Master Thesis : Hardware Security Modules

A lot of companies rely on Hardware Security Modules (HSMs) to secure the secrets and cryptographic operations of their applications.

Although these devices and their firmware are developed by experts in the security and hardware fields, the security guarantees they aim at achieving can only be accomplished if their operation and configuration follow a strict chain of trust. Without proper instructions for the operation of these devices, the security mechanisms designed by the manufacturer can turn into exploits that can allow attackers to carry out attacks such as Denials-of-Service.

Moreover, HSMs are often subject to strict auditing processes. The lack of proof or proper protections during the HSMs operation can lead the owner of the HSM to fail to comply with regulations.

Furthermore, HSMs are used across high-availability applications which rely on automated deployment and containerization technologies. Thus, achieving availability and security at the same time is often a challenging task.

Finally, even if the HSMs manufacturers world is small, each brand offers very different ways to interact and configure its devices. As such, finding the correct level of abstraction to maintain and review the configuration of these devices can only be done by experts that know the particularities of such solutions.

This Master Thesis aims at providing guidelines for the operation of HSMs. These guidelines should assist and orient the HSM’s operator throughout the device’s operational lifetime.

 

Objectives:

• Understand the technologies and particularities behind HSMs usage and configuration

Design guidelines to:

•     provision HSMs while complying with state-of-the-art auditing and security requirements

•     configure and setup HSMs inside a high-availability infrastructure

•     decommissioning and replacement of the devices

• Provide guidelines for operators to produce auditable proof and to remediate misconfigurations

› A dynamic work and collaborative environment with a highly motivated multi-cultural and international sites team

› Attractive prospects for career path & Personal development through training and coaching

› The chance to make a difference in peoples’ life by building innovative solutions

› Various internal coding events (Hackathon, Brownbags), see our technical blog

› Monthly After-Works organized per locations

› Good work-life balance (2 days per week from home)

› Attractive pension fund with 3 types of Job Category employees’ contributions

› Premium and worldwide coverage with Zurich

• Knowledge of physical, hardware and software cybersecurity
• Experience with standards such as the ones produced by NIST
• Interest in application architecture
• Knowledge of cryptography is a plus
• Experience with DevOps technologies (such as Kubernetes, Openshift or OKD) is a plus