Improving the Security of KMS on a Cloud Platform Using Trusted Hardware

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2018-12-10
Department
Major/Subject
Digital Media Technology
Mcode
SCI3024
Degree programme
Master's Programme in ICT Innovation
Language
en
Pages
74
Series
Abstract
For the past few years, the demand for cloud computing has increased rapidly. Users outsource data processing and storage of their private data to cloud systems. As the IoT industry is booming, cloud computing not only addresses the hardware and software restrictions of individual devices but also provides flexibility in resource allocation. According to the advantages, cloud computing plays an important role in the technology industry. However, the risk of data leakage and sensitive data exposed has raised when users outsource their data to a third party. Currently, most cryptography based security techniques pay attention to the secret while in the application, at rest or in transit. With respect to the insider attacks, the sensitive data is in danger to be attacked by compromised devices without being noticed. In order to prevent insider threats, Hardware Security Module (HSM) provides a secure cryptographic solution to protect the data in an isolated space. However, compared with a software-based solution, it is costly and lacks the scalability. According to that, in this thesis, we apply a software-based technology, such as Intel Software Guard Extensions (Intel SGX) technology, to tackle the insider and outside threats towards the system. The main idea of the research in this thesis is to utilize the Intel SGX technology in a key management service (KMS) in the cloud system to protect the sensitive data. The sensitive data inside the KMS is only processed within SGX enclaves, and implementing corresponding encryption functions within enclaves is also part of the thesis. In addition, the thesis analyses the performance implications of this solution. Moreover, we deploy the KMS with Intel SGX technology in a Kubernetes Cluster environment, in order to accomplish the high availability of the cloud system.
Description
Supervisor
Hirvisalo, Vesa
Thesis advisor
Kjällman, Jimmy
Keywords
Intel software Guard extension, kubernetes, hardware security module, key management service, advanced encryption standard
Other note
Citation