Key Management In Distributed Systems

We developed a cryptographic key management system for distributed networks. Our system handles every aspect of key management, including the key lifecycle, key distribution, access control, and cryptographic algorithm agility. Our software client accesses keys and other metadata stored in a distributed repository. Our system hides all key management tasks from the user; the user specifies a key management policy and our system enforces this policy. Clients perform key management tasks whenever the end user accesses keys to protect or retrieve data; there are no scheduled processes or network listeners. The repository does not need to perform any additional tasks beyond its normal course of operation: storing, servicing, and replicating data. While our system can work with a generic repository, our repository implementation is based on Microsoft Active Directory. Our system prevents data loss even if the underlying repository does not ensure consistency/atomic operations.

Distributed Key Lifecycle Management.pdf
PDF file

Publisher  Microsoft Research
© 2010 Microsoft Corporation. All rights reserved.

Details

TypeTechReport
NumberMSR-TR-2010-78
InstitutionMicrosoft Research
OrganizationMicrosoft

Previous Versions

Tolga Acar, Mira Belenkiy, Mihir Bellare, and David Cash. Cryptographic Agility and its Relation to Circular Encryption, Springer Verlag, May 2010.

> Publications > Key Management In Distributed Systems