TL;DR
This paper presents a TEE-based Cloud Key Store (CKS) that securely manages personal cryptographic keys across devices, enabling remote attestation, policy controls, delegation, and auditing with high performance.
Contribution
The paper introduces a novel TEE-based cloud key management system with features like remote attestation, access policies, delegation, and audit logs, validated through implementation and evaluation.
Findings
Performs ~6,000 signatures/sec on a desktop PC
Latency comparable to local keys, 20x faster than smart cards
Enables secure multi-device key management with audit and delegation
Abstract
Personal cryptographic keys are the foundation of many secure services, but storing these keys securely is a challenge, especially if they are used from multiple devices. Storing keys in a centralized location, like an Internet-accessible server, raises serious security concerns (e.g. server compromise). Hardware-based Trusted Execution Environments (TEEs) are a well-known solution for protecting sensitive data in untrusted environments, and are now becoming available on commodity server platforms. Although the idea of protecting keys using a server-side TEE is straight-forward, in this paper we validate this approach and show that it enables new desirable functionality. We describe the design, implementation, and evaluation of a TEE-based Cloud Key Store (CKS), an online service for securely generating, storing, and using personal cryptographic keys. Using remote attestation, users…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
