Section: New Results

Security of a key management service

Participants : Benjamin Grégoire, José Bacelar Almeida [INESC TEC] , Manuel Barbosa [INESC TEC] , Gilles Barthe [IMDEA] , Matthew Campagna [AWS] , Vitor Pereira [INESC TEC] , Bernardo Portela [INESC TEC] , Pierre-Yves Strub [Ecole Polytechnique] , Serdar Tasiran [AWS] .

We have developed a machine-checked proof of security for the domain management protocol of Amazon Web Services’ KMS (Key Management Service) a critical security service used throughout AWS and by AWS customers. Domain management is at the core of AWS KMS; it governs the toplevel keys that anchor the security of encryption services at AWS. We show that the protocol securely implements an ideal distributed encryption mechanism under standard cryptographic assumptions. The proof is machine-checked in the EasyCrypt proof assistant and is the largest EasyCrypt development to date. This work corresponds to a contract with AWS and has been published in a major computer security conference [3].