Section: New Results
Proving the domain management protocol
Participants : José Bacelar Almeida [INESC TEC] , Manuel Barbosa [INESC TEC] , Gilles Barthe [IMDEA] , Benjamin Grégoire, Vitor Pereira [INESC TEC] , Bernardo Portela [INESC TEC] , Benedikt Schmidt [Google Inc.] , François-Xavier Standaert [Université Catholique de Louvain] , Pierre-Yves Strub [Ecole Polytechnique] .
We have performed a machine-checked proof of security for the domain management protocol of Amazon Web Services KMS (Key Management Service), a critical security service used throughout AWS and by AWS customers. Domain management is at the core of KMS; it governs the long-term keys that anchor the security of encryption services at AWS. Informally, we show that the protocol securely implements a distributed encryption mechanism. Formally, the proof shows that the domain management protocol is indistinguishable from an ideal encryption functionality under standard cryptographic assumptions.