
 
PDF
Basics of ssl
byn|u - The Open Security Community
 
PPTX
Ssl in a nutshell
byFrank Kelly
 
PPTX
OpenSSL
byTimbal Mayank
 
PDF
Sullivan red october-oscon-2014
byCloudflare
 
PDF
Managing secrets at scale
byAlex Schoof
 
MTLS in a Microservices World
byDiogo Mónica
 
Leveraging Honest Users: Stealth Command-and-Control of Botnets
byDiogo Mónica
 
Moby SIG Orchestration Security Summit Presentation
byDiogo Mónica
 
Basics of ssl
byn|u - The Open Security Community
 
Ssl in a nutshell
byFrank Kelly
 
OpenSSL
byTimbal Mayank
 
Sullivan red october-oscon-2014
byCloudflare
 
Managing secrets at scale
byAlex Schoof
 

What's hot

PDF
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
byDynamicInfraDays
 
PDF
Credential store using HashiCorp Vault
byMayank Patel
 
PDF
DevOpsDays - DevOps: Security 干我何事?
bysmalltown
 
PPTX
Botconf ppt
byCloudflare
 
PPTX
Keeping a Secret with HashiCorp Vault
byMitchell Pronschinske
 
PDF
PhD Thesis Diogo Mónica
byDiogo Mónica
 
PPTX
MRA AMA Part 7: The Circuit Breaker Pattern
byNGINX, Inc.
 
PDF
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
byNGINX, Inc.
 
PDF
6 Months Sailing with Docker in Production
byHung Lin
 
PPTX
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
byCloudflare
 
PDF
SSl/TLS Analysis
byDuduman Bogdan Vlad
 
PDF
Authorization and Authentication in Microservice Environments
byLeanIX GmbH
 
PPTX
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
byNGINX, Inc.
 
PDF
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
byDynamicInfraDays
 
PPT
Sniffing SSL Traffic
bydkaya
 
PDF
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
byMichael Man
 
PDF
SSL Secure socket layer
byAhmed Elnaggar
 
PPTX
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
byTom Kerkhove
 
PDF
Blockchain testing strategy
byrajni singh
 
PPT
SSL
byDuy Do Phan
 
ContainerDays Boston 2016: "Hiding in Plain Sight: Managing Secrets in a Cont...
byDynamicInfraDays
 
Credential store using HashiCorp Vault
byMayank Patel
 
DevOpsDays - DevOps: Security 干我何事?
bysmalltown
 
Botconf ppt
byCloudflare
 
Keeping a Secret with HashiCorp Vault
byMitchell Pronschinske
 
PhD Thesis Diogo Mónica
byDiogo Mónica
 
MRA AMA Part 7: The Circuit Breaker Pattern
byNGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
byNGINX, Inc.
 
6 Months Sailing with Docker in Production
byHung Lin
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
byCloudflare
 
SSl/TLS Analysis
byDuduman Bogdan Vlad
 
Authorization and Authentication in Microservice Environments
byLeanIX GmbH
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
byNGINX, Inc.
 
ContainerDays NYC 2016: "The Secure Introduction Problem: Getting Secrets Int...
byDynamicInfraDays
 
Sniffing SSL Traffic
bydkaya
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
byMichael Man
 
SSL Secure socket layer
byAhmed Elnaggar
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
byTom Kerkhove
 
Blockchain testing strategy
byrajni singh
 
SSL
byDuy Do Phan
 

Viewers also liked

PPTX
Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks
byDiogo Mónica
 
PDF
ESORICS 2014: Local Password validation using Self-Organizing Maps
byDiogo Mónica
 
PDF
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
byDiogo Mónica
 
PDF
An IDS for browser hijacking
byDiogo Mónica
 
PPTX
WiFiHop - mitigating the Evil twin attack through multi-hop detection
byDiogo Mónica
 
PDF
MultiPath TCP - The path to multipath
byDiogo Mónica
 
PDF
Secure Software Distribution in an Adversarial World
byDiogo Mónica
 
PDF
Application Security from the Inside - OWASP
bySqreen
 
PPTX
On the use of radio resource tests in wireless ad hoc networks
byDiogo Mónica
 
PDF
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
byDiogo Mónica
 
PDF
Tune your App Perf (and get fit for summer)
bySqreen
 
PDF
NoSQL Injections in Node.js - The case of MongoDB
bySqreen
 
PPTX
Orchestrating Least Privilege by Diogo Monica
byDocker, Inc.
 
PPTX
Security best practices for kubernetes deployment
byMichael Cherny
 
Observable Non-Sybil Quorums Construction in One-Hop Wireless Ad Hoc Networks
byDiogo Mónica
 
ESORICS 2014: Local Password validation using Self-Organizing Maps
byDiogo Mónica
 
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
byDiogo Mónica
 
An IDS for browser hijacking
byDiogo Mónica
 
WiFiHop - mitigating the Evil twin attack through multi-hop detection
byDiogo Mónica
 
MultiPath TCP - The path to multipath
byDiogo Mónica
 
Secure Software Distribution in an Adversarial World
byDiogo Mónica
 
Application Security from the Inside - OWASP
bySqreen
 
On the use of radio resource tests in wireless ad hoc networks
byDiogo Mónica
 
Web Summit 2015 - Enterprise stage - Cloud, Open-Source, Security
byDiogo Mónica
 
Tune your App Perf (and get fit for summer)
bySqreen
 
NoSQL Injections in Node.js - The case of MongoDB
bySqreen
 
Orchestrating Least Privilege by Diogo Monica
byDocker, Inc.
 
Security best practices for kubernetes deployment
byMichael Cherny
 

Similar to Bletchley

PDF
Secure Your Encryption with HSM
byNarudom Roongsiriwong, CISSP
 
PDF
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
byNRB
 
PPTX
Securing embedded systems (for share)
byAndrewRJamieson
 
PDF
Confidential compute with hyperledger fabric .v17
byLennartF
 
PDF
Blockchain and Cyber Defense Strategies in new genre times
byanupriti
 
PPTX
Security in the AI and Web3 era - Veramine
bySecurity Bootcamp
 
PDF
Blockchain solutions leading to better security practices
byEric Larcheveque
 
PDF
Stop expecting magic fairy dust: Make apps secure by design
byPatrick Walsh
 
PDF
The slower the stronger a story of password hash migration
byOWASP
 
PDF
tssgi
byArturo Gonzalez Mac Dowell
 
PPTX
Encryption vs tokenisation (for share)
byAndrewRJamieson
 
PDF
Ibm system storage ds8700 disk encryption redp4500
byBanking at Ho Chi Minh city
 
PDF
Z111806 strengthen-security-sydney-v1910a
byTony Pearson
 
PDF
Security challenges for IoT
byWSO2
 
PDF
Securing IoT Applications
byWSO2
 
PDF
2. Asset Security
bySam Bowne
 
PDF
Linkedin
byKhaled Serag
 
PDF
CISSP Prep: Ch 3. Asset Security
bySam Bowne
 
PPT
The bits bytes and business benefits of securing your mq environment and mess...
byLeif Davidsen
 
PDF
Dear Hacker: Infrastructure Security Reality Check
byPaula Januszkiewicz
 
Secure Your Encryption with HSM
byNarudom Roongsiriwong, CISSP
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
byNRB
 
Securing embedded systems (for share)
byAndrewRJamieson
 
Confidential compute with hyperledger fabric .v17
byLennartF
 
Blockchain and Cyber Defense Strategies in new genre times
byanupriti
 
Security in the AI and Web3 era - Veramine
bySecurity Bootcamp
 
Blockchain solutions leading to better security practices
byEric Larcheveque
 
Stop expecting magic fairy dust: Make apps secure by design
byPatrick Walsh
 
The slower the stronger a story of password hash migration
byOWASP
 
tssgi
byArturo Gonzalez Mac Dowell
 
Encryption vs tokenisation (for share)
byAndrewRJamieson
 
Ibm system storage ds8700 disk encryption redp4500
byBanking at Ho Chi Minh city
 
Z111806 strengthen-security-sydney-v1910a
byTony Pearson
 
Security challenges for IoT
byWSO2
 
Securing IoT Applications
byWSO2
 
2. Asset Security
bySam Bowne
 
Linkedin
byKhaled Serag
 
CISSP Prep: Ch 3. Asset Security
bySam Bowne
 
The bits bytes and business benefits of securing your mq environment and mess...
byLeif Davidsen
 
Dear Hacker: Infrastructure Security Reality Check
byPaula Januszkiewicz
 

Recently uploaded

PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
final.pdf
byomarbishtawi04
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
apidays Paris 2025 | Building Agentic Workflows
byapidays
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
final.pdf
byomarbishtawi04
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Workflow and decision Automation with Flowable
bychakib ch
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
apidays Paris 2025 | Building Agentic Workflows
byapidays
 

Bletchley

  • 1.
    Bletchley: dealing withHSM’s so you don’t have to @diogomonica • Square Security
  • 2.
    Roadmap ‣ Square’s Service-OrientedArchitecture ‣ Why do we need a decryption service? ‣ Our decryption service: Bletchley ‣ Bletchley’s architecture ‣ Use cases for Bletchley ‣ Conclusion
  • 3.
    Square ‣ Mobile PaymentsCompany. ‣ 1 Security Team. ‣ Infra: Java & Ruby, some Go. ‣ Moving > $15 billion annually.
  • 4.
    Service Oriented Architecture ‣ Move fast! ‣Loose component coupling. ‣ Independent scaling. ‣ Multiple languages.
  • 5.
    ‣ Front ends ‣User data ‣ Payments service ‣ Reader fulfillment ‣ TokenizationExample Architecture
  • 6.
    SOA Security Goals Establish Trustat Layer 7 ‣ Authenticate and authorize every request Protect Secrets ‣ Application secrets and customer data Separate Concerns ‣ Principle of least privilege Provide Common Security Infrastructure ‣ Get it right once, other services benefit
  • 7.
    Security Services ‣ Login Service: verifyuser creds, create client cookies ‣ Token Service: associates stable identifier with secret data ‣ Certificate Signing: manages CAs ‣ Secret Management: delivers secrets to other services ‣ Crypto Service: offloaded crypto, manages keys
  • 8.
    The Problem(s) ‣ Managingkeys is hard. ‣ Infrastructure persists data aggressively. ‣ Crypto is hard ™ ‣ Crypto can be expensive (CPU cycles && time && $$).
  • 9.
    Why do weneed a decryption service? ‣ Private Key centralization. ‣ Guaranteed key deletion. ‣ Get the code right, once. ‣ Crypto offloading. ‣ Database compromise requires an online attack. ‣ Hide the HSM complexity.
  • 10.
  • 11.
    Assumptions ‣ We havea magic way to: • Distribute secrets (e.g. private keys) • Do strong S2S authentication
  • 12.
    Our Solution: Bletchley ‣ Verysimple API. ‣ Issues public keys, decrypts with private keys. ‣ Supports strong key deletion. ‣ Backed by HSMs (nCipher). • Hides the complexity/pain of dealing with these things.
  • 13.
    Bletchley API ‣ (publicKey,keyId) = createKey() Bletchley Host Service createKey() Bletchley Host Service (publicKey, keyId) 1 2
  • 14.
    Bletchley API ‣ data= decrypt(keyId, blob) Bletchley Host Service decrypt(keyId, blob) Bletchley Host Service data 1 2
  • 15.
    Bletchley API ‣ success= deleteKey(keyId) Bletchley Host Service deleteKey(KeyId) Bletchley Host Service success2 1
  • 16.
    Use Case 1: ExternalPartner Square External Partner {message}KprivBletchley Cluster Money Moving App Visa {message} 1 23 4 Kpub Kpriv
  • 17.
    Bletchley Architecture ‣ Several serversrunning the bletchley w/ access to HSMs ‣ Backed by a PG database Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
  • 18.
    Key Generation ‣ Eachindividual bletchley host generates keys on it’s local HSM. ‣ The HSM uses files on disk to represent the keys. Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
  • 19.
    Key Replication ‣ Newkeys are registered in the database ‣ Other bletchley hosts go to the original host and retrieve it Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
  • 20.
    Decryption Authorization ‣ ACL couldbe stored in the Database ‣ On decryption request, verify if service matches ACL Service DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database Bletchley createKey() addPerm(keyId, service) Service DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database Bletchley decrypt(keyId, blob) checkPerm(keyId, service) 1 2
  • 21.
    Database Failure ‣ Decryptionsbecome dependent on the database for authorization Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
  • 22.
    keyID to the rescue ‣keyId = base64(key_alias|service1| HMAC(key_alias, service1) Bletchley Host Service decrypt(keyId, blob) Bletchley Host Service data 1 2
  • 23.
    Decryption Authorization ‣ Decryption authorizationindependent from database Service Bletchley createKey(services) 1 newKeyId(services) Service Bletchley decrypt(keyId, blob) 2 decrypt(blob) iff keyId.include?(service)
  • 24.
    Key Deletion ‣ Thekey is marked for deletion in the DB ‣ All bletchley hosts securely delete it from disk Service DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database Bletchley deleteKey(KeyId) markDelete(keyId) Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
  • 25.
    Key Rotation ‣ Servicerequests for new key ‣ Starts encrypting all new requests with new key. Tries to decrypt all requests with both. Service Bletchley createKey(services) 1 keyId2 = newKeyId(services) Service addKey(keyId) 2 [ keyId1, keyId2 ]
  • 26.
    Scaling ‣ Just addmore hosts Bletchley Cluster DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch database
  • 27.
    Use Case 2: InternalFile Transfer Square External Partner {blob}Bletchley Cluster File Transfer App 1 23 Kpriv service1 {blob}Kpub 4 5 createKey(service1)
  • 28.
    Use Case 2: InternalFile Transfer Square External Partner Bletchley Cluster File Transfer App 1 Kpriv service1 {blob}Kpub 2 decrypt(keyID, {blob}) Kpub
  • 29.
    Use Case 2: InternalFile Transfer Square External Partner Bletchley Cluster File Transfer App 1 Kpriv service1 {blob}Kpub decrypt(keyID, service1)
  • 30.
    Use Case 3: Downstream Outage Square Customer BletchleyCluster Money Moving App Visa 1 2 {message} {message} Kpub DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch Database {message} Kpub 5 34 Kpriv
  • 31.
    Use Case 3: Downstream Outage Database Square Customer BletchleyCluster Money Moving App Visa Kpub 12 3 {message} DATASHEET SANbox9000Series SANbox® ProductFamily Thenewlookforpowerful,easytomanagefabrics TheSANbox9000istheflagshipintheSANboxlineoffabricswitches,intelligentstoragerouters,andstorageser- vicesplatforms.Asindividualcomponents,everyQLogicSANboxdeliverstheadvantagesofabest-in-classproduct. Workingtogetherasanintelligentnetworksolution,theyareeasytodeployandadministratorandtheymakeyour SANperformbetter,too.That’swhytheentireQLogicSANboxlinewontheWindowsITPro“ReadersChoice”award. Foryourswitchedfabric,youcancountonQLogicforexactlytherightswitch…fromthecore,tothedistribution layer,totheedge.Forlow-costlocalandremoteserverconnectivity,QLogicIntelligentStorageRoutersboostutili- zationwhiledrivingdowncostandcomplexity.Andforstoragevirtualization,theQLogicStorageServicesPlatform offersnetwork-basedcommandandcontrolofyourheterogeneousstorage.Byvirtualizingstoragefromwithinthe fabric,yougreatlysimplifymanagement.Moreimportantly,youensureanopenenvironmentthatcanaccommodate multiplevendors,newsolutionsandfutureflexibility. SANbox® Thenewlookforpowerful,easytomanagefabrics •SANbox9000StackableChassisSwitch •SANbox8000StorageServicesPlatform •SANbox6000IntelligentStorageRouter •SANbox5000StackableSwitch •SANbox1000FixedPortSwitch 4 Kpriv
  • 32.
    Disadvantages ‣ Cross-DC storyis sad ‣ Tied to one vendor ‣ HSMs are hard to debug and support is bad.
  • 33.
    Conclusions ‣ You shouldhave a crypto service! ‣ Solves a lot of architectural problems. ‣ Get it right once. ‣ Save money by sharing HSM resources with multiple applications. ‣ Not that hard to make HA
  • 34.
  • 35.