雲端環境中的HSM安全：從防竄改到工作量平衡

Abstract

本文提出了一個用於管理安全 CloudHSM（雲端硬體安全模組）管理的框架，目的是為了優化工作負載平衡並透過實體不可複製功能（PUF）技術確保防篡改。此框架整合了 OP-TEE 作業系統、PUF電路和多個HSM集群，以增強安全性並提高系統效能。此框架擁有來自於硬體的根信任(ROT)，利用 PUF 電路所設計的對應功能可將使用者與每個 HSM 叢集安全地關聯起來。這種整合加強了安全措施，防止未經授權的存取和操縱加密資產。透過採用高效的資源分配和防篡改設計原則，該框架引入了一種新穎的方法來增強雲端環境中加密操作的安全性和可靠性。

This thesis proposes a framework designed for the management of Secure CloudHSM (Cloud Hardware Security Module) systems. The framework aims to optimize workload balance and ensure tamper resistant with Physically Unclonable Function (PUF) technology. The framework integrates the OP-TEE os, PUF circuit, and multiple HSM clusters to enhance security and to improve the system performance. Rooted in hardware-based security, a mapping function utilizing PUF circuits securely associates users with each HSM cluster. This integration fortifies security measures against unauthorized access and manipulation of cryptographic assets. By employing efficient resource allocation and tamper-resistant design principles, the framework introduces a novel approach to enhancing the security and reliability of cryptographic operations in cloud environments.