Key Management In Distributed Systems

Tolga Acar, Mira Belenkiy, Lan Nguyen, and Carl Ellison

Abstract

We developed a cryptographic key management system for distributed networks. Our system handles every aspect of key management, including the key lifecycle, key distribution, access control, and cryptographic algorithm agility. Our software client accesses keys and other metadata stored in a distributed repository. Our system hides all key management tasks from the user; the user specifies a key management policy and our system enforces this policy. Clients perform key management tasks whenever the end user accesses keys to protect or retrieve data; there are no scheduled processes or network listeners. The repository does not need to perform any additional tasks beyond its normal course of operation: storing, servicing, and replicating data. While our system can work with a generic repository, our repository implementation is based on Microsoft Active Directory. Our system prevents data loss even if the underlying repository does not ensure consistency/atomic operations.

Details

Publication typeTechReport
NumberMSR-TR-2010-78
InstitutionMicrosoft Research
OrganizationMicrosoft
PublisherMicrosoft Research

Previous versions

Tolga Acar, Mira Belenkiy, Mihir Bellare, and David Cash. Cryptographic Agility and its Relation to Circular Encryption, Springer Verlag, May 2010.

> Publications > Key Management In Distributed Systems