Abstract
This paper describes a cloud-scale encryption system. It discusses the constraints that shaped the design of Amazon Web Services’ Key Management Service, and in particular, the challenges that arise from using a standard mode of operation such as AES-GCM while safely supporting huge amounts of encrypted data that is (simultaneously) generated and consumed by a huge number of users employing different keys. We describe a new derived-key mode that is designed for this multi-user-multi-key scenario typical at the cloud scale. Analyzing the resulting security bounds of this model illustrates its applicability for our setting. This mode is already deployed as the default mode of operation for the AWS key management service.
Highlights
Key management for a public cloud is based on the promise for availability, durability, and absolute security and privacy
This paper examines the requirements for a cloud-scale encryption system” (CES) against some engineering decisions that were made in deploying the real-world solution called Amazon Web Services (AWS)
This paper describes the CES-GCM mode currently used in AWS KMS
Summary
Key management for a public cloud is based on the promise for availability, durability, and absolute security and privacy. An adequate symmetric authenticated encryption with associated data (AEAD) mode of operation is a critical building block for the service, and AES-GCM [2] is a natural selection for such a primitive. It is a (NIST) standard model that enjoys overall acceptance, security proofs, and excellent. Conforming to standardized ciphers and modes induces requirements for avoiding IV reuse This imposes a need for frequent change of master keys before reaching IV collision probability thresholds. This mode uses a random nonce and IV and applies a nonce-based key derivation before every encryption
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have