Comparative analysis of cryptographic key management systems

Levgeniia Kuzminykh; Bogdan Ghita; Stavros Shiaeles

doi:10.1007/978-3-030-65729-1_8

Comparative analysis of cryptographic key management systems

Levgeniia Kuzminykh^*, Bogdan Ghita, Stavros Shiaeles

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

198 Downloads (Pure)

Abstract

Managing cryptographic keys can be a complex task for an enterprise and particularly difficult to scale when an increasing number of users and applications need to be managed. In order to address scalability issues, typical IT infrastructures employ key management systems that are able to handle a large number of encryption keys and associate them with the authorized requests. Given their necessity, recent years have witnessed a variety of key management systems, aligned with the features, quality, price and security needs of specific organisations. While the spectrum of such solutions is welcome and demonstrates the expanding nature of the market, it also makes it time consuming for IT managers to identify the appropriate system for their respective company needs. This paper provides a list of key management tools which include a minimum set of features, such as availability of secure database for managing keys, an authentication, authorization, and access control model for restricting and managing access to keys, effective logging of actions with keys, and the presence of an API for accessing functions directly from the application code. Five systems were comprehensively compared by evaluating the attributes related to complexity of the implementation, its popularity, linked vulnerabilities and technical performance in terms of response time and network usage. These were Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp Vault was determined to be the most suitable system for small businesses.

Original language	English
Title of host publication	Internet of Things, Smart Spaces, and Next Generation Networks and Systems - 20th International Conference, NEW2AN 2020 and 13th Conference, ruSMART 2020, Proceedings
Editors	Olga Galinina, Sergey Andreev, Sergey Balandin, Yevgeni Koucheryavy
Publisher	Springer
Pages	80-94
Number of pages	15
ISBN (Electronic)	9783030657291
ISBN (Print)	9783030657284
DOIs	https://doi.org/10.1007/978-3-030-65729-1_8
Publication status	Published - 22 Dec 2020
Event	20th International Conference on Next Generation Teletraffic and Wired/Wireless Advanced Networks and Systems, NEW2AN 2020 and 13th Conference on the Internet of Things and Smart Spaces, ruSMART 2020 - St. Petersburg, Russian Federation Duration: 26 Aug 2020 → 28 Aug 2020

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	12526
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	20th International Conference on Next Generation Teletraffic and Wired/Wireless Advanced Networks and Systems, NEW2AN 2020 and 13th Conference on the Internet of Things and Smart Spaces, ruSMART 2020
Country/Territory	Russian Federation
City	St. Petersburg
Period	26/08/20 → 28/08/20

Keywords

Cryptography
Key distribution
Key management service
Secret handling

Access to Document

10.1007/978-3-030-65729-1_8

Comparative Analysis AAM
This is a post-peer-review, pre-copyedit version of an article published in Lecture Notes in Computer Science. The final authenticated version is available online at: http://dx.doi.org/10.1007/978-3-030-65729-1_8.
Accepted author manuscript (Post-print), 330 KB

Cite this

Kuzminykh, L., Ghita, B., & Shiaeles, S. (2020). Comparative analysis of cryptographic key management systems. In O. Galinina, S. Andreev, S. Balandin, & Y. Koucheryavy (Eds.), Internet of Things, Smart Spaces, and Next Generation Networks and Systems - 20th International Conference, NEW2AN 2020 and 13th Conference, ruSMART 2020, Proceedings (pp. 80-94). (Lecture Notes in Computer Science; Vol. 12526). Springer. https://doi.org/10.1007/978-3-030-65729-1_8

Kuzminykh, Levgeniia ; Ghita, Bogdan ; Shiaeles, Stavros. / Comparative analysis of cryptographic key management systems. Internet of Things, Smart Spaces, and Next Generation Networks and Systems - 20th International Conference, NEW2AN 2020 and 13th Conference, ruSMART 2020, Proceedings. editor / Olga Galinina ; Sergey Andreev ; Sergey Balandin ; Yevgeni Koucheryavy. Springer, 2020. pp. 80-94 (Lecture Notes in Computer Science).

@inproceedings{07f5f54b660d4d6290e3035be812582f,

title = "Comparative analysis of cryptographic key management systems",

abstract = "Managing cryptographic keys can be a complex task for an enterprise and particularly difficult to scale when an increasing number of users and applications need to be managed. In order to address scalability issues, typical IT infrastructures employ key management systems that are able to handle a large number of encryption keys and associate them with the authorized requests. Given their necessity, recent years have witnessed a variety of key management systems, aligned with the features, quality, price and security needs of specific organisations. While the spectrum of such solutions is welcome and demonstrates the expanding nature of the market, it also makes it time consuming for IT managers to identify the appropriate system for their respective company needs. This paper provides a list of key management tools which include a minimum set of features, such as availability of secure database for managing keys, an authentication, authorization, and access control model for restricting and managing access to keys, effective logging of actions with keys, and the presence of an API for accessing functions directly from the application code. Five systems were comprehensively compared by evaluating the attributes related to complexity of the implementation, its popularity, linked vulnerabilities and technical performance in terms of response time and network usage. These were Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp Vault was determined to be the most suitable system for small businesses.",

keywords = "Cryptography, Key distribution, Key management service, Secret handling",

author = "Levgeniia Kuzminykh and Bogdan Ghita and Stavros Shiaeles",

note = "Funding Information: This project has received funding from the European Union Horizon 2020 research and innovation programme under grant agreement no. 786698 and no. 833673. This work reflects authors view and Agency is not responsible for any use that may be made of the information it contains. Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2020. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.; 20th International Conference on Next Generation Teletraffic and Wired/Wireless Advanced Networks and Systems, NEW2AN 2020 and 13th Conference on the Internet of Things and Smart Spaces, ruSMART 2020 ; Conference date: 26-08-2020 Through 28-08-2020",

year = "2020",

month = dec,

day = "22",

doi = "10.1007/978-3-030-65729-1_8",

language = "English",

isbn = "9783030657284",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "80--94",

editor = "Olga Galinina and Sergey Andreev and Sergey Balandin and Yevgeni Koucheryavy",

booktitle = "Internet of Things, Smart Spaces, and Next Generation Networks and Systems - 20th International Conference, NEW2AN 2020 and 13th Conference, ruSMART 2020, Proceedings",

}

Kuzminykh, L, Ghita, B & Shiaeles, S 2020, Comparative analysis of cryptographic key management systems. in O Galinina, S Andreev, S Balandin & Y Koucheryavy (eds), Internet of Things, Smart Spaces, and Next Generation Networks and Systems - 20th International Conference, NEW2AN 2020 and 13th Conference, ruSMART 2020, Proceedings. Lecture Notes in Computer Science, vol. 12526, Springer, pp. 80-94, 20th International Conference on Next Generation Teletraffic and Wired/Wireless Advanced Networks and Systems, NEW2AN 2020 and 13th Conference on the Internet of Things and Smart Spaces, ruSMART 2020, St. Petersburg, Russian Federation, 26/08/20. https://doi.org/10.1007/978-3-030-65729-1_8

Comparative analysis of cryptographic key management systems. / Kuzminykh, Levgeniia; Ghita, Bogdan; Shiaeles, Stavros.
Internet of Things, Smart Spaces, and Next Generation Networks and Systems - 20th International Conference, NEW2AN 2020 and 13th Conference, ruSMART 2020, Proceedings. ed. / Olga Galinina; Sergey Andreev; Sergey Balandin; Yevgeni Koucheryavy. Springer, 2020. p. 80-94 (Lecture Notes in Computer Science; Vol. 12526).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Comparative analysis of cryptographic key management systems

AU - Kuzminykh, Levgeniia

AU - Ghita, Bogdan

AU - Shiaeles, Stavros

N1 - Funding Information: This project has received funding from the European Union Horizon 2020 research and innovation programme under grant agreement no. 786698 and no. 833673. This work reflects authors view and Agency is not responsible for any use that may be made of the information it contains. Publisher Copyright: © Springer Nature Switzerland AG 2020. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.

PY - 2020/12/22

Y1 - 2020/12/22

N2 - Managing cryptographic keys can be a complex task for an enterprise and particularly difficult to scale when an increasing number of users and applications need to be managed. In order to address scalability issues, typical IT infrastructures employ key management systems that are able to handle a large number of encryption keys and associate them with the authorized requests. Given their necessity, recent years have witnessed a variety of key management systems, aligned with the features, quality, price and security needs of specific organisations. While the spectrum of such solutions is welcome and demonstrates the expanding nature of the market, it also makes it time consuming for IT managers to identify the appropriate system for their respective company needs. This paper provides a list of key management tools which include a minimum set of features, such as availability of secure database for managing keys, an authentication, authorization, and access control model for restricting and managing access to keys, effective logging of actions with keys, and the presence of an API for accessing functions directly from the application code. Five systems were comprehensively compared by evaluating the attributes related to complexity of the implementation, its popularity, linked vulnerabilities and technical performance in terms of response time and network usage. These were Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp Vault was determined to be the most suitable system for small businesses.

AB - Managing cryptographic keys can be a complex task for an enterprise and particularly difficult to scale when an increasing number of users and applications need to be managed. In order to address scalability issues, typical IT infrastructures employ key management systems that are able to handle a large number of encryption keys and associate them with the authorized requests. Given their necessity, recent years have witnessed a variety of key management systems, aligned with the features, quality, price and security needs of specific organisations. While the spectrum of such solutions is welcome and demonstrates the expanding nature of the market, it also makes it time consuming for IT managers to identify the appropriate system for their respective company needs. This paper provides a list of key management tools which include a minimum set of features, such as availability of secure database for managing keys, an authentication, authorization, and access control model for restricting and managing access to keys, effective logging of actions with keys, and the presence of an API for accessing functions directly from the application code. Five systems were comprehensively compared by evaluating the attributes related to complexity of the implementation, its popularity, linked vulnerabilities and technical performance in terms of response time and network usage. These were Pinterest Knox, Hashicorp Vault, Square Keywhiz, OpenStack Barbican, and Cyberark Conjur. Out of these five, Hachicorp Vault was determined to be the most suitable system for small businesses.

KW - Cryptography

KW - Key distribution

KW - Key management service

KW - Secret handling

UR - http://www.scopus.com/inward/record.url?scp=85101972688&partnerID=8YFLogxK

UR - http://www.new2an.org/#/

U2 - 10.1007/978-3-030-65729-1_8

DO - 10.1007/978-3-030-65729-1_8

M3 - Conference contribution

AN - SCOPUS:85101972688

SN - 9783030657284

T3 - Lecture Notes in Computer Science

SP - 80

EP - 94

BT - Internet of Things, Smart Spaces, and Next Generation Networks and Systems - 20th International Conference, NEW2AN 2020 and 13th Conference, ruSMART 2020, Proceedings

A2 - Galinina, Olga

A2 - Andreev, Sergey

A2 - Balandin, Sergey

A2 - Koucheryavy, Yevgeni

PB - Springer

T2 - 20th International Conference on Next Generation Teletraffic and Wired/Wireless Advanced Networks and Systems, NEW2AN 2020 and 13th Conference on the Internet of Things and Smart Spaces, ruSMART 2020

Y2 - 26 August 2020 through 28 August 2020

ER -

Kuzminykh L, Ghita B, Shiaeles S. Comparative analysis of cryptographic key management systems. In Galinina O, Andreev S, Balandin S, Koucheryavy Y, editors, Internet of Things, Smart Spaces, and Next Generation Networks and Systems - 20th International Conference, NEW2AN 2020 and 13th Conference, ruSMART 2020, Proceedings. Springer. 2020. p. 80-94. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-65729-1_8

Comparative analysis of cryptographic key management systems

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this