TZ-KMS: A Secure Key Management Service for Joint Cloud Computing with ARM TrustZone

Abstract

The key management service (KMS) has become a fundamental component of cloud computing. For enforce security, existing clouds usually deploy a centralized KMS protected by specialized hardware, i.e., hardware security module (HSM), which is exclusively controlled by the cloud provider. Joint cloud computing (JointCloud) is a new architecture of cloud computing, which makes the best use of the advantage of different clouds. However, in JointCloud, different cloud providers have their respective KMS. Thus it is impossible for one user’s different applications in different clouds to share the same key in different KMS. The key stored in KMS will be unreachable after the application is migrated to a new cloud, which makes the encrypted data being unusable. To address these problems, we introduce TZ-KMS which provides a trusted distributed key management service with ARM TrustZone technology. We locate a TZ-KMS instance in the secure world (a trusted execution environment provided by ARM TrustZone) of each machine, and the instance handles requests from the user application. A distributed key management method is further provided to synchronize user keys among different TZ-KMS instances. TZ-KMS allows one user’s applications, located in different clouds, to share the same key management service securely. User keys are still reachable after the application is migrated to a new cloud. We have implemented a prototype of TZ-KMS, and the evaluation shows that our system has a good performance and scalability.