Title: Encryption key management as a trusted security as a service for cloud computing
Authors: Saad Fehis; Omar Nouali; Mohand-Tahar Kechadi
Addresses: Ecole Nationale Supérieure d'Informatique, BP 68M, 16309, Oued-Smar, Alger, Algeria ' Research Center on Scientific and Technical Information, Algiers, Algeria ' School of Computer Science and Informatics, University College Dublin, Dublin, Ireland
Abstract: Cloud computing has become very popular and its users and services are in constant increase. Currently, many mobile IT users are accessing business data and services without going through corporate networks. Consequently, the need for putting appropriate and robust security controls between mobile users and cloud-based services is crucial. This is the main reason behind the proliferation of new security as a service (SecaaS) offers. The common security mechanism of most services and communications is based on the encryption/signing keys, which themselves depend highly on the cryptographic key management system (CKMS) itself. This is called trustworthy protocol and its implementation is the most challenging of the whole security and protection policies and mechanisms. To deal with this challenge, we propose an approach that provides a CKMS as a trusted SecaaS based on the trusted platform module (TPM), which is the foundation for the trust, keys generation, and SecaaS authentication. We define an efficient security protocol that creates, certifies, and encrypts any encryption/signing key inside TPM. Key leaves TPM in encapsulated format, and it delivered to its owner in a secure way without decryption.
Keywords: cloud computing; security as a service; SecaaS; cryptographic key management system; CKMS; trusted platform module; TPM.
International Journal of Security and Networks, 2021 Vol.16 No.3, pp.150 - 162
Received: 31 Aug 2019
Accepted: 03 Oct 2020
Published online: 04 Oct 2021 *