An analysis of a secure system based on trusted components

The paper presents a practical security analysis of a beta implementation of a commercial system based on existing trusted hardware components, such as advanced cryptographic building blocks. The system was designed to securely store and handle both sensitive and insensitive data records on individuals in such a way that it would be impossible for unauthorized parties to link sensitive records to the corresponding individuals. The analysis was performed by means of document reviews, interviews and some practical tests with the intention of finding and listing potential vulnerabilities for the knowledge of the design team. The vulnerabilities revealed are classified with respect to their cause, and possible remedies are discussed. The classification shows that the most important problem was that some system components were incorrectly handled as trusted. Finally, we observed that the problems were to a surprisingly high degree non technical, reflecting organisational and management issues and human insufficiencies