Computer Science ›› 2017, Vol. 44 ›› Issue (3): 3-9.doi: 10.11896/j.issn.1002-137X.2017.03.002

Previous Articles     Next Articles

Key Management Issues and Challenges in Cloud

YANG Lu and YE Xiao-jun   

  • Online:2018-11-13 Published:2018-11-13

Abstract: In order to securely interact with cloud data services and store sensitive data which generated or processed by these services in the cloud environment,cloud suppliers need to provide different kinds of security encryption mechanisms.Compared with traditional IT systems,due to different ownerships among customers,suppliers and owners,cryptographic services will generate large scales of keys in different cloud service modes (Infrastructure as a Service,Platform as a Service,Software as a Service) which leads to much more complex issues of key management.This paper identified some key types,kinds of possible key states,essential key management functions and common security requirements,discussed key management’s security capabilities in the context of architectural solutions by taking three common cloud services modes as examples,and proposed some suggestions about related application system architecture of key management interoperability and possible system features of key management interoperability in the respect of interoperability requirements.

Key words: Cloud service,Security capability,Key management,Key management interoperability

[1] LIU F,TONG J,MAO J,et al.NIST Cloud Computing Reference Architecture:NIST SP 500-292[S].National Institute of Standards and Technology,2011.
[2] THOTA K,BURGIN K.Key Management Interoperability Pro-tocol Specification v1.2[S].OASIS,2015.
[3] 陈兴蜀,左晓栋,闵京华,等.信息安全技术云计算服务安全指南:GB/T 31167-2014[S].北京:中国标准出版社,2014.
[4] CHANDRAMOULI R,IORGA M,CHOKHANI S.Secure CloudComputing [M].Springer New York,2014:1-30.
[5] GLEESON S,ZIMMAN C.PKCS#11 Cryptographic Token Interface Base Specification v2.40[S].OASIS,2015.
[6] BARKER E.Recommendation for Key Management-Part 1:General (Revision 4):SP800-57[S].National Institute of Standards and Technology,2015.
[7] BALL M V,HIBBARD E.Standard for Key Management Infrastructure for Cryptographic Protection of Stored Data:IEEE P1619.3[S].2009.
[8] Information technology-Security techniques-Key management-Part1:Framework:ISO/IEC11770[S].Tampa,Florida (USA):ISO/IEC JTC 1/SC 27,2010.
[9] WONG M S.Current Data Security Issues of NoSQL Databases[DB/OL].[2014].https://www.fidelissecurity.com/files/NDFInsightsWhitePaper.pdf.
[10] BARKER E,BRANSTAD D,CHOKHANI S,et al.Cryptog-raphic Key Management Workshop Summary[DB/OL].http://csrc.nist.gov/publications/nistir/ir7609/nistir-7609.pdf.
[11] BARROSO J M D,AGUILAR L J, GUNDN P G,et al.Digital Enterprise and Information Systems[M].Springer Berlin Heidelberg,2011:691-702.
[12] MELL P,GRANCE T.The NIST definition of cloud computing[J].Communications of the ACM,2011,3(6):50.
[13] FERNADES D A B,SOARES L F B,GOMES J V,et al.Security issues in cloud environments:a survey[J].International Journal of Information Security,2014,13(2):113-170.
[14] JANSEN W A.Cloud hooks:Security and privacy issues in cloud computing[C]∥2011 44th Hawaii International Conference on System Sciences (HICSS).IEEE,2011:1-10.
[15] LEI S,DAI Z S,GUO J D.Research on key management infrastructure in cloud computing environment[C]∥2010 9th International Conference on Grid and Cooperative Computing (GCC).IEEE,2010:404-407.
[16] RAMGOVIND,SUMANT,ELOFF M M,et al.The management of security in cloud computing[C]∥Information Security for South Africa (ISSA),2010.IEEE,2010:1-7.
[17] SO,KUYORO.Cloud computing security issues and challenges[J].International Journal of Computer Networks,2011,3(5):247-255.
[18] HASHIZUME K,ROSADO D G,FEMANDEZ E B,et al.An analysis of security issues for cloud computing[J].Journal of Internet Services and Applications,2013,4(1):1-13.
[19] BHARDWAJ S,JAIN L,JAIN S.Cloud computing:A study of infrastructure as a service (IAAS)[J].International Journal of engineering and information Technology,2010,2(1):60-63.
[20] BONIFACE M,NASSER B,PAPAY J,et al.Platform-as-a-service architecture for real-time quality of service management in clouds[C]∥2010 Fifth International Conference on Internet and Web Applications and Services (ICIW).IEEE,2010:155-160.
[21] SOARES L F B,FERNANDES D A B,GOMES J V,et al.Cloud security:state of the art[M]∥Security,Privacy and Trust in Cloud Systems.Springer Berlin Heidelberg,2014:3-44.
[22] VAQUERO,LUIS M,LUIS R M,et al.Locking the sky:a survey on IaaS cloud security[J].Computing,2011,91(1):93-118.
[23] JANSEN,WAYNE,GRANCE T.Guidelines on security andprivacy in public cloud computing[J].NIST special publication,2011,0(144):10-11.
[24] MELL,PETER,GRANCE T.Effectively and securely using the cloud computing paradigm[J].NIST,Information Technology Laboratory,2009:304-311.
[25] BERNSTEIN,DAVID,VIDOVIC N,et al.Cloud PAAS for high scale,function,and velocity mobile applications-with reference application as the fully connected car[C]∥2010 Fifth International Conference on Systems and Networks Communications (ICSNC).IEEE,2010:117-123.
[26] TAKABI,HASSAN,JOSHI J B D.Security and privacy challenges in cloud computing environments[J].IEEE Security & Privacy,2011,8(6):24-31.
[27] KRUTZ,RONALD L,VINES R D.Cloud security:A comprehensive guide to secure cloud computing[M].Wiley Publishing,2010.
[28] JU J,WANG Y,FU J,et al.Research on key technology in SaaS[C]∥2010 International Conference on Intelligent Computing and Cognitive Informatics.IEEE,2010:384-387.
[29] DESHMOKH A P,QVRESHI R.Transparent Data Encryption-Solution for Security of Database Contents[J].International Journal of Advanced Computer Science & Applications,2011,2(3).
[30] LUO J Z,JIN J H,SONG A B,et al.Cloud computing:architecture and key technologies[J].Journal of China Institute of Communications,2011,32(7):3-21.
[31] HU J,KLEIN A.A benchmark of transparent data encryption for migration of Web applications in the cloud[C]∥Eighth IEEE International Conference on Dependable,Autonomic and Secure Computing,2009(DASC’09).IEEE,2009:735-740.
[32] BRENDER,NATHALIE,MARKOV I.Risk perception and risk management in cloud computing:Results from a case study of Swiss companies[J].International Journal of Information Management,2013,33(5):726-733.
[33] ASHKTORAB,VAHID,TAGHIZADEH S R.Security threats and countermeasures in cloud computing[J].International Journal of Application or Innovation in Engineering & Management (IJAIEM),2012,1(2):234-245.
[34] ADAMSON,GRAN,WANG L H,et al.The state of the art of cloud manufacturing and future trends[C]∥ASME 2013 international manufacturing science and engineering conference collocated with the 41st North American manufacturing research conference.American Society of Mechanical Engineers,2013:V002T02A004-V002T02A004.
[35] LUO W J,X M.Attribute-based encryption and re-encryption key management in cloud computing[J].Journal of Computer Applications,2013,33(10):2832-2834.(in Chinese) 罗文俊,徐敏.云环境下的基于属性和重加密的密钥管理[J].计算机应用,2013,33(10):2832-2834.
[36] KULKARNI,GAURAV,et al.A security aspects in cloud computing[C]∥2012 IEEE 3rd International Conference on Software Engineering and Service Science (ICSESS).IEEE,2012:547-550.
[37] BAMIAH,MERVAT,et al.Cloud implementation security cha-llenges[C]∥2012 International Conference on Cloud Computing Technologies,Applications and Management (ICCCTAM).IEEE,2012:174-178.
[38] VAQUERO,LUIS M,LUIS R M,et al.Locking the sky:a survey on IaaS cloud security[J].Computing,2011,91(1):93-118.
[39] IBRAHIM,AMANI S,HAMLYN-HARRIS J H,et al.Emer-ging security challenges of cloud virtual infrastructure[C]∥APSEC 2010 Cloud Workshop.Sydney,Australia,2010.
[40] COSTANZO,ALEXANDRE D,et al.Harnessing cloud techno-logies for a virtualized distributed computing infrastructure[J].Internet Computing,IEEE,2009,13(5):24-33.
[41] DOMINIK B,WEGENER C.Technical issues of forensic investigations in cloud computing environments[C]∥2011 IEEE Sixth International Workshop on Systematic Approaches to Di-gital Forensic Engineering (SADFE).IEEE,2011:1-10.
[42] JAYASINGHE,DEEPAL,et al.Expertus:A generator approachto automate performance testing in IaaS clouds[C]∥2012 IEEE 5th International Conference on Cloud Computing (CLOUD).IEEE,2012:115-122.
[43] ASTROVA,IRINA,KOSCHEL A,et al.IaaS Platforms:How Se-cure are They[C]∥2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA).IEEE,2016:843-848.
[44] BHATNAGAR,YATHARTH,SARWESH S,et al.DBMS as a Cloud Service[J].(IJCSIT) International Journal of Computer Science and Information Technologies,2014,5(3):3052-3054.
[45] KONSTANTINOU,IOANNIS,et al.On the elasticity of nosql databases over cloud management platforms[C]∥Proceedings of the 20th ACM International Conference on Information and Knowledge Management.ACM,2011:2385-2388.
[46] GIESSMANN A,STANOEVSKA-SLABEVA K.Business mo-dels of platform as a service (PaaS) providers:current state and future directions[J].JITTA:Journal of Information Technology Theory and Application,2012,13(4).
[47] RODERO-MERINO L,VAQUERO L M,CARON E,et al.Building safe PaaS clouds:A survey on security in multitenant software platforms[J].Computers & Security,2012,31(1):96-108.
[48] VAQUERO,LUSI M,LUIS R M,et al.Dynamically scaling applications in the cloud[J].ACM SIGCOMM Computer Communication Review,2011,41(1):45-52.
[49] LIU Z H,WANG Y H,LIN R H.A novel development andanalysis solution to PaaS log by using CouchDB[C]∥2012 3rd IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC).IEEE,2012:251-255.
[50] AHMED M.Trust enhanced security in SaaS cloud computing[R].Deakin University,2013.
[51] ZHONG C,ZHANG J,XIA Y,et al.Construction of a trusted SaaS platform[C]∥2010 Fifth IEEE International Symposium on Service Oriented System Engineering (SOSE).IEEE,2010:244-251.
[52] FABIO B,CORRADI A,FOSCHINI L.Database security ma-nagement for healthcare SaaS in the Amazon AWS Cloud[C]∥2012 IEEE Symposium on Computers and Communications (ISCC).IEEE,2012:000812-000819.
[53] PARK N.Secure data access control scheme using type-based re-encryption in cloud environment[M]∥Semantic Methods for Knowledge Management and Communication.Springer Berlin Heidelberg,2011:319-327.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!