Demonstration at Institut Polytechnique de Paris (IPP) Cybersecurity and Defense Conference 21st October 2025
The demonstration appears as the classic interface of an AWS S3 storage client, but behind the scenes it encrypts and decrypts the data stored on AWS, so that the cloud never sees it in clear text. The latency is imperceptible compared to normal AWS usage. The keys are stored on 2 or 3 pNHSMs, and the service remains operational even when one of them is taken offline. The main advantage is that the encryption client is open source (it does not rely on AWS’s HYOK/BYOK tools), yet it remains fully compatible with AWS, so there is no difference for the end user. Another strong point of the demo is the HSM itself, produced by the French company Ethertrust. It is 10 to 100 times cheaper and lighter than HSMs used for similar purposes, making it easy for clients to duplicate and store so that the service remains available even if one or more devices become inaccessible. Moreover, it is open source and deployable by the user, unlike comparable keystores (such as those for Android).
Architecture
personal Network Hardware Secure Module (pNHSM)
