Cryptographic Service Providers in Current Device Landscapes: An Inconvenient Truth

摘要

Current application and device landscapes became a harsh environment for data security. Multi-device users enjoy the convenience and efficiency of modern distributed applications in a highly heterogeneous device landscape. However, today's data protection mechanisms fell behind in taking care of some current use cases and application scenarios. We perform a case study and an in-depth security analysis and risk assessment on a simplified set of three different cryptographic service provider types; software, hardware, and remote. Our case study shows that different provider types can change application characteristics considerably. Our security analysis and risk assessment shows how different provider types can influence the security properties of a set of use cases. We found that no one provider can excel for every cryptographic task. Based on these findings we formulate a list of features which we believe are crucial to get the data protection mechanisms up to speed again so that everyone can again benefit from data security even in a world of highly distributed applications and data.