listen to this article:
We’re excited to announce our new partnership with Cryptosense, the leading supplier of security analysis software for cryptography.
Through this partnership, Unbound Security will utilize the Cryptosense Fuzzer, a mutation-based fuzzing engine, to test the Unbound Key Control (UKC) and Crypto-of-Things (COT) PKCS#11 implementations. By sending commands to a device’s PKCS#11 interface and logging the responses, the Cryptosense Fuzzer will test traces of exchanges between an application and a cryptographic library to ensure these virtual appliances are properly secured in the event of a PCKS#11 API attack–one of the most common attacks on HSM and Virtual HSM devices.
“By partnering with Unbound, we’re able to reassure our customers of the continued security of their Virtual HSM and the applications that use it.” – Graham Steel, CEO at Cryptosense.
Testing with the Cryptosense Analyzer is the latest step in a series of third-party security validations in support of Unbound’s virtual HSM. In early 2019, UKC also received FIPS 140-2 Level 1 and Level 2 certification from the U.S. National Institute for Standards and Technology (NIST). Unbound is the first and only vendor to obtain FIPS 140-2 certification for a cryptographic module that spans multiple separate machines and uses secure multiparty computation (MPC) rather than relying on physical security measures to protect keys.