Robust Group-Based Secret Sharing for Secure Cloud Key Management

A. Bentajer, Y. Said, Z. Igarramen, M. Hedabou

Abstract


Cloud services are now ubiquitous in each organization. However, they are facing different challenges for using Key Management System (KMS) with those cloud solutions. Besides, they must deal with concerns specific to multi-cloud key management. In This paper, we present a schema based on robust secret share based on group of shares that fulfills the requirements of multi-cloud deployment. The system split the encryption keys into a blinded version of n shares that will be stored at cloud side and deals with a group of t+1 shares to compute the initial secret. To demonstrate the practicality of the proposed design, we implement a fully featured prototype and evaluate its performance. Results analysis shows that the proposed design is highly efficient and can serve as groundwork for using secret share to protect keys in a multicloud environment.

Keywords


About four key words or phrases in alphabetical order, separated by commas.

References


M. Albanese, A. De Benedictis, D. D.J. de Macedo, F. Messina, "Security and trust in cloudapplication life-cycle management", Future Generation Computer Systems (2020), Volume 111,Pages 934-936, doi:10.1016/j.future.2020.01.025.

P. J. Sun, "Security and privacy protection in cloud computing: Discussions and challenges", Journal of Network and Computer Applications 160 (2020) 102642. doi:10.1016/j.jnca.2020.102642.

A. Bentajer, M. Hedabou, K. Abouelmehdi, Z. Igarramen, S. El Fezazi, "An IBEbased design for assured deletion in cloud storage", Cryptologia 43 (3) (2019) 254-265.doi:10.1080/01611194.2018.1549123.

A. Bentajer, M. Hedabou, K. Abouelmehdi, S. Elfezazi, CS-IBE: AA data confidentiality system in public cloud storage system, in: Procedia Computer Science, Vol. 141, Elsevier B.V.,2018, pp. 559-564. doi:305 10.1016/j.procs.2018.10.126.

Z. Igarramen, M. Hedabou, FADETPM: Novel approach of file assured deletion based on trusted platform module, in: Lecture Notes in Networks and Systems, Vol. 49, Springer, 2019, pp. 49-59. doi:10.1007/978-3-319-97719-5_4.

J. Xiong, Y. Zhang, S. Tang, X. Liu, Z. Yao, Secure Encrypted Data with Authorized Deduplication in Cloud, IEEE Access 7 (2019) 75090-75104. doi:10.1109/ACCESS.2019.2920998.

R. Chandramouli, D. Pinhas, Security Guidelines for Storage Infrastructure, Tech. rep., National Institute of Standards and Technology, 315 Gaithersburg, MD (oct 2020).doi:10.6028/NIST.SP.800-209.

R. Chandramouli, M. Iorga, S. Chokhani, Cryptographic Key Management Issues and Challenges in Cloud Services, Tech. rep., National Institute of Standards and Technology, Gaithersburg, MD (sep 2013). doi:10.6028/NIST.IR.7956.

Bentajer A, Hedabou M, Chapter 6. Cryptographic Key Management Issues in Cloud Computing, in: Victoria M. Petrova (Ed.), Advances in Engineering Research, 34th Edition, Nova Science Publishers, Inc., 2020

A. Shamir, How to share a secret, Communications of the ACM 22 (1979) 612-613. doi:10.1145/359168.359176.

W. Shi, T. Liu and M. Huang, "Design of File Multi-Cloud Secure Storage System Based on Web and Erasure Code," 2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, 2020, pp. 208-211, doi: 10.1109/ICSESS49938.2020.9237703.

Catrina O., Saxena A. (2010) Secure Computation with Fixed-Point Numbers. InProceedings: Sion R. (eds) Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14577-3_6

M. Nassar, A. Erradi, F. Sabry and Q. M. Malluhi, "A Model Driven Framework for Secure Outsourcing of Computation to the Cloud," 2014 IEEE 7th International Conference on CloudComputing, Anchorage, AK, USA, 2014, pp. 968-969, doi: 10.1109/CLOUD.2014.145.

Q. Wang, F. Zhou, C. Chen, P. Xuan and Q. Wu, "Secure Collaborative Publicly Verifiable Computation," in IEEE Access, vol. 5, pp. 2479-2488, 2017, doi: 10.1109/ACCESS.2017.2672866.

A. Bilakanti, Anjana N.B., Divya A., K. Divya, N. Chakraborty and G. K. Patra, "Secure computation over cloud using fully homomorphic encryption," 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), Bangalore, 2016, pp. 633-636, doi: 10.1109/ICATCCT.2016.7912077.

X. Huang and R. Chen, "A Survey of Key Management Service in Cloud," 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS), Beijing, China, 2018, pp. 916-919, doi: 0.1109/ICSESS.2018.8663805.

Schoenmakers B. (1999) A Simple Publicly Verifiable Secret Sharing Scheme and Its Application to Electronic Voting. In: Wiener M. (eds) Advances in Cryptology | CRYPTO’ 99.CRYPTO 1999. Lecture Notes in Computer Science, vol 1666. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48405-1_10

P. Feldman, "A practical scheme for non-interactive verifiable secret sharing," 28th Annual Symposium on Foundations of Computer Science (sfcs 1987), Los Angeles, CA, USA, 1987, pp.427-438, doi: 10.1109/SFCS.1987.4.

Stadler M. (1996) Publicly Verifiable Secret Sharing. In: Maurer U. (eds) Advances in Cryptology | EUROCRYPT ’96. EUROCRYPT 1996. Lecture Notes in Computer Science, vol 1070. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-68339-9_17

M. Hedabou and Y. S. Abdulsalam, "Efficient and Secure Implementation of BLS Multi signature Scheme on TPM" 2020 IEEE International Conference on Intelligence and Security Informatics (ISI), Arlington, VA, USA, 2020, pp. 1-6, doi: 10.1109/ISI49825.2020.9280511.

E. Barker, M. Smid, D. Branstad, S. Chokhan, " SP 800-130 : A Framework for Designing Cryptographic Key Management Systems" 2013, NIST, doi: 10.6028/NIST.SP.800-130

E. Barker, D. Branstad, M. Smid, "SP 800-152 A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)" 2015, NIST, doi: 10.6028/NIST.SP.800-152

E. Barker, "SP 800-57 Part 1 Rev. 5 Recommendation for Key Management: Part 1 General"2020, NIST, doi: 10.6028/NIST.SP.800-57pt1r5

E. Barker, W. Barker, SP 800-57 Part 2 Rev. 1 Recommendation for Key Management: Part 2 Best Practices for Key Management Organizations" 2019, NIST, doi:10.6028/NIST.SP.800-57pt2r1

NIST, " FIPS 140-3 Security Requirements for Cryptographic Modules" (2019). doi: https://doi.org/10.6028/NIST.FIPS.140-3

A. Bentajer, M. Hedabou, S. Ennaama, A. Tahiri, "Secure Cloud Key Management based on Robust Secret Sharing", 10th International Conference on Cryptography and Information Security (CRYPIS 2021), Sydney, Australia, 2021, pp. 149-161, doi:10.5121/csit.2021.110913


Full Text: PDF

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

IT in Innovation IT in Business IT in Engineering IT in Health IT in Science IT in Design IT in Fashion

IT in Industry @ http://www.it-in-industry.com . ISSN (Online): 2203-1731; ISSN (Print): 2204-0595