Key Management Systems at the Cloud Scale
This paper describes a cloud-scale encryption system. It discusses the constraints that shaped the design of Amazon Web Services’ Key Management Service, and in particular, the challenges that arise from using a standard mode of operation such as AES-GCM while safely supporting huge amount...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2019-09-01
|
| Series: | Cryptography |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2410-387X/3/3/23 |
| id |
doaj-284f94a9b2d9437fb9b53c2d4f8218c2 |
|---|---|
| record_format |
Article |
| spelling |
doaj-284f94a9b2d9437fb9b53c2d4f8218c22020-11-25T01:20:33ZengMDPI AGCryptography2410-387X2019-09-01332310.3390/cryptography3030023cryptography3030023Key Management Systems at the Cloud ScaleMatthew Campagna0Shay Gueron1Amazon Web Services Inc., Seattle, WA 98101, USAAmazon Web Services Inc., Seattle, WA 98101, USAThis paper describes a cloud-scale encryption system. It discusses the constraints that shaped the design of Amazon Web Services’ Key Management Service, and in particular, the challenges that arise from using a standard mode of operation such as AES-GCM while safely supporting huge amounts of encrypted data that is (simultaneously) generated and consumed by a huge number of users employing different keys. We describe a new derived-key mode that is designed for this multi-user-multi-key scenario typical at the cloud scale. Analyzing the resulting security bounds of this model illustrates its applicability for our setting. This mode is already deployed as the default mode of operation for the AWS key management service.https://www.mdpi.com/2410-387X/3/3/23AES-GCMcloud computingkey management |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Matthew Campagna Shay Gueron |
| spellingShingle |
Matthew Campagna Shay Gueron Key Management Systems at the Cloud Scale Cryptography AES-GCM cloud computing key management |
| author_facet |
Matthew Campagna Shay Gueron |
| author_sort |
Matthew Campagna |
| title |
Key Management Systems at the Cloud Scale |
| title_short |
Key Management Systems at the Cloud Scale |
| title_full |
Key Management Systems at the Cloud Scale |
| title_fullStr |
Key Management Systems at the Cloud Scale |
| title_full_unstemmed |
Key Management Systems at the Cloud Scale |
| title_sort |
key management systems at the cloud scale |
| publisher |
MDPI AG |
| series |
Cryptography |
| issn |
2410-387X |
| publishDate |
2019-09-01 |
| description |
This paper describes a cloud-scale encryption system. It discusses the constraints that shaped the design of Amazon Web Services’ Key Management Service, and in particular, the challenges that arise from using a standard mode of operation such as AES-GCM while safely supporting huge amounts of encrypted data that is (simultaneously) generated and consumed by a huge number of users employing different keys. We describe a new derived-key mode that is designed for this multi-user-multi-key scenario typical at the cloud scale. Analyzing the resulting security bounds of this model illustrates its applicability for our setting. This mode is already deployed as the default mode of operation for the AWS key management service. |
| topic |
AES-GCM cloud computing key management |
| url |
https://www.mdpi.com/2410-387X/3/3/23 |
| work_keys_str_mv |
AT matthewcampagna keymanagementsystemsatthecloudscale AT shaygueron keymanagementsystemsatthecloudscale |
| _version_ |
1725133618650546176 |