Updatable Oblivious Key Management for Storage Systems

We introduce Oblivious Key Management Systems (KMS) as a much more secure alternative to traditional wrapping-based KMS that form the backbone of key management in large-scale data storage deployments. The new system, that builds on Oblivious Pseudorandom Functions (OPRF), hides keys and object identifiers from the KMS, offers unconditional security for key transport, provides key verifiability, reduces storage, and more. Further, we show how to provide all these features in a distributed threshold implementation that enhances protection against server compromise. We extend this system with updatable encryption capability that supports key updates (known as key rotation) so that upon the periodic change of OPRF keys by the KMS server, a very efficient update procedure allows a client of the KMS service to non-interactively update all its encrypted data to be decryptable only by the new key. This enhances security with forward and post-compromise security, namely, security against future and past compromises, respectively, of the client's OPRF keys held by the KMS. Additionally, and in contrast to traditional KMS, our solution supports public key encryption and dispenses with any interaction with the KMS for data encryption (only decryption by the client requires such communication). Our solutions build on recent work on updatable encryption but with significant enhancements applicable to the remote KMS setting. In addition to the critical security improvements, our designs are highly efficient and ready for use in practice. We report on experimental implementation and performance.

[1]  Keith Martin,et al.  Strong Post-Compromise Secure Proxy Re-Encryption , 2019, IACR Cryptol. ePrint Arch..

[2]  Moni Naor,et al.  Distributed Pseudo-random Functions and KDCs , 1999, EUROCRYPT.

[3]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[4]  Elaine B. Barker,et al.  Recommendation for Key Management - Part 2: Best Practices for Key Management Organization , 2014 .

[5]  Anja Lehmann,et al.  Updatable Encryption with Post-Compromise Security , 2018, IACR Cryptol. ePrint Arch..

[6]  Anja Lehmann,et al.  (R)CCA Secure Updatable Encryption with Integrity Protection , 2019, IACR Cryptol. ePrint Arch..

[7]  Hugo Krawczyk,et al.  Adaptive Security for Threshold Cryptosystems , 1999, CRYPTO.

[8]  Xiaomin Liu,et al.  Fast Secure Computation of Set Intersection , 2010, SCN.

[9]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[10]  Aggelos Kiayias,et al.  Highly-Efficient and Composable Password-Protected Secret Sharing (Or: How to Protect Your Bitcoin Wallet Online) , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[11]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[12]  Rafail Ostrovsky,et al.  How to withstand mobile virus attacks (extended abstract) , 1991, PODC '91.

[13]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[14]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[15]  Burton S. Kaliski,et al.  Server-assisted generation of a strong secret from a password , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[16]  Dan Boneh,et al.  Key Homomorphic PRFs and Their Applications , 2013, CRYPTO.

[17]  Jean-Sébastien Coron,et al.  Efficient Indifferentiable Hashing into Ordinary Elliptic Curves , 2010, CRYPTO.

[18]  Benny Pinkas,et al.  Keyword Search and Oblivious Pseudorandom Functions , 2005, TCC.

[19]  Aggelos Kiayias,et al.  Round-Optimal Password-Protected Secret Sharing and T-PAKE in the Password-Only Model , 2014, ASIACRYPT.

[20]  NaorMoni,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004 .

[21]  Tad Hogg,et al.  Enhancing privacy and trust in electronic communities , 1999, EC '99.

[22]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[23]  Thomas Ristenpart,et al.  The Pythia PRF Service , 2015, USENIX Security Symposium.

[24]  Kouichi Sakurai,et al.  Blind Decoding, Blind Undeniable Signatures, and Their Applications to Privacy Protection , 1996, Information Hiding.

[25]  Kenneth G. Paterson,et al.  Key Rotation for Authenticated Encryption , 2017, CRYPTO.

[26]  Ivan Damgård,et al.  Simplified Threshold RSA with Adaptive and Proactive Security , 2006, EUROCRYPT.

[27]  Aggelos Kiayias,et al.  TOPPSS: Cost-Minimal Password-Protected Secret Sharing Based on Threshold OPRF , 2017, ACNS.

[28]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 2004, JACM.

[29]  Vinod Vaikuntanathan,et al.  Fast Proxy Re-Encryption for Publish/Subscribe Systems , 2017, IACR Cryptol. ePrint Arch..

[30]  Sherman S. M. Chow,et al.  Simple Password-Hardened Encryption Services , 2018, USENIX Security Symposium.

[31]  Andrew Y. Lindell Adaptively Secure Two-Party Computation with Erasures , 2009, CT-RSA.

[32]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[33]  Tal Rabin,et al.  Simplified VSS and fast-track multiparty computations with applications to threshold cryptography , 1998, PODC '98.

[34]  David Chaum,et al.  Zero-Knowledge Undeniable Signatures , 1991, EUROCRYPT.

[35]  Torben P. Pedersen A Threshold Cryptosystem without a Trusted Party (Extended Abstract) , 1991, EUROCRYPT.

[36]  Daniel Slamanig,et al.  Revisiting Proxy Re-encryption: Forward Secrecy, Improved Security, and Applications , 2018, Public Key Cryptography.