The question above seems absurd but it is what a Bank has to ask to its suppliers to meet the European Central Bank (ECB) regulations on the continuity of critical business functions. The bank has no intention of mingling in the daily work of the supplier (that's the whole purpose of outsourcing). Nor the supplier has any intention to make available to the bank the keys of its kingdom (it is actually forbidden to do so by the very same regulations). We need a way to do so only when the hearts of the key people stop beating. In this paper, we discuss whether recent advances in cryptography (secret sharing and MPC, time-lock puzzles, etc.) can replace the classical approach based on human redundancy.
The question above seems absurd but it is what a Bank has to ask to its suppliers to meet the European Central Bank (ECB) regulations on the continuity of critical business functions. The bank has no intention of mingling in the daily work of the supplier (that's the whole purpose of outsourcing). Nor the supplier has any intention to make available to the bank the keys of its kingdom (it is actually forbidden to do so by the very same regulations). We need a way to do so only when the hearts of the key people stop beating. In this paper, we discuss whether recent advances in cryptography (secret sharing and MPC, time-lock puzzles, etc.) can replace the classical approach based on human redundancy.
Vision: What If They All Die? Crypto Requirements for Key People / Ngo, Chan Nam; Friolo, Daniele; Massacci, Fabio; Venturi, Daniele; Battaiola, Ettore. - (2020), pp. 178-183. ( 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) ita 2020) [10.1109/EuroSPW51379.2020.00032].
Vision: What If They All Die? Crypto Requirements for Key People
Ngo, Chan Nam;Friolo, Daniele;Massacci, Fabio;Venturi, Daniele;
2020-01-01
Abstract
The question above seems absurd but it is what a Bank has to ask to its suppliers to meet the European Central Bank (ECB) regulations on the continuity of critical business functions. The bank has no intention of mingling in the daily work of the supplier (that's the whole purpose of outsourcing). Nor the supplier has any intention to make available to the bank the keys of its kingdom (it is actually forbidden to do so by the very same regulations). We need a way to do so only when the hearts of the key people stop beating. In this paper, we discuss whether recent advances in cryptography (secret sharing and MPC, time-lock puzzles, etc.) can replace the classical approach based on human redundancy.| File | Dimensione | Formato | |
|---|---|---|---|
|
Vision_What_If_They_All_Die_Crypto_Requirements_For_Key_People.pdf
Solo gestori archivio
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
109.7 kB
Formato
Adobe PDF
|
109.7 kB | Adobe PDF | Visualizza/Apri |
|
Ngo_post-print_Vision_2020.pdf
accesso aperto
Descrizione: DOI10.1109/EuroSPW51379.2020.00032
Tipologia:
Versione editoriale (Publisher’s layout)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
301.06 kB
Formato
Adobe PDF
|
301.06 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
