Key management issues in cloud and the introduction of post-quantum cryptography

Introduction

In recent years, from the perspective of economic security, there has been a growing demand in Japan for systems that handle important information to operate autonomously without relying on foreign-owned clouds. The "Requirements Formulation Guide for Systems Handling Important Information" (*1) by the Ministry of Economy, Trade and Industry and the Information Processing Promotion Agency (IPA) presents guidelines for achieving both "convenience", such as responsiveness to changes, and "autonomy" of administrators during operation of the cloud.

As one of the requirements for ensuring "autonomy," these guidelines define measures for each purpose, such as "secure and separate storage of encryption keys," which manages data and encryption keys separately and prevents them from being stolen at the same time, "hardware separation of encryption keys," which stores data and encryption keys on separate hardware and prevents data leakage by preventing the decryption key from being taken out even if the system infrastructure is intruded upon, and "organizational separation of encryption key management," which separates the management of data and keys into separate organizations so that they cannot be decrypted by a single organization (Table 1). [*]

Table 1: Some excerpts from the "Requirements Formulation Guide for Systems Handling Important Information"

• (*1) IPA, "Requirements Formulation Guide for Systems Handling Important Information Ver. 1.0," July 2023 (Japanese). English translation by NTT DATA Group Corporation.

Security Issues in Public Clouds

On the other hand, in public clouds, there is a risk that uploaded information or information generated on cloud services can be viewed by cloud providers. For example, the terms of service of a public cloud may state that customer information may be used as materials for research and development within a cloud provider, or that information may be submitted by order of a country or court. Even outside the terms of service, there is a risk that information may be leaked due to internal improprieties or human errors within a cloud provider.

Concerns about such public clouds are growing in various countries, and the "sovereign cloud = a cloud that users can control with sovereignty from the viewpoint of economic security" is attracting a great deal of attention (*2).

Furthermore, in recent years, there has been a growing demand for hybrid cloud configurations in which a public cloud that considers convenience is linked with a private cloud which considers autonomy, and additionally even on-premises depending on the situation (*3). Since environments with different security levels are linked in a hybrid cloud, the burden on users to manage the usage status of encryption keys is increasing.

In addition, regarding cryptographic algorithms, which uses encryption keys for processing, if quantum computers that can perform calculations at extremely high speeds appear, there is a possibility that current algorithms will be deciphered in a realistic time frame in the future.

Therefore, there is a need to develop a cryptographic key management system to solve these issues.

• (*2) What is the Sovereign Cloud that attracts attention from the viewpoint of economic security? (Japanese)
• (*3) Key players in the cloud industry talk about the future of hybrid cloud (Japanese)

Realization of a Robust Key Management System

To solve security issues in the public cloud, a key management system (KMS) that separates data protection and encryption key management and additionally, enables users to manage encryption keys themselves is required.

In cloud key management, several functions are provided depending on the degree to which users can control encryption keys (Figure 1).

Figure 1: User control model in the public cloud (*4)

• Cloud native key management The cloud operator generates, uses, and manages the keys. There is a risk that security may be compromised due to internal impropriety or human error on the part of the cloud operator.
• BYOK (Bring Your Own Key) The user generates the keys. The generated keys are brought to the cloud operator, and the keys are managed by the cloud operator.
• HYOK (Hold Your Own Key) The cloud operator uses the user's KMS. The cloud operator handles keys under the user's control, and the user can always manage the keys.
• BYOE (Bring Your Own Encryption) Users manage and use the keys. It is possible to prevent cloud providers from accessing the keys.

Which control level functions are used depends on the security requirements of the users. However, each control level is required to provide the protection and assurance required for encryption keys and the functions required for key lifecycle management.

• (*4) Created by NTT Data Group based on Cloud Data Protection, the Japan Cloud Security Alliance (Japanese) (PDF: 2.5MB)

Post-Quantum Cryptography

In the case of "cryptographic key," the actual processing is a cryptographic algorithm. As mentioned earlier, conventional public-key cryptographic algorithms such as RSA cryptography may be cracked by quantum computers in a realistic time frame in the future. Therefore, it is very important to support a cryptographic algorithm that is unbreakable even by quantum computers = Post-Quantum Cryptography; (PQC).

The National Institute of Standards and Technology (NIST) in the United States has been promoting standardization activities since 2016 with the aim of migrating public key cryptography used by the federal government to PQC by around 2030.

The schedule for migrating to PQC is shown in Figure 2. As of June 2024, 1 method for key exchange and 3 methods for digital signature have already been selected as standard methods. The drafts of 3 of these methods have been published, and standardization documents are expected to be officially published around summer of 2024. In addition, 4 methods for key exchange are being evaluated in Round 4, and additional standard methods are expected to be decided around autumn of 2024. In addition, for digital signature, an additional Round 1 evaluation is being conducted for newly submitted algorithms, and the evaluation will proceed over the next few years (*5).

Figure 2: NIST's PQC Standardization Schedule

Major public cloud providers are also participating in NIST's PQC standardization process by applying their algorithms and starting to support PQC in their clouds (Table 2). We will keep an eye on NIST and each cloud provider's activities, including which algorithms they will adopt in the future.

Table 2: PQC Algorithms Adopted and Involved by Major Public Cloud Providers

• (*5) Dustin Moody, "Are we there yet? An Update on the NIST PQC Standardization Project," 5th NIST PQC Standardization Conference, April 10-12 2024 (PDF: 1.5MB)

Towards Stronger Key Management

Crypto-Agility (Cryptographic Agility) is an important concept in the transition to PQC. Crypto-Agility is a term commonly used to mean "Designed and implemented in such a way that one cipher can be easily migrated to another without major changes to the system infrastructure or processes." Security authorities in countries such as the Netherlands, Germany, and France list Crypto-Agility as an important function and characteristic that should be added to IT systems that are planning to migrate to cryptographic algorithms, and this concept will undoubtedly become important in the future.

One way to realize Crypto-Agility is the hybrid mode of TLS 1.3 (Transport Layer Security 1.3) (Figure 3).

TLS 1.3 is a protocol to ensure the security of Internet communications. It encrypts communication contents and protects the confidentiality and integrity of data between servers and clients. Hybrid mode refers to an implementation method which "the combination of traditional algorithms and PQC ensures security if one is compromised, and the other is safe."

Compromise refers to a state in which a cryptographic algorithm or security system becomes vulnerable and insecure due to new attack techniques or technologies. In the future, with the development of quantum computers, this method can be used to ensure security not only when a conventional cryptographic algorithm is compromised, but also when a vulnerability is discovered against PQC, which has a short history of security evaluation history.

Figure 3: Hybrid mode in TLS 1.3

There are two types of applications of hybrid mode in TLS 1.3: key exchange and signature (Table 3). As for implementation methods, the Internet Engineering Task Force (IETF), a standardization organization, has published several Internet drafts, and we would like to keep an eye on the trends, including which implementation methods will become common in the future.

Table 3: Applications of TLS1.3 hybrid mode (*6)

• (*6) Douglas Stebila, "New Initiatives in Open-Source Post-Quantum Software," International Cryptographic Module Conference 2024 (PDF: 852KB)

Conclusion

This article described the current security issues in the cloud and the requirements for key management systems to solve them. In addition, we discussed PQC standardization trends and important points for the transition in relation to cryptographic algorithms, which uses cryptographic keys for processing. NTT DATA is currently researching and developing a key management system that meets these requirements (*7). Please keep an eye on the development results and utilization in the future.

• (*7) This development is being carried out as a commissioned project from the New Energy and Industrial Technology Development Organization (NEDO) for "Development of basic technologies for hybrid cloud use/Data security technology through robust key management (key management software technology)" (23200711-0).