#Enter the persons who are participating in the team that works on this Activity - delete this line after using the template#

The GN4-3 WP5 T2 (Incubator - Preparatory Phase) investigated the applicability of a low-cost open-source HSM appliance developed by Diamond Key Security (https://www.dkey.org/) and based on Cryptech (https://cryptech.is/) modules to a set of use cases consisting of GÉANT and other community T&I services.  It concluded that the capability of the appliance was suited to support a range of  GÉANT use cases encompassing, principally, CA key storage and certificate signing together with metadata and code signing, although the current capabilities of the appliance were insufficient for some services that needed higher performance, such eduGAIN MDQ . The Diamond Key enterprise has ceased operating, however the GN4-3 project has already acquired two of the Diamond Key appliances and these have been installed in a datacentre at SURFnet. The objective of this activity is to investigate the demand for an HSM testbed service using these appliances. This will enable interested projects and services, who typically are unable to develop using an HSM, to investigate the use of an HSM to improve the security and integrity of their offerings. Assuming there is demand, this activity will define the goals and scope of such a service, and how the infrastructure should be configured to support it, with the intention of transferring  the on-going management and maintenance to a suitable entity within the GN4-3 project.

• To setup a technical trial of the appliances in order to verify information received during the Preparatory phase and validate appliance suitability;
• To define the scope of the testbed service that could be offered given the verified capabilities of the appliance and likely operational support that would be needed to run it;
• To engage with the community to identify the level of interest and estimate the likely demand for such a service;
• To develop the necessary materials for the operators and users of the service;
• To identify an entity within the GN4-3 project willing and capable to support the operation of the testbed on a longer term basis.

• Verification
  Verify that the documented technical capabilities of the appliance are as understood from the documentation that was reviewed in the Preparatory phase by testing its performance and support for the required cryptographic algorithms. Although not quoted in the specification it will also be important to understand the overall reliability of the appliance, the redundancy capability and how to setup the appliance(s) to cope with the possibility of failure. The operation of the console management  interface and setup of the master key should be checked, together with the process for setting up user PINs.  The overall security of the appliance  should be reviewed in order to determine the necessary hosting requirements that will be needed to keep test users data secure. In particular we should check that the tamper -detection mechanisms of the HSM operate and there is adequate protection of the management interface to prevent unauthorized access. Check that the outputting of plain text data is prevented and no plain text data appears on the network connection. 
• Operational Validation
  Determine how suitable the appliances are for deployment as a testbed by exercising them with some relevant test services that will use the PKCS#11 interface in order to understand the 'real-time' performance and how many transactions can be supported concurrently. It is assumed this will have a limiting factor defined by the context switching overhead.
  Check what management operations will need to be performed and whether the administration of the device requires somebody to be physically present.
  Determine the best means to interface the HSM(s) onto the network to ensure logical security and prevent access by malicious actors.
  Determine how interested parties shall register for and gain access the service - who shall be allowed to use the service?
  Consider how the incident management and support process for the service will operate.
  Estimate operational costs of supporting the service.
• Community Need
  Contact those services who expressed an interest during the Preparatory phase to see if they are still interested in using the testbed service (given the changed circumstances). 
  Prepare a presentation and infoshare on the testbed offering and discuss this with NRENS to gauge the level of interest.
  Identify parties interested to run the service.
• Supporting materials
  Create a draft usage policy for users of the service
  Create suitable draft documentation for the operators and users of the service
  Develop a usage policy for administrators of the service - exporting of keys,  key usage, authentication etc.

Many organisations are working on projects or developing T&I services for the R&E sector that need to securely store and use secret key material to ensure trust in the operations they perform is not undermined. Operations such as issuing and signing certificates used by a PKI, signing of SAML assertions and OIDC tokens are crucial to the operation of identity federations. Promoting best security practice among such organisations is in accord with the needs of GDPR - "organisations must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data”, and provision of the testbed service will enable them to gain exposure to HSM usage and (hopefully) will increase the number of services using HSMs in the future.

This HSM testbed does not deal directly with personal data, however depending on how access to the service is decided upon it may process such data.

This activity will be considered complete when:

• The results of the technical trial of the service are available;
• A testbed specification document is delivered defining the capabilities and scope of the service;
• A estimate of the demand for the testbed is produced, and if sufficient:-
• Documentation to enable administration and use of the service is ready for handover to the entity that will run the testbed.

The aim of this activity is to make a testbed service available to interested services and projects within the community.