|
|
Long-term Cloud Storage Security
Wojnar, Filip ; Dzurenda, Petr (oponent) ; Malina, Lukáš (vedoucí práce)
The primary focus of the thesis is the topic of the long-term security of cloud-based archive storage. It delves into the key management lifecycle terms and principles outlined by NIST to establish a robust key management system. The concluding section of the initial chapter examines state of art options for Key Management Systems, covering industry giant like Amazon Web Services Key Management Services to open-source alternative called Hashicorp Vault. The second chapter of the thesis is dedicated to Post-Quantum Safe Cryptography, exploring the NIST standardization process for Post-Quantum Cryptography (PQC). Within this realm, the thesis compares seven algorithms that successfully reached the final round of consideration, ultimately selecting Crystals-Dilithium for Digital Signa- ture Algorithm (DSA) and Crystals-Kyber for Key Encapsulation Mechanism (KEM) as the most effective performers based on CPU time they require for their cryptographic operations. The third chapter outlines the existing cloud-based archive system at BUT (Brno University of Technology) and proposes an initial cryptographic scheme for key management within this virtualized environment. This includes master key pair generation, data key pair generation, data at rest encryption, data at rest decryption, resource sharing, key rotation, key recovery and key revocation. Finally the fourth chapter gets into nuances of implementation realized in this thesis and reviews the effectiveness of the solution with benchmarks focused on newly added cryptographic functionality of realized post-quantum safe key management.
|
host ::
RSS.