Skip to main content
SpringerLink
Log in

Secure Key Management in the Cloud

  • Conference paper
Cryptography and Coding (IMACC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8308))

Included in the following conference series:

Abstract

We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to securely store sensitive information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online and offline periods without communicating with anyone from outside the cloud, and semi-autonomous servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can – and cannot – obtain in this model, propose light-weight protocols achieving maximal security, and report on their practical performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Almansa, J.F., Damgård, I., Nielsen, J.B.: Simplified threshold RSA with adaptive and proactive security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 593–611. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. Alon, N., Kaplan, H., Krivelevich, M., Malkhi, D., Stern, J.P.: Scalable secure storage when half the system is faulty. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 576–587. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  3. Blakely, G.R.: Safeguarding cryptographic keys. National Computer Conference Proceedings A.F.I.P.S 48, 313–317 (1979)

    Google Scholar 

  4. Bogetoft, P., et al.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Brakerski, Z., Gentry, C., Vaikuntanathan, V. (Leveled) fully homomorphic encryption without bootstrapping. In: Goldwasser, S. (ed.) ITCS, pp. 309–325. ACM (2012)

    Google Scholar 

  6. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS, pp. 136–145. IEEE Computer Society (2001)

    Google Scholar 

  7. Canetti, R., Gennaro, R., Herzberg, A.: Proactive security: Long-term protection against break-ins. Crypto Bytes 3, 1–8 (1997)

    Google Scholar 

  8. Canetti, R., Halevi, S., Herzberg, A.: Maintaining authenticated communication in the presence of break-ins. J. Cryptology 13(1), 61–105 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  9. Canetti, R., Riva, B., Rothblum, G.N.: Refereed delegation of computation. Inf. Comput. 226, 16–36 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  10. Chung, K.-M., Kalai, Y.T., Vadhan, S.P.: Improved delegation of computation using fully homomorphic encryption. In: Rabin (ed.) [35], pp. 483–501

    Google Scholar 

  11. Damgård, I., Jakobsen, T.P., Nielsen, J.B., Pagter, J.I.: Secure key management in the cloud. Cryptology ePrint Archive, Report 2013/626 (2013), http://eprint.iacr.org/

  12. Damgård, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, Canetti (eds.) [37], pp. 643–662

    Google Scholar 

  13. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  14. Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Cryptography 2(2), 107–125 (1992)

    Article  Google Scholar 

  15. Amazon EC2 instance types, http://aws.amazon.com/ec2/instance-types

  16. The Encrypting File System (EFS). A white paper from Microsoft Corporation, http://technet.microsoft.com/en-us/library/cc700811.aspx

  17. Danish Energy Auctions, http://energiauktion.dk

  18. Fu, K., Frans Kaashoek, M., Mazières, D.: Fast and secure distributed read-only file system. ACM Trans. Comput. Syst. 20(1), 1–24 (2002)

    Article  MATH  Google Scholar 

  19. Garay, J.A., Gennaro, R., Jutla, C.S., Rabin, T.: Secure distributed storage and retrieval. Theor. Comput. Sci. 243(1-2), 363–389 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  20. Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: Rabin (ed.) [35], pp. 465–482

    Google Scholar 

  21. Gentry, C.: Computing on encrypted data. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 477–477. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  22. Gentry, C.: A fully homomorphic encryption scheme. PhD thesis, Stanford University (2009), http://crypto.stanford.edu/craig

  23. Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A.V. (ed.) STOC, pp. 218–229. ACM (1987)

    Google Scholar 

  24. HELib, a software library implementing fully homomorphic encryption (copyrighted by IBM) (2012), https://github.com/shaih/HElib

  25. Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: How to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)

    Google Scholar 

  26. Howard, J.H.: An overview of the Andrew File System. In: Winter 1988 USENIX Conference Proceedings, pp. 23–26 (1988)

    Google Scholar 

  27. Kamara, S., Mohassel, P., Raykova, M.: Outsourcing multi-party computation. IACR Cryptology ePrint Archive, 2011:272 (2011)

    Google Scholar 

  28. Kher, V., Kim, Y.: Securing distributed storage: Challenges, techniques, and systems. In: Atluri, V., Samarati, P., Yurcik, W., Brumbaugh, L., Zhou, Y. (eds.) StorageSS, pp. 9–25. ACM (2005)

    Google Scholar 

  29. Krawczyk, H.: Distributed fingerprints and secure information dispersal. In: Anderson, J., Toueg, S. (eds.) PODC, pp. 207–218. ACM (1993)

    Google Scholar 

  30. Lakshmanan, S., Ahamad, M., Venkateswaran, H.: Responsive security for stored data. In: Proceedings of the 23rd International Conference on Distributed Computing Systems, ICDCS 2003, p. 146. IEEE Computer Society, Washington, DC (2003)

    Chapter  Google Scholar 

  31. Libert, B., Yung, M.: Adaptively secure forward-secure non-interactive threshold cryptosystems. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 1–21. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  32. Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, Canetti [37], pp. 681–700

    Google Scholar 

  33. Partisia, http://partisia.com

  34. Rabin, M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. J. ACM 36(2), 335–348 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  35. Rabin, T. (ed.): CRYPTO 2010. LNCS, vol. 6223. Springer, Heidelberg (2010)

    MATH  Google Scholar 

  36. Rasmussen, T.: Key Management in the Cloud. Master’s thesis, Aarhus University, Aabogade 34, DK-8200 Aarhus N, Denmark. Master’s Thesis (2012)

    Google Scholar 

  37. Safavi-Naini, R., Canetti, R. (eds.): CRYPTO 2012. LNCS, vol. 7417. Springer, Heidelberg (2012)

    MATH  Google Scholar 

  38. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  39. ShareMind, http://sharemind.cyber.ee

  40. Spencer, B.P., Noveck, D., Robinson, D., Thurlow, R.: The NFS version 4 protocol. In: Proceedings of the 2nd International System Administration and Networking Conference, SANE (2000)

    Google Scholar 

  41. Wright, C.P., Martino, M.C., Zadok, E.: NCryptfs: A secure and convenient cryptographic file system. In: Proceedings of the Annual USENIX Technical Conference, pp. 197–210. USENIX Association (2003)

    Google Scholar 

  42. Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: FOCS, pp. 162–167. IEEE Computer Society (1986)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Aarhus University, Denmark

    Ivan Damgård, Thomas P. Jakobsen & Jesper Buus Nielsen

  2. The Alexandra Institute A/S, Denmark

    Jakob I. Pagter

Authors
  1. Ivan Damgård
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thomas P. Jakobsen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jesper Buus Nielsen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jakob I. Pagter
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science, University of Bristol, Woodland Road, BS8 1UB, Bristol, UK

    Martijn Stam

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Damgård, I., Jakobsen, T.P., Nielsen, J.B., Pagter, J.I. (2013). Secure Key Management in the Cloud. In: Stam, M. (eds) Cryptography and Coding. IMACC 2013. Lecture Notes in Computer Science, vol 8308. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45239-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-45239-0_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-45238-3

  • Online ISBN: 978-3-642-45239-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation