EncSwift and Key Management: An Integrated Approach in an Industrial Setting
Enrico Bacis, Marco Rosa, Ali Sajjad
In Proceedings of the 5th IEEE Conference on Communications and Network Security (CNS), Las Vegas, USA
The use of cloud technology is continually expanding. Yet, in many scenarios the adoption of an external cloud service provider may be a worry for data confidentiality since it leads to a partially loss of control over data. One of the solutions for letting users put trust in a provider is the use of encryption to protect data. EncSwift [1] is a solution that provides transparent support for the encryption of objects stored on OpenStack based providers, adopting Barbican, the OpenStack secret storage, as a key manager. In this work we introduce a new key manager, BT KMS, already adopted in industrial systems, that offers a large set of features, and that it is designed to be flexible, transparent, and scalable. Moreover, we analyze the possibility of integration between the BT KMS and the EncSwift approach, and provide an architectural overview of this new integrated system.