CompTIA A+ 220-1201 (3.5 - HSM and TPM)
Studied by 0 people
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/3
Earn XP
Description and Tags
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
4 Terms
Keeping secrets
• IT security is based around secrets
- And trusting other devices and applications
• We use a lot of encryption
- Web servers, file storage, phone data, and more
• The secret part is the key
- Unlocks all of this encryption
• We need to store this key somewhere
- How do you securely store these secrets?
- Where do you store these secrets?
Trusted Platform Module (TPM)
• A specification for cryptographic functions
- Hardware to help with single device encryption
functions
• Cryptographic processor
- Random number generator, key generators
• Persistent memory
- Includes unique keys burned in during production
• Versatile memory
- Storage keys, hardware
configuration information
• Password protected
- No dictionary attacks
• Contains a unique secret key
- Not available outside of this device
• Links this key to this computer
- Can't move an encrypted drive
to another computer
- The key is on this computer
• Also used as a physical point of reference
- A root of trust
- Has this computer been modified
or tampered with?
• Can't use this key on another computer
- Cryptography for a single device
Hardware Security Module (HSM)
• Often used in large environments
- Server clusters, many diverse devices
• Key backup
- Secured storage for servers
- Lightweight HSMs for personal use
- (Smart card, USB, flash memory)
• Often high-end cryptographic hardware
- Plug-in card or separate hardware device
• Cryptographic accelerators
- Perform cryptographic functions
for other devices
- Only the HSM knows the key
TPMs and HSMs
• TPM (Trusted Platform Module)
- Used on a single system
- Secure data on a local device
- Often built into a motherboard or available as an add-on module
- Mobile phone booting, screen locking, and encrypted storage
• HSM (Hardware Security Module)
- Used by many systems
- Secure data across multiple devices
- Often deployed as a high-end server or appliance in a data center
- Protect the Certificate Authority key on a central secure device
Note 
Flashcards (41)