#Enter the persons who are participating in the team that works on this Activity - delete this line after using the template#

The GN4-3 WP5 T2 (Incubator - Preparatory Phase) investigated the applicability of a low-cost open-source HSM appliance developed by Diamond Key Security (https://www.dkey.org/) and based on Cryptech (https://cryptech.is/) modules to a set of use cases consisting of GÉANT and other community T&I services.  It concluded that the capability of the appliance was suited to support a range of  GÉANT use cases encompassing, principally, CA key storage and certificate signing together with metadata and code signing, although the current capabilities of the appliance was insufficient for some services that needed higher performance , such eduGAIN MDQ . The Diamond Key enterprise has ceased operating, however the GN4-3 project has already acquired two of the Diamond Key appliances and these have been installed in a datacentre at SURFnet. The objective of this activity is to investigate the demand for an HSM testbed service using these appliances to enable interested projects and services who wish to investigate the use of an HSM to  improve the security and integrity of their offerings to do so. Assuming there is such demand, this activity will define the goals and scope of such a service, and how the infrastructure should be configured to support it, with the intention of transferring  the on-going management and maintenance to a suitable entity within the GN4-3 project.

• To setup a technical trial of the appliances with in order to verify information from the Preparatory phase and validate its suitability;
• To define the scope of the testbed service that could be offered given the verified capabilities of the appliance and likely organisational support available;
• To engage with the community to identify the level of interest and estimate the likely demand for such a service;
• To develop the necessary materials for the operators and users of the service;
• To identify an entity within the GN4-3 project willing and capable to support the operation of the testbed on a longer term basis.

• Verification
  Verify that the documented technical capabilities of the appliance are as understood from the documentation that was reviewed in the Preparatory phase by testing its performance and support for the required cryptographic algorithms.. Although not quoted in the specification it will also be important to understand the overall reliability of the appliance. It will be important to verify the connectivity of the appliance and its usability with standard PKCS #11 operations.
• Operational Validation
  Determine how suitable the appliances are for deployment as a testbed by exercising them with some relevant test services in order to understand the 'real-time' performance and how many transactions can be supported concurrently. It is assumed this will have a limiting factor defined by the context switching overhead,
  Investigate the overall security of the appliance in order to determine the necessary hosting requirements that will be needed to keep test users data secure. In particular we should check that the tamper -detection mechanisms of the HSM operate and there is adequate protection of the management interface to prevent unauthorized access. Check that the outputting of plain text data is prevented and no plain text data appears on the network connection. 
• Community Need
  Contact those services who expressed an interest during the Preparatory phase to see if they are still interested in using the testbed service (given the changed circumstances).  Prepare a presentation and infoshare on the testbed offering and discuss this with NRENS to gauge the level of interest.
  • Supporting documentation
    Create a draft usage policy for the service
    Create suitable draft documentation for the operators and users of the service

Many organisations are working on projects or developing T&I services for the R&E sector that need to securely store and use secret key material to ensure trust in the operations they perform is not undermined. Operations such as issuing and signing certificates used by a PKI, signing of SAML assertions, OIDC tokens is crucial to the operation of identity federations. Promoting best security practice among such organisations is in accord with the needs of GDPR - "organisations must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data”, will enable them to gain exposure to HSM usage and (hopefully) will increase the number of services using HSMs in the future.

This HSM testbed does not deal directly with personal data, however depending on how access to the service is decided upon it may process such data.

This activity will be considered complete when:

• A testbed specification document is delivered;
• A estimate of the demand for the testbed is produced, and if sufficient;
• Documentation to enable administration and use of the service is ready for handover to the entity that will run the testbed.

The aim of this activity is to make a testbed service available to interested services and projects within the community.