Secure and Fault-Tolerant Key Management
Security network protocols such as TLS and SSH use public key cryptography for client authentication. Clients are responsible for storing and handling their private keys, but such private keys are prone to leakage and theft. In fact, many recent infamous attacks exploit stolen or leaked private keys from client machines.
In this work we present a secure and fault-tolerant logically-centralized security management system, in which a key is never exposed, anywhere. We leverage k-out-of-n threshold security techniques to provide a high level of security, with integrated fault-tolerance and proactive re-keying that enhances security. The system provides secure storage and signing services, such that private keys are never stored anywhere, not even when they are used, and not even in main memory or cache. Instead, private keys are split into n shares, such that at least k shares are required in order to use a key. We employ a novel distributed algorithm to refresh the shares every few seconds to prevent many side-channel attacks. The system also provides central auditing and logging services, so the usage of keys and login sessions can be tracked system-wide.
The system does not require modification in the server side or the security protocols. It releases the client from the liability of holding multiple, unmanaged private keys. We implemented the system, and a patch for OpenSSL libcrypto for client side services. We show that the system is scalable and that the overhead in the client connection setup time is marginal.