Abstract
We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to securely store sensitive information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online and offline periods without communicating with anyone from outside the cloud, and semi-autonomous servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can – and cannot – obtain in this model, propose light-weight protocols achieving maximal security, and report on their practical performance.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Almansa, J.F., Damgård, I., Nielsen, J.B.: Simplified threshold RSA with adaptive and proactive security. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 593–611. Springer, Heidelberg (2006)
Alon, N., Kaplan, H., Krivelevich, M., Malkhi, D., Stern, J.P.: Scalable secure storage when half the system is faulty. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 576–587. Springer, Heidelberg (2000)
Blakely, G.R.: Safeguarding cryptographic keys. National Computer Conference Proceedings A.F.I.P.S 48, 313–317 (1979)
Bogetoft, P., et al.: Secure multiparty computation goes live. In: Dingledine, R., Golle, P. (eds.) FC 2009. LNCS, vol. 5628, pp. 325–343. Springer, Heidelberg (2009)
Brakerski, Z., Gentry, C., Vaikuntanathan, V. (Leveled) fully homomorphic encryption without bootstrapping. In: Goldwasser, S. (ed.) ITCS, pp. 309–325. ACM (2012)
Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS, pp. 136–145. IEEE Computer Society (2001)
Canetti, R., Gennaro, R., Herzberg, A.: Proactive security: Long-term protection against break-ins. Crypto Bytes 3, 1–8 (1997)
Canetti, R., Halevi, S., Herzberg, A.: Maintaining authenticated communication in the presence of break-ins. J. Cryptology 13(1), 61–105 (2000)
Canetti, R., Riva, B., Rothblum, G.N.: Refereed delegation of computation. Inf. Comput. 226, 16–36 (2013)
Chung, K.-M., Kalai, Y.T., Vadhan, S.P.: Improved delegation of computation using fully homomorphic encryption. In: Rabin (ed.) [35], pp. 483–501
Damgård, I., Jakobsen, T.P., Nielsen, J.B., Pagter, J.I.: Secure key management in the cloud. Cryptology ePrint Archive, Report 2013/626 (2013), http://eprint.iacr.org/
Damgård, I., Pastro, V., Smart, N.P., Zakarias, S.: Multiparty computation from somewhat homomorphic encryption. In: Safavi-Naini, Canetti (eds.) [37], pp. 643–662
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Cryptography 2(2), 107–125 (1992)
Amazon EC2 instance types, http://aws.amazon.com/ec2/instance-types
The Encrypting File System (EFS). A white paper from Microsoft Corporation, http://technet.microsoft.com/en-us/library/cc700811.aspx
Danish Energy Auctions, http://energiauktion.dk
Fu, K., Frans Kaashoek, M., Mazières, D.: Fast and secure distributed read-only file system. ACM Trans. Comput. Syst. 20(1), 1–24 (2002)
Garay, J.A., Gennaro, R., Jutla, C.S., Rabin, T.: Secure distributed storage and retrieval. Theor. Comput. Sci. 243(1-2), 363–389 (2000)
Gennaro, R., Gentry, C., Parno, B.: Non-interactive verifiable computing: Outsourcing computation to untrusted workers. In: Rabin (ed.) [35], pp. 465–482
Gentry, C.: Computing on encrypted data. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 477–477. Springer, Heidelberg (2009)
Gentry, C.: A fully homomorphic encryption scheme. PhD thesis, Stanford University (2009), http://crypto.stanford.edu/craig
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Aho, A.V. (ed.) STOC, pp. 218–229. ACM (1987)
HELib, a software library implementing fully homomorphic encryption (copyrighted by IBM) (2012), https://github.com/shaih/HElib
Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: How to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995)
Howard, J.H.: An overview of the Andrew File System. In: Winter 1988 USENIX Conference Proceedings, pp. 23–26 (1988)
Kamara, S., Mohassel, P., Raykova, M.: Outsourcing multi-party computation. IACR Cryptology ePrint Archive, 2011:272 (2011)
Kher, V., Kim, Y.: Securing distributed storage: Challenges, techniques, and systems. In: Atluri, V., Samarati, P., Yurcik, W., Brumbaugh, L., Zhou, Y. (eds.) StorageSS, pp. 9–25. ACM (2005)
Krawczyk, H.: Distributed fingerprints and secure information dispersal. In: Anderson, J., Toueg, S. (eds.) PODC, pp. 207–218. ACM (1993)
Lakshmanan, S., Ahamad, M., Venkateswaran, H.: Responsive security for stored data. In: Proceedings of the 23rd International Conference on Distributed Computing Systems, ICDCS 2003, p. 146. IEEE Computer Society, Washington, DC (2003)
Libert, B., Yung, M.: Adaptively secure forward-secure non-interactive threshold cryptosystems. In: Wu, C.-K., Yung, M., Lin, D. (eds.) Inscrypt 2011. LNCS, vol. 7537, pp. 1–21. Springer, Heidelberg (2012)
Nielsen, J.B., Nordholt, P.S., Orlandi, C., Burra, S.S.: A new approach to practical active-secure two-party computation. In: Safavi-Naini, Canetti [37], pp. 681–700
Partisia, http://partisia.com
Rabin, M.O.: Efficient dispersal of information for security, load balancing, and fault tolerance. J. ACM 36(2), 335–348 (1989)
Rabin, T. (ed.): CRYPTO 2010. LNCS, vol. 6223. Springer, Heidelberg (2010)
Rasmussen, T.: Key Management in the Cloud. Master’s thesis, Aarhus University, Aabogade 34, DK-8200 Aarhus N, Denmark. Master’s Thesis (2012)
Safavi-Naini, R., Canetti, R. (eds.): CRYPTO 2012. LNCS, vol. 7417. Springer, Heidelberg (2012)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
ShareMind, http://sharemind.cyber.ee
Spencer, B.P., Noveck, D., Robinson, D., Thurlow, R.: The NFS version 4 protocol. In: Proceedings of the 2nd International System Administration and Networking Conference, SANE (2000)
Wright, C.P., Martino, M.C., Zadok, E.: NCryptfs: A secure and convenient cryptographic file system. In: Proceedings of the Annual USENIX Technical Conference, pp. 197–210. USENIX Association (2003)
Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: FOCS, pp. 162–167. IEEE Computer Society (1986)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Damgård, I., Jakobsen, T.P., Nielsen, J.B., Pagter, J.I. (2013). Secure Key Management in the Cloud. In: Stam, M. (eds) Cryptography and Coding. IMACC 2013. Lecture Notes in Computer Science, vol 8308. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45239-0_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-45239-0_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-45238-3
Online ISBN: 978-3-642-45239-0
eBook Packages: Computer ScienceComputer Science (R0)