A Machine-Checked Proof of Security for AWS Key Management Service
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security - CCS '19
We present a machine-checked proof of security for the domain management protocol of Amazon Web Services' KMS (Key Management Service) a critical security service used throughout AWS and by AWS customers. Domain management is at the core of AWS KMS; it governs the top-level keys that anchor the security of encryption services at AWS. We show that the protocol securely implements an ideal distributed encryption mechanism under standard cryptographic assumptions. The proof is machine-checked in
... e EasyCrypt proof assistant and is the largest EasyCrypt development to date. CCS CONCEPTS • Security and privacy → Key management; Logic and verification. 1 Within AWS KMS, the DMP is used only to encrypt and decrypt customer master keys, the roots of the customer key hierarchies. The use of these master keys, and the design of KMS (outside of the DMP itself) is described in  . Allowing Dishonest Domains. The DMP presented here allows dishonest domains to share entities with honest domains. In AWS KMS, this is prevented by having HSMs cache domain states, and 9 This corresponds to a domain creation request in AWS KMS. 10 Commands are in fact issued by first obtaining an ephemeral symmetric key token generated by an HSM of the trust, with the plaintext key decryptable only using either a domain key or by the host requesting the token. We do not describe this communication mechanism in this paper. 11 Again, AWS KMS caches domain tokens, rather than them being explicitly provided for updates; the DMP proof shows that this caching is not needed for the current security proof.