# Key Management Systems at the Cloud Scale

^{1}

^{2}

^{*}

^{†}

## Abstract

**:**

## 1. Introduction

#### 1.1. Related Work

#### 1.2. Our Contribution

- We describe the challenges and considerations that need to be addressed by any design of a $\mathtt{CES}$. We explain why current modes (such as AES-GCM) are not a suitable solution to the problem and a tailored mode is required. Nevertheless, a $\mathtt{CES}$ for the public cloud should adhere to well established cryptographic standards in order to be trusted by cloud users. This restricts the flexibility of the choices that the tailored mode may have.
- We define and analyze a mode of operation ($\mathtt{CES-GCM}$) that is suitable for multi-user-multi-key large scale usages, and has nonce-misuse-independence. It builds on top of a nonce respecting mode (AES-GCM). To the best of our knowledge, this is the first multi-user-multi-key mode that is being deployed in a real cloud system.

## 2. Preliminaries and Notation

**Theorem**

**1**

**.**Let $2\le r\le q\le A$ be integers. Suppose that q balls are thrown, one by one (independently) at random, into A bins. An r-multicollision is the event where there exists at least one bin that contains at least r balls. Denote this event by $MultiColl(A,q,r)$. Then

## 3. A Cloud-Based Key Management Service

#### 3.1. Requirements

- Copious: must support many $\mathtt{CMK}$s. Customers want to reason about use cases.
- FIPS: $\mathtt{CMK}$s can only be accessed within a FIPS 140-2 certified security module.
- Low-latency: generate, encrypt and decrypt of data keys under a $\mathtt{CMK}$ must have low-latency.
- Simultaneous use: A $\mathtt{CMK}$ can be used simultaneously within the system.
- Durability: $\mathtt{CMK}$s must be at least as durable as the data that they protect.
- High volume: each $\mathtt{CMK}$ must be able to encrypt a large number of objects.
- Scalability: a $\mathtt{CES}$ should be able to support a large volume of calls across many customers.
- Distributive: a $\mathtt{CES}$ should be able to distribute the role of key generation and bulk data encryption.

#### 3.2. Desired Properties of a `CES`

`CES`should support IND-CPA and IND-CCA2 semantic security (i.e., be secure under non-adaptive and adaptive chosen plaintext and chosen ciphertext attacks). Ideally, it would use an encryption mode with 256-bit keys, in order to satisfy the strictest requirements that customers may require, and also accommodate multi-key and multi-user complications.

#### 3.3. Requirement Driven Design

“The probability that the authenticated encryption function ever will be invoked with the same $IV$ and the same key on two (or more) distinct sets of input data shall be no greater than ${2}^{-32}$.”

`CES`, $\mathtt{AWS}\phantom{\rule{3.33333pt}{0ex}}\mathtt{KMS}$, a user’s $\mathtt{CMK}$ is generated on an HSM and is accessible only on the HSMs managed by the service. To meet our durability requirements, $\mathtt{CMK}$s are stored encrypted outside of the HSM fleet in an online distributive database and a highly durable offline data store. $\mathtt{CMK}$s are bound to a globally unique key identifier ($\mathtt{keyId}$) assigned by the distributive database system. It is bound by the HSM’s encryption of the $\mathtt{CMK}$. The $\mathtt{keyId}$ is returned to the user on a successful request to create a $\mathtt{CMK}$. $\mathtt{AWS}\phantom{\rule{3.33333pt}{0ex}}\mathtt{KMS}$ only allows access to encrypt and decrypt calls under a $\mathtt{CMK}$ using the secure defaults of the system. An access control policy is associated with $\mathtt{keyId}$, and enforced on every API call referencing $\mathtt{keyId}$. The policy controls which users can encrypt or decrypt using a specific $\mathtt{CMK}$.

## 4. Security Bounds for $\mathtt{AWS}\phantom{\rule{3.33333pt}{0ex}}\mathtt{KMS}$ Mode Of Operation

#### 4.1. Abstraction of an Idealized `AWS` `KMS` Mode `CES-GCM`^{(i)}

**Remark**

**1.**

**Remark**

**2.**

`CES-GCM`

^{(i)}mode can be viewed as a special case of the general derive key mode of [13], which can be applied over any $IV$ based AEAD scheme, Π, but with the following difference. The derive key mode uses a single nonce $\mathtt{N}$ for the derivation of a per-message key, and for the encryption with Π. In contrast,

`CES-GCM`

^{(i)}mode uses $\mathtt{N}$ only for the derivation, and a separate (independent) random $IV$ for Π. This decouples the per-request key derivation, from the actual message encryption.

**Remark**

**3.**

`CMK`and

`N`, consider a trivialized instantiation where, for a user

`u`, the derivation is

`CMK`

_{u}$\u27f5$(

`CMK`

_{u},

`N`), i.e., a direct use of

`CMK`

_{u}. With this, for every

`u`, the probability that Q encryptions would lead to a collision in the randomized $n-\delta $ bits $IV$ is at most ${Q}^{2}/{2}^{(n-\delta )}$. To ensure this probability remains below the target security margin of ${2}^{-\beta}$, the limit on Q is ${2}^{(n-\delta -\beta )/2}$. This imposes an undesired constraint on the users. For example, with $n=128$, $\delta =32$, $\beta =32$, Q is limited to ${2}^{32}$. The situation is even worse at the cloud scale, because if each one of U users encrypts Q messages, then the probability that (at least) one of them will repeat an $IV$ (with their key) is $\approx U{Q}^{2}/{2}^{(n-\delta )}$, and bounding this probability limits $U\xb7{Q}^{2}$. The prepended nonce-based key derivation that is built into

`CES-GCM`

^{(i)}, is intended to address these limitations.

#### 4.2. Security Definitions for `CES-GCM`^{(i)}

#### 4.2.1. A ${\mathtt{CES-GCM}}^{\left(i\right)}$ Oracle

- (a)
- a bit b.
- (b)
- U keys ${\mathtt{CMK}}_{1},\dots ,{\mathtt{CMK}}_{U}$, each one of $\kappa $ bits.
- (c)
- a random function $h:{\{0,1\}}^{\kappa}\times {\{0,1\}}^{{\ell}_{\mathtt{N}}}\to {\{0,1\}}^{\kappa}$.

- Select, uniformly at random,
- (a)
- a string $\mathtt{N}$ of ${\ell}_{\mathtt{N}}$ bits,
- (b)
- a string $\mathtt{IV}$ of ${\ell}_{\mathtt{IV}}$ bits,
- (c)
- a string $\mathtt{S}$ of length ${\ell}_{M}+1$ blocks.

- Compute $\mathtt{K}=h({\mathtt{CMK}}_{\mathtt{u}},\mathtt{N})$.
- E-GCM encrypt M, $\mathtt{AAD}$ with $\mathtt{IV}$, under the key $\mathtt{K}$, obtaining the ciphertext $\mathtt{C}$ and the authentication tag $\mathtt{Tag}$.
- Output: $\mathtt{N}$, $\mathtt{IV}$, $\mathtt{C}\parallel \mathtt{Tag}$, if $b=0$, and $\mathtt{u}$, $\mathtt{N}$, $\mathtt{IV}$, $\mathtt{S}$, if $b=1$.

- Compute $\mathtt{K}=h({\mathtt{CMK}}_{\mathtt{u}},\mathtt{N})$.
- E-GCM decrypt $\mathtt{C}$, $\mathtt{AAD}$, $\mathtt{Tag}$, using $\mathtt{IV}$, under the key $\mathtt{K}$, obtaining the plaintext of $\mathtt{M}$, and determining if the authentication passed or failed.
- Output: if $b=0$ then: $\mathtt{M}$ (plaintext) if authentication passed and ⊥ if it failed.If $b=1$ then: ⊥.

#### 4.2.2. Adversary against ${\mathtt{CES-GCM}}^{\left(i\right)}$

**Adversary advantage.**The advantage of $\mathcal{A}$ against ${\mathtt{CES-GCM}}^{\left(i\right)}$ is $\left(\right)$.

**The PRF advantage of E in a multi-user-multi-key setting.**Define a multi-user-multi-key oracle ${\mathcal{O}}^{\prime}$ for E as follows. Let U and Q be given parameters. At setup, ${\mathcal{O}}^{\prime}$ chooses a random bit c, $U\xb7Q$ random keys of $\kappa $ bits, and $U\xb7Q$ random functions $\mathtt{f}:{\{0,1\}}^{n}\to {\{0,1\}}^{n}$, such that if two selected keys are equal the corresponding functions are also equal. Assume the keys and functions are organized in a table of U rows and Q columns indexed by $\mathtt{u}$, and $\mathtt{ind}$. A query to ${\mathcal{O}}^{\prime}$ is a tripe $[\mathtt{u},\mathtt{ind},B]$ for some $\mathtt{u}$, $\mathtt{ind}$, and $B\in {\{0,1\}}^{n}$. The response is either ${E}_{{K}_{\mathtt{u},\mathtt{ind}}}\left(B\right)$ or ${\mathtt{f}}_{\mathtt{u},\mathtt{ind}}\left(B\right)$, depending on c. An adversary ${\mathcal{A}}^{\prime}$ against E (in this setting) is an algorithm that submits queries to ${\mathcal{O}}^{\prime}$ and outputs ${c}^{\prime}$ as its guess for c. The advantage of ${\mathcal{A}}^{\prime}$ after exhausting a budget of ${q}^{\prime}=U\xb7Q\xb7({\ell}_{M}+1)$ queries is $\left(\right)$.

#### 4.3. Security Bounds for ${\mathtt{CES-GCM}}^{\left(\mathtt{i}\right)}$

#### 4.3.1. Events That May Occur during Encryption Queries

- (${\mathrm{\Lambda}}_{1}$) There are two identifiers $1\le \mathtt{u}<\mathtt{v}\le U$, such that ${\mathtt{CMK}}_{\mathtt{u}}={\mathtt{CMK}}_{\mathtt{v}}$.
- (${\mathrm{\Lambda}}_{2}$) All the $\mathtt{CMK}$’s are distinct, and there are identifiers $1\le \mathtt{u}<\mathtt{v}\le U$, and indexes $1\le i,\phantom{\rule{0.166667em}{0ex}}j\le Q$, such that ${\mathtt{K}}_{\mathtt{u},i}={\mathtt{K}}_{\mathtt{v},j}$.
- (${\mathrm{\Lambda}}_{3}$) There is an identifier $1\le \mathtt{u}\le U$, such that $\mathcal{K}\left(\mathtt{u}\right)$ contains a value that is repeated 3 or more times.
- (${\mathrm{\Lambda}}_{4}$) There is an identifier $1\le \mathtt{u}\le U$, and indexes i, j, $1\le i<j\le Q$, such that ${\mathtt{K}}_{\mathtt{u},i}={\mathtt{K}}_{\mathtt{u},j}$ and ${\mathtt{IV}}_{\mathtt{u},i}={\mathtt{IV}}_{\mathtt{u},j}$.
- (${\mathrm{\Lambda}}_{5}$) The combined list $\Sigma \mathcal{IV}$ includes a value that is repeated more than ${\mu}_{0}$ times.

**Lemma**

**1.**

- c1.
- All the
`CMK`’s are distinct. - c2.
- For every $1\le \mathtt{u}\le U$, the usage of E-GCM by $\mathtt{u}$ was proper. Furthermore, $\mathcal{K}\left(\mathtt{u}\right)$ can be split to disjoint sub-lists: $\mathtt{s}\left(\mathtt{u}\right)$ keys that were used for encrypting a single message, and $\mathtt{d}\left(\mathtt{u}\right)$ keys that were used for encrypting two messages. These satisfy the relation $\mathtt{s}\left(\mathtt{u}\right)+2\mathtt{d}\left(\mathtt{u}\right)=Q$, and $\mathtt{s}\left(\mathtt{u}\right),\mathtt{d}\left(\mathtt{u}\right)\ge 0$.
- c3.
- Across all the $U\xb7Q$ encryptions, every counter block is encrypted under at most ${\mu}_{0}$ distinct keys.

**Proof.**

**Lemma**

**2.**

**Proof.**

**Theorem 2**(${\mathtt{CES-GCM}}^{\left(\mathtt{i}\right)}$ privacy bound)

**.**

**Proof.**

**Remark**

**4**(The parameter μ

_{0})

**.**

#### Interpreting Theorem 2

#### Accounting for Real Primitives

#### Accounting for an Active (Forging) Adversary

## 5. Discussion

## Author Contributions

## Funding

## Conflicts of Interest

## References

- Services, A.W. AWS Identity and Access Management. 2016. Available online: https://aws.amazon.com/kms/ (accessed on 31 August 2017).
- McGrew, D.A.; Viega, J. The Security and Performance of the Galois/Counter Mode (GCM) of Operation. In Progress in Cryptology—INDOCRYPT 2004; Canteaut, A., Viswanathan, K., Eds.; Springer: Berlin/Heidelberg, Germany, 2005; pp. 343–355. [Google Scholar]
- Abdalla, M.; Bellare, M. Increasing the Lifetime of a Key: A Comparative Analysis of the Security of Re-keying Techniques. In Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, Kyoto, Japan, 3–7 December 2000; Springer-Verlag: London, UK, 2000; pp. 546–559. [Google Scholar] [Green Version]
- Smyshlyaev, S.V. Re-Keying Mechanisms for Symmetric Keys; Internet-Draft draft-irtf-cfrg-re-keying-11; Internet Engineering Task Force: Fremont, CA, USA, 2019. [Google Scholar]
- Chatterjee, S.; Menezes, A.; Sarkar, P. Another Look at Tightness. In Selected Areas in Cryptography; Miri, A., Vaudenay, S., Eds.; Springer: Berlin/Heidelberg, Germany, 2012; pp. 293–319. [Google Scholar]
- Mouha, N.; Luykx, A. Multi-key Security: The Even-Mansour Construction Revisited. In Proceedings of the Advances in Cryptology—CRYPTO 2015—35th Annual Cryptology Conference, Santa Barbara, CA, USA, 16–20 August 2015; pp. 209–223. [Google Scholar]
- Bellare, M.; Tackmann, B. The Multi-user Security of Authenticated Encryption: AES-GCM in TLS 1.3. In Advances in Cryptology—CRYPTO 2016; Robshaw, M., Katz, J., Eds.; Springer Berlin/Heidelberg: Berlin/Heidelberg, Germany, 2016; pp. 247–276. [Google Scholar]
- Luykx, A.; Mennink, B.; Paterson, K.G. Analyzing Multi-key Security Degradation. In Proceedings of the Advances in Cryptology—ASIACRYPT 2017—23rd International Conference on the Theory and Applications of Cryptology and Information Security, Hong Kong, China, 3–7 December 2017; pp. 575–605. [Google Scholar]
- Gueron, S.; Langley, A.; Lindell, Y. AES-GCM-SIV: Specification and Analysis. Cryptology ePrint Archive, Report 2017/168. 2017. Available online: https://eprint.iacr.org/2017/168 (accessed on 31 July 2019).
- Rogaway, P.; Shrimpton, T. A Provable-Security Treatment of the Key-Wrap Problem. In Advances in Cryptology—EUROCRYPT 2006; Vaudenay, S., Ed.; Springer: Berlin/Heidelberg, Germany, 2006; pp. 373–390. [Google Scholar] [Green Version]
- Gueron, S.; Langley, A.; Lindell, Y. AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption. RFC
**2019**, 8452, 1–42. [Google Scholar] [CrossRef] - Iyengar, J.; Thomson, M. QUIC: A UDP-Based Multiplexed and Secure Transport; Internet-Draft Draft-Ietf-Quic-Transport-20; Internet Engineering Task Force: Fremont, CA, USA, 2019. [Google Scholar]
- Gueron, S.; Lindell, Y. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 30 October–3 November 2017; pp. 1019–1036. [Google Scholar] [CrossRef]
- Bose, P.; Hoang, V.T.; Tessaro, S. Revisiting AES-GCM-SIV: Multi-user Security, Faster Key Derivation, and Better Bounds. In Proceedings of the Advances in Cryptology—EUROCRYPT 2018—37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, 39 April–3 May 2018; pp. 468–499. [Google Scholar]
- Dworkin, M. SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC; Technical Report; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2007. [Google Scholar]
- Suzuki, K.; Tonien, D.; Kurosawa, K.; Toyota, K. Birthday Paradox for Multi-collisions. In Proceedings of the 9th International Conference on Information Security and Cryptology, Busan, Korea, 30 November–1 December 2006; Springer-Verlag: Berlin/Heidelberg, Germany, 2006; pp. 29–40. [Google Scholar] [CrossRef]
- Services, A.W. AWS Key Management Service (KMS). 2019. Available online: https://docs.aws.amazon.com/IAM/latest/UserGuide/iam-ug.pdf#access_policies (accessed on 31 August 2017).
- Ramaswamy Chandramouli, M.I.; Chokhani, S. Cryptographic Key Management Issues & Challenges in Cloud Services; Technical Report; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2013. [Google Scholar]
- Chen, L. SP 800-108. Recommendation for Key Derivation Using Pseudorandom Functions (Revised); Technical Report; National Institute of Standards and Technology: Gaithersburg, MD, USA, 2009. [Google Scholar]
- Campagna, M. AWS Key Management Service Cryptographic Details. 2016. Available online: https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf (accessed on 31 August 2018).

**Figure 1.**A description of $\mathtt{AWS}\phantom{\rule{3.33333pt}{0ex}}\mathtt{KMS}$ from a user’s perspective.

**Figure 2.**An outline of the $\mathtt{AWS}\phantom{\rule{3.33333pt}{0ex}}\mathtt{KMS}$ encryption flow in the context of user $\mathtt{u}$. ${\mathrm{\Pi}}_{\mathtt{K}}\left(\right)$ symbolizes an $IV$-based authenticated encryption with associated data (AEAD) scheme, AES256-GCM in our case. The randomized nonce ($\mathtt{N}$) and $\mathtt{IV}$ can come from separate entropy sources providing protection against correlated failures.

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Campagna, M.; Gueron, S.
Key Management Systems at the Cloud Scale. *Cryptography* **2019**, *3*, 23.
https://doi.org/10.3390/cryptography3030023

**AMA Style**

Campagna M, Gueron S.
Key Management Systems at the Cloud Scale. *Cryptography*. 2019; 3(3):23.
https://doi.org/10.3390/cryptography3030023

**Chicago/Turabian Style**

Campagna, Matthew, and Shay Gueron.
2019. "Key Management Systems at the Cloud Scale" *Cryptography* 3, no. 3: 23.
https://doi.org/10.3390/cryptography3030023