Skip to main content
SpringerLink
Log in

Comparative Analysis of Cryptographic Key Management Systems

  • Conference paper
  • First Online:
Internet of Things, Smart Spaces, and Next Generation Networks and Systems (NEW2AN 2020, ruSMART 2020)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 12526))

Abstract

Managing cryptographic keys can be a complex task for an enterprise and particularly difficult to scale when an increasing number of users and applications need to be managed. In order to address scalability issues, typical IT infrastructures employ key management systems that are able to handle a large number of encryption keys and associate them with the authorized requests. Given their necessity, recent years have witnessed a variety of key management systems, aligned with the features, quality, price and security needs of specific organisations. While the spectrum of such solutions is welcome and demonstrates the expanding nature of the market, it also makes it time consuming for IT managers to identify the appropriate system for their respective company needs. This paper provides a list of key management tools which include a minimum set of features, such as availability of secure database for managing keys, an authentication, authorization, and access control model for restricting and managing access to keys, effective logging of actions with keys, and the presence of an API for accessing functions directly from the application code. Five systems were comprehensively compared by evaluating the attributes related to complexity of the implementation, its popularity, linked vulnerabilities and technical performance in terms of response time and network usage. These were Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp Vault was determined to be the most suitable system for small businesses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Global Encryption Trends Study. Ponemon Institute Research Report (2020)

    Google Scholar 

  2. Sinha, V.S., et al.: Detecting and mitigating secret-key leaks in source code repositories. In: 12th Working Conference on Mining Software Repositories (MSR), Florence, pp. 396–400. IEEE/ACM (2015)

    Google Scholar 

  3. Björkqvist, M., et al.: Design and implementation of a key-lifecycle management system. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 160–174. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_14

    Chapter  Google Scholar 

  4. Selecting the right key management system. Cryptomathic White Paper (2019)

    Google Scholar 

  5. Attridge, J.: An Overview of Hardware Security Modules. SANS Institute. Information Security Reading Room (2002)

    Google Scholar 

  6. Biggs, A., Cooley, S.: Management Service Architecture, IETF Internet draft (2015)

    Google Scholar 

  7. Mogull, R: Understanding and Selecting a Key Management Solution. Securosis LLC. (2013)

    Google Scholar 

  8. Allen, C.: Exploring the Lifecycle of a Cryptographic Key (2018). https://www.cryptomathic.com/news-events/blog/exploring-the-lifecycle-of-a-cryptographic-key-. Accessed 17 Jun 2020

  9. Cryptera. Understanding Remote Key Loading. https://www.cryptera.com/wp-content/uploads/2014/07/Cryptera_WP_Understanding-RKL_To-Launch.pdf. Accessed 10 Jun 2020

  10. EMV Key Management. Cryptomathic White Paper (2017)

    Google Scholar 

  11. Kumar, V., Sharma, I.: Bring-your-own-encryption: how far are we? In: 11th International Conference on Industrial and Information Systems (ICIIS), Roorkee, pp. 672–677 (2016)

    Google Scholar 

  12. AlBelooshi, B., Damiani, E., Salah, K., Martin, T.: Securing cryptographic keys in the cloud: a survey. IEEE Cloud Comput. 3(4), 42–56 (2016)

    Article  Google Scholar 

  13. Mogull, R.: Pragmatic Key Management for Data Encryption. Securosis LLC., Phoenix (2012)

    Google Scholar 

  14. Kuzminykh, I., Fliustikova, M.: Mechanisms of ensuring security in Keystone service. Probl. Telecommun. 2(25), 78–96 (2019)

    Google Scholar 

  15. Sitaram, D., Harwalkar, S., Simha, U., Iyer, S., Jha, S.: Standards based integration of advanced key management capabilities with openstack. In: IEEE International Conference on Cloud Computing in Emerging Markets (CCEM), pp. 98–103. IEEE, Bangalore (2015)

    Google Scholar 

  16. White, C., Edwards, S.: Server-client PKI for applied key management system and process. US Patent US10560440B2 (2020)

    Google Scholar 

  17. Kuzminykh, I., Yevdokymenko, M., Sokolov, V.: Encryption Algorithms in IoT: Security vs Lifetime. Data-Centric Business and Applications. LNDECT. Springer, Cham (2021, in press)

    Google Scholar 

  18. Kuzminykh, I., Carlsson, A.: Analysis of assets for threat risk model in avatar-oriented IoT architecture. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds.) NEW2AN/ruSMART -2018. LNCS, vol. 11118, pp. 52–63. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01168-0_6

    Chapter  Google Scholar 

  19. BenchmarkDotNet. Frequently asked questions. https://benchmarkdotnet.org/articles/faq.html. Accessed 10 Jun 2020

  20. Dooley, R., Edmonds, A., Hancock, D.Y., et al.: Security best practices for academic cloud service providers. Technical report (2018)

    Google Scholar 

  21. Topper, J.: Compliance is not security. Comput. Fraud Secur. 2018(3), 5–8 (2018)

    Article  Google Scholar 

  22. Hashicorp. High Availability. https://www.vaultproject.io/docs/internals/high-availability.html. Accessed 17 Jun 2020

  23. Hashicorp. Production hardening. https://learn.hashicorp.com/vault/operations/production-hardening. Accessed 17 Jun 2020

  24. Openstack. Barbican Documentation. https://docs.openstack.org/barbican/latest/. Accessed 17 Jun 2020

  25. Pinterest. Knox Wiki. https://github.com/pinterest/knox/wiki/. Accessed 17 Jun 2020

  26. Square. Keywhiz. https://github.com/square/keywhiz. Accessed 17 Jun 2020

  27. Cyberark conjur automatically secures secrets used by privileged users and machine identities. https://github.com/cyberark/conjur. Accessed 17 Jun 2020

Download references

Acknowledgement

This project has received funding from the European Union Horizon 2020 research and innovation programme under grant agreement no. 786698 and no. 833673. This work reflects authors view and Agency is not responsible for any use that may be made of the information it contains.

Author information

Authors and Affiliations

  1. King’s College London, Strand, London, WC2R 2LS, UK

    Ievgeniia Kuzminykh

  2. University of Plymouth, Drake Circus, Plymouth, PL4 8AA, UK

    Bogdan Ghita

  3. University of Portsmouth, Portsmouth, PO1 3RR, UK

    Stavros Shiaeles

  4. Kharkiv National University of Radio Electronics, Nauky av. 14, Kharkiv, 61166, Ukraine

    Ievgeniia Kuzminykh

Authors
  1. Ievgeniia Kuzminykh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bogdan Ghita
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stavros Shiaeles
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ievgeniia Kuzminykh .

Editor information

Editors and Affiliations

  1. Unit of Electrical Engineering, Tampere University, Tampere, Finland

    Olga Galinina

  2. Unit of Electrical Engineering, Tampere University, Tampere, Finland

    Sergey Andreev

  3. FRUCT Oy, Helsinki, Finland

    Sergey Balandin

  4. Unit of Electrical Engineering, Tampere University, Tampere, Finland

    Yevgeni Koucheryavy

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kuzminykh, I., Ghita, B., Shiaeles, S. (2020). Comparative Analysis of Cryptographic Key Management Systems. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. NEW2AN ruSMART 2020 2020. Lecture Notes in Computer Science(), vol 12526. Springer, Cham. https://doi.org/10.1007/978-3-030-65729-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65729-1_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65728-4

  • Online ISBN: 978-3-030-65729-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation