Cloud Key Management using Trusted Execution Environment

Cloud storage represents a primordial component in most information technology infrastructures. Using cloud instead of on-premise storage raises several security issues, especially when secret keys are stored on the cloud. In such a setting, a robust cloud key management system is a must. Using traditional key management systems (KMS) in the cloud suffers from performance and scalability limitations. This paper, proposes an efficient and secure cloud KMS based on Trusted Execution Environment, precisely Intel SGX. The suggested system (KMSGX), while being deployed on the cloud, is fully controlled by the end-user. Therefore, KMSGX allows running on-premise software key management securely on the cloud provider side, protecting the exchanged and stored data. The security properties of the suggested design have been formalized using the Applied Pi Calculus and proved with ProVerif. The experimental results have demonstrated the system's high performance in terms of the upload and download durations and the limited overhead compared to the plain design.