Secure Cloud Key Management based on Robust Secret Sharing

Abstract

The aim of this paper is to propose a model to strengthen the security of key management in cloud computing, where the model is shared or entirely controlled by a non-trusted third party provider. Key management is not a straightforward matter for IT-teams, in addition to critical issues related to properly managing and securing the keys on providers’ infrastructures, they have to deal with concerns specific to multi-cloud key management. Hardware Security Module (HSM) solution that offers a secure on-premise encryption key management turned out be impracticable for widespread cloud deployment. HSM as a Service seems to be the best approach for key management in multi-cloud, but the service is wholly owned and managed by another cloud provider. In This paper, we present an efficient and secure cloud key management that fulfills the requirements of multi-cloud deployment. The proposed design splits the key into a blinded version of n shares that will be stored in encrypted format at the cloud provider side. To demonstrate the efficiency of the proposed design, we implement a fully featured prototype and evaluate its performance. Results analysis shows that the proposed design is highly efficient and can serve as a groundwork for using secret share as a way to protect keys in a multi-cloud environment.