The question above seems absurd but it is what a Bank has to ask to its suppliers to meet the European Central Bank (ECB) regulations on the continuity of critical business functions. The bank has no intention of mingling in the daily work of the supplier (that's the whole purpose of outsourcing). Nor the supplier has any intention to make available to the bank the keys of its kingdom (it is actually forbidden to do so by the very same regulations). We need a way to do so only when the hearts of the key people stop beating. In this paper, we discuss whether recent advances in cryptography (secret sharing and MPC, time-lock puzzles, etc.) can replace the classical approach based on human redundancy.
Vision: What If They All Die? Crypto Requirements For Key People / Nam Ngo, Chan; Friolo, Daniele; Massacci, Fabio; Venturi, Daniele; Battaiola, Ettore. - (2020), pp. 178-183. (Intervento presentato al convegno 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) tenutosi a Genova; Italia) [10.1109/EuroSPW51379.2020.00032].
Vision: What If They All Die? Crypto Requirements For Key People
Daniele Friolo;Fabio Massacci;Daniele Venturi;
2020
Abstract
The question above seems absurd but it is what a Bank has to ask to its suppliers to meet the European Central Bank (ECB) regulations on the continuity of critical business functions. The bank has no intention of mingling in the daily work of the supplier (that's the whole purpose of outsourcing). Nor the supplier has any intention to make available to the bank the keys of its kingdom (it is actually forbidden to do so by the very same regulations). We need a way to do so only when the hearts of the key people stop beating. In this paper, we discuss whether recent advances in cryptography (secret sharing and MPC, time-lock puzzles, etc.) can replace the classical approach based on human redundancy.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
