Secure Key Management in the Cloud

We consider applications involving a number of servers in the cloud that go through a sequence of online periods where the servers communicate, separated by offline periods where the servers are idle. During the offline periods, we assume that the servers need to securely store sensitive information such as cryptographic keys. Applications like this include many cases where secure multiparty computation is outsourced to the cloud, and in particular a number of online auctions and benchmark computations with confidential inputs. We consider fully autonomous servers that switch between online and offline periods without communicating with anyone from outside the cloud, and semi-autonomous servers that need a limited kind of assistance from outside the cloud when doing the transition. We study the levels of security one can --- and cannot --- obtain in this model, propose light-weight protocols achieving maximal security, and report on their practical performance.

[1]  Ran Canetti,et al.  Refereed delegation of computation , 2013, Inf. Comput..

[2]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[3]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[4]  Mariana Raykova,et al.  Outsourcing Multi-Party Computation , 2011, IACR Cryptol. ePrint Arch..

[5]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[6]  Yael Tauman Kalai,et al.  Improved Delegation of Computation using Fully Homomorphic Encryption , 2010, IACR Cryptol. ePrint Arch..

[7]  David Mazières,et al.  Fast and secure distributed read-only file system , 2000, TOCS.

[8]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[9]  Tal Rabin,et al.  Secure distributed storage and retrieval , 2000, Theor. Comput. Sci..

[10]  Erez Zadok,et al.  Proceedings of the General Track: 2003 Usenix Annual Technical Conference Ncryptfs: a Secure and Convenient Cryptographic File System , 2022 .

[11]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[12]  Moti Yung,et al.  Adaptively Secure Forward-Secure Non-interactive Threshold Cryptosystems , 2011, Inscrypt.

[13]  Michael O. Rabin,et al.  Efficient dispersal of information for security, load balancing, and fault tolerance , 1989, JACM.

[14]  Brian Warner,et al.  Tahoe: the least-authority filesystem , 2008, StorageSS '08.

[15]  Matt Blaze,et al.  Key Management in an Encrypting File System , 1994, USENIX Summer.

[16]  Ran Canetti,et al.  Advances in Cryptology – CRYPTO 2012 , 2012, Lecture Notes in Computer Science.

[17]  Ivan Damgård,et al.  Simplified Threshold RSA with Adaptive and Proactive Security , 2006, EUROCRYPT.

[18]  Ran Canetti,et al.  Maintaining Authenticated Communication in the Presence of Break-Ins , 2000, Journal of Cryptology.

[19]  H. Venkateswaran,et al.  Responsive security for stored data , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[20]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[21]  David Robinson,et al.  NFS version 4 Protocol , 2000, RFC.

[22]  Craig Gentry Computing on Encrypted Data , 2009, CANS.

[23]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[24]  Yongdae Kim,et al.  Securing distributed storage: challenges, techniques, and systems , 2005, StorageSS '05.

[25]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[26]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[27]  Hugo Krawczyk Distributed fingerprints and secure information dispersal , 1993, PODC '93.

[28]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[29]  Noga Alon,et al.  Scalable Secure Storage when Half the System Is Faulty , 2000, ICALP.

[30]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[31]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[32]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[33]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[34]  Claudio Orlandi,et al.  A New Approach to Practical Active-Secure Two-Party Computation , 2012, IACR Cryptol. ePrint Arch..

[35]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[36]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[37]  Ivan Damgård,et al.  Multiparty Computation from Somewhat Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[38]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.