Advertisement

Cryptographic Key Management Issues and Challenges in Cloud Services

  • Ramaswamy ChandramouliEmail author
  • Michaela Iorga
  • Santosh Chokhani
Chapter

Abstract

To interact with various services in the cloud and to store the data generated/processed by those services, several security capabilities are required. Based on a core set of features in the three common cloud services – Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS), we identify a set of security capabilities needed to exercise those features and the cryptographic operations they entail. An analysis of the common state of practice of the cryptographic operations that provide those security capabilities reveals that the management of cryptographic keys takes on an additional complexity in cloud environments compared to enterprise IT environments due to: (a) difference in ownership (between cloud Consumers and cloud Providers) and (b) control of infrastructures on which both the Key Management System (KMS) and protected resources are located. This document identifies the cryptographic key management challenges in the context of architectural solutions that are commonly deployed to perform those cryptographic operations.

Keywords

Cloud Computing Cloud Service Cloud Provider Message Authentication Code Transport Layer Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, and D. Leaf, NIST Cloud Computing Reference Architecture (NIST SP 500-292), National Institute of Standards and Technology, U.S. Department of Commerce (2011). http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505
  2. 2.
    P. Mell and T. Grance, The NIST definition of cloud computing (NIST SP 800-145), National Institute of Standards and Technology, U.S. Department of Commerce (2011) http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
  3. 3.
    L. Badger, D. Berstein, R. Bohn, F. de Valux, M. Hogan, J. Mao, J. Messina, K. Mills, A. Sokol, J. Tong, F. Whiteside, and D. Leaf, US government cloud computing technology roadmap volume 1: High-priority requirements to further USG agency cloud computing adoption (NIST SP 500-293, Vol. 1), National Institute of Standards and Technology, U.S. Department of Commerce (2011). http://www.nist.gov/itl/cloud/upload/SP_500_293_volumeI-2.pdf
  4. 4.
    L. Badger, R. Bohn, S. Chu, M. Hogan, F. Liu, V. Kaufmann, J. Mao, J. Messina, K. Mills, A. Sokol, J. Tong, F. Whiteside, and D. Leaf, US government cloud computing technology roadmap volume II: Useful information for cloud adopters (NIST SP 500-293, Vol. 2), National Institute of Standards and Technology, U.S. Department of Commerce (2011). http://www.nist.gov/itl/cloud/upload/SP_500_293_volumeII.pdf.
  5. 5.
    L. Badger, T. Grance, R. Patt-Corner, and J. Voas, Cloud Computing Synopsis and Recommendations (NIST SP 800-146), National Institute of Standards and Technology, U.S. Department of Commerce (2012). http://csrc.nist.gov/publications/nistpubs/800-146/sp800-146.pdf
  6. 6.
    W. Jansen and T. Grance, Guidelines on Security and Privacy in Public Cloud Computing (NIST SP 800-144). National Institute of Standards and Technology, U.S. Department of Commerce (2011). http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf.
  7. 7.
    Secure Shell (SSH) Transport Layer Protocol, http://www.ietf.org/rfc/rfc4253.txt
  8. 8.
    The Transport Layer Security (TLS) Protocol Version 1.2, http://tools.ietf.org/html/rfc5246
  9. 9.
    Internet Security Glossary, Version 2, http://tools.ietf.org/rfc/rfc4949.txt
  10. 10.
    F.Bracci, A.Corradi and L.Foschini, Database Security Management for Healthcare SaaS in the Amazon AWS Cloud, IEEE Computer, 2012.Google Scholar
  11. 11.
    Understanding and Selecting a Database Encryption or Tokenization Solution, http://securosis.com
  12. 12.
    Best Practices in Securing Your Customer Data in Salesforce, Force.com, and Chatter, http://www.ciphercloud.com

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Ramaswamy Chandramouli
    • 1
    Email author
  • Michaela Iorga
    • 1
  • Santosh Chokhani
    • 2
  1. 1.National Institute of Standards and TechnologyGaithersburgUSA
  2. 2.CygnaCom SolutionsMcLeanUSA

Personalised recommendations