INTRODUCTION

Encryption plays a fundamental role for realizing secure networked computing environments. Key management ensures reliable and secure distribution of cryptographic keys to legitimate clients, which are then able to encrypt data or to establish secure communication channels. Key management for cloudscale distributed installations poses additional challenges over classical, centralized systems, due to the vastly bigger systems and the higher demands for resilience and security. Maintaining the confidentiality of encryption keys is extremely important, especially for encrypting data in storage systems, where losing access to the encryption key implies losing the data itself. A communication system, in contrast, may just restart the session if a key is lost. As key management is critical for many environments, industry standards have been introduced to separate keymanagement functions from the components that consume keys, and to consolidate key lifecycle management at centralized, well-protected systems [1]. Key management can be seen as an essential service of an IT infrastructure and especially for cloud platforms, similar to network connectivity, computing, and storage. The most prominent standard for distributed key management today is the OASIS Key Management Interoperability Protocol (KMIP) [2], which specifies operations for managing, storing, and retrieving keys at a remote server. For local key management using library-style access PKCS #11 [3] is the prevalent interface. In the context of cloud services, where service interactions are REST calls, the open-source Barbican [4] key manager provides keys to all services of OpenStack. Commercial cloud platforms use proprietary protocols inside their infrastructure. Key managers differ according to the operations they support and in terms of their performance, resilience, and security. Prominent commercial key servers often put emphasis on the needs of enterprise environments, such as fine-grained authentication and support for hardware security modules (HSMs). For example, governmental standards for handling health data dictate a reliable audit trail to reconstruct all operations accessing cryptographic keys. Enterprise key managers are also designed for high availability to allow uninterrupted service. They must support the complete lifecycle of cryptographic secrets, with operations for creating, importing, storing, reading, updating, exporting, and deleting keys. Designing and operating a key-management service in a distributed system with many entities running cryptographic operations is challenging because it must balance between the conflicting goals of performance and security.