Key Management In Distributed Systems

MSR-TR-2010-78 |

Published by Microsoft

Previously submitted to NDSS 2010.

We developed a cryptographic key management system for distributed networks. Our system handles every aspect of key management, including the key lifecycle, key distribution, access control, and cryptographic algorithm agility. Our software client accesses keys and other metadata stored in a distributed repository. Our system hides all key management tasks from the user; the user specifies a key management policy and our system enforces this policy. Clients perform key management tasks whenever the end user accesses keys to protect or retrieve data; there are no scheduled processes or network listeners. The repository does not need to perform any additional tasks beyond its normal course of operation: storing, servicing, and replicating data. While our system can work with a generic repository, our repository implementation is based on Microsoft Active Directory. Our system prevents data loss even if the underlying repository does not ensure consistency/atomic operations.

Publication Downloads

Distributed Key-Manager Verification

December 2, 2010

This package contains the F# and F7 source files to aid in the verification of a distributed key-management system. This new component implements a data-protection API for groups of clients. To enable long-term data protection, it supports cryptographic agility so cryptography algorithms and policies can evolve for protecting fresh data while preserving access to old data. To verify the security of our design and production code, written in C#, we write a reference implementation in F#. Formally, we verify our F# code against a logical cryptographic model using F7, a refinement type checker coupled with a model checker. Experimentally, we test that the corresponding C# and F# code fragments are interchangeable.

Download Data