Skip to main content
SpringerLink
Log in

KISS: “Key It Simple and Secure” Corporate Key Management

  • Conference paper
Trust and Trustworthy Computing (Trust 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7904))

Included in the following conference series:

Abstract

Deploying a corporate key management system faces fundamental challenges, such as fine-grained key usage control and secure system administration. None of the current commercial systems (either based on software or hardware security modules) or research proposals adequately address both challenges with small and simple Trusted Computing Base (TCB). This paper presents a new key management architecture, called KISS, to enable comprehensive, trustworthy, user-verifiable, and cost-effective key management. KISS protects the entire life cycle of cryptographic keys. In particular, KISS allows only authorized applications and/or users to use the keys. Using simple devices, administrators can remotely issue authenticated commands to KISS and verify system output. KISS leverages readily available commodity hardware and trusted computing primitives to design system bootstrap protocols and management mechanisms, which protects the system from malware attacks and insider attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. AMD. AMD64 architecture programmer’s manual. No. 24594 rev. 3.19 (2012)

    Google Scholar 

  2. Bugiel, S., Ekberg, J.: Implementing an application-specific credential platform using late-launched mobile trusted module. In: Proc. ACM STC (2010)

    Google Scholar 

  3. Cheng, Y., Ding, X., Deng, R.H.: DriverGuard: A fine-grained protection on I/O flows. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 227–244. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  4. Enck, W., McDaniel, P., Jaeger, T.: Pinup: Pinning user files to known applications. In: Proc. ACSAC (2008)

    Google Scholar 

  5. Gajek, S., Löhr, H., Sadeghi, A., Winandy, M.: Truwallet: trustworthy and migratable wallet-based web authentication. In: Proc. ACM STC (2009)

    Google Scholar 

  6. Hofmann, O.S., Kim, S., Dunn, A.M., Lee, M.Z., Witchel, E.: Inktag: secure applications on an untrusted operating system. In: Proc. ASPLOS (2013)

    Google Scholar 

  7. HP. Enterprise Secure Key Manager, http://h18006.www1.hp.com/products/quickspecs/13978_div/13978_div.PDF

  8. IBM. Tivoli Key Lifecycle Manager, http://www-01.ibm.com/software/tivoli/products/key-lifecycle-mgr

  9. Intel. Intel trusted execution techonology. No. 315168-008 (2011)

    Google Scholar 

  10. Kostiainen, K.: On-board Credentials: An Open Credential Platform for Mobile Devices. PhD thesis, Aalto University (2012)

    Google Scholar 

  11. Matrosov, A., Rodionov, E., Harley, D., Malch, J.: Stuxnet Under the Microscope, http://www.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf

  12. McCune, J., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proc. IEEE Symp. on Security and Privacy (2010)

    Google Scholar 

  13. McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for TCB minimization. In: Proc. EuroSys (2008)

    Google Scholar 

  14. Oracle. Opensolaris project: Crypto kms agent toolkit, http://hub.opensolaris.org/bin/view/Project+kmsagenttoolkit/WebHome

  15. Oracle. Oracle Key Manager, http://www.oracle.com/us/products/servers-storage/storage/tape-storage/034335.pdf

  16. Parno, B., Lorch, J.R., Douceur, J.R., Mickens, J., McCune, J.M.: Memoir: Practical state continuity for protected modules. In: Proc. IEEE Symp. on Security and Privacy (2011)

    Google Scholar 

  17. RSA. RSA Data Protection Manager, http://www.emc.com/security/rsa-data-protection-manager.html

  18. SafeNet. SafeNet hardware security modules, http://www.safenet-inc.com/products/data-protection/hardware-security-modules-hsms/

  19. StrongAuth. StrongKey SKMS, http://www.strongkey.org

  20. Thales. Thales hardware security modules, http://www.thales-esecurity.com/en/Products/Hardware%20Security%20Modules.aspx

  21. Trusted Computing Group. TPM specification version 1.2 (2009)

    Google Scholar 

  22. Trusted Computing Group. Trusted platform module library family “2.0” (2011)

    Google Scholar 

  23. VASCO. Diginotar reports security incident (2011), http://www.vasco.com/company/about_vasco/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

  24. Zhang, F., Chen, J., Chen, H., Zang, B.: Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In: Proc. ACM SOSP (2011)

    Google Scholar 

  25. Zhou, Z., Gligor, V., Newsome, J., McCune, J.: Building verifiable trusted path on commodity x86 computers. In: Proc. IEEE Symp. on Security and Privacy (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carnegie Mellon University and CyLab, Pittsburgh, Pennsylvania, United States

    Zongwei Zhou, Jun Han, Yue-Hsun Lin, Adrian Perrig & Virgil Gligor

Authors
  1. Zongwei Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jun Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yue-Hsun Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Adrian Perrig
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Virgil Gligor
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Imperial College London, SW7 2AZ, London, United Kingdom

    Michael Huth

  2. Nokia Research Center, Helsinki, Finland

    N. Asokan

  3. Department of Computer Science, ETH Zurich, Switzerland

    Srdjan Čapkun

  4. University of Oxford, UK

    Ivan Flechais

  5. Information Security Group, Royal Holloway University of London, TW20 0EX, Egham, Surrey, UK

    Lizzie Coles-Kemp

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zhou, Z., Han, J., Lin, YH., Perrig, A., Gligor, V. (2013). KISS: “Key It Simple and Secure” Corporate Key Management. In: Huth, M., Asokan, N., Čapkun, S., Flechais, I., Coles-Kemp, L. (eds) Trust and Trustworthy Computing. Trust 2013. Lecture Notes in Computer Science, vol 7904. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38908-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38908-5_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38907-8

  • Online ISBN: 978-3-642-38908-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation