Homepage Inria website
  • Inria login
  • The Inria's Research Teams produce an annual Activity Report presenting their activities and their results of the year. These reports include the team members, the scientific program, the software developed by the team and the new results of the year. The report also describes the grants, contracts and the activities of dissemination and teaching. Finally, the report gives the list of publications of the year.

  • Legal notice
  • Cookie management
  • Personal data
  • Cookies

Section: New Results

Proving the domain management protocol

Participants : José Bacelar Almeida [INESC TEC] , Manuel Barbosa [INESC TEC] , Gilles Barthe [IMDEA] , Benjamin Grégoire, Vitor Pereira [INESC TEC] , Bernardo Portela [INESC TEC] , Benedikt Schmidt [Google Inc.] , François-Xavier Standaert [Université Catholique de Louvain] , Pierre-Yves Strub [Ecole Polytechnique] .

We have performed a machine-checked proof of security for the domain management protocol of Amazon Web Services KMS (Key Management Service), a critical security service used throughout AWS and by AWS customers. Domain management is at the core of KMS; it governs the long-term keys that anchor the security of encryption services at AWS. Informally, we show that the protocol securely implements a distributed encryption mechanism. Formally, the proof shows that the domain management protocol is indistinguishable from an ideal encryption functionality under standard cryptographic assumptions.