Trust No One: Outsourcing Key Management to Untrusted Cloud Providers
13:55 - 14:15, 24 listopada 2025 / R&D
Management of cryptographic keys is the weakest link of system security: orchestrating storage, rotation, revocation, access control, etc. is a mess and difficult to get right.
This led to offloading this responsibility to external key management systems. When these systems are hosted in a cloud environment, say, for scalability and availability, an important question arises: who watches the watchers? How are cloud service providers held accountable when entrusted with the custody of their clients' keys?
In this talk, I will start with traditional approaches to this problem and move on to how we address it at Oktawave in the "Next Gen Cloud" IPCEI-CIS project.
POZIOM:
ŚCIEŻKA:
