Cloud Key Management Based on Verifiable Secret Sharing

• Published in: Network and System Security Vol. 13041; pp. 289 - 303
• Main Author: Hedabou, Mustapha
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2022; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Cloud computing; Commitment scheme; Key Management System; Verifiable Secret Sharing
• ISBN: 9783030927073; 3030927075
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-030-92708-0_18

Managing encryption keys in cloud computing is a very challenging task, especially where the model is shared and entirely controlled by the cloud providers. Hardware Security Module (HSM) solutions turned out to be an efficient approach for delivering cloud key management services. Unfortunately, the HSM approach has shown some shortcomings related to key migration when it comes to widespread cloud deployment. Recent systems based on homomorphic encryption and multiparty computation suffer from security issues or heavy overhead costs inherent to underlying cryptographic techniques. In this paper, we introduce a new software cloud key management system based on a dedicated (t, n) verifiable secret sharing protocol that tolerates up to t byzantine adversaries. The proposed design meets the requirements of BYOK (Bring Your Own Keys) model and multi-clouds deployment that are gaining more attraction among the biggest cloud industry players. Taking advantage of our verifiable secret sharing protocol, that reduces by a factor t the opening phase of the VSS protocols known in the literature, the proposed design offers promising performances. We also provide a formal model of our construction and proof of security. Finally, we implement a prototype of our design and give some experimental results about its performance along with some optimizations that make it efficient enough to be deployed in real-world applications.