Authors:
Florian Reimair
;
Peter Teufl
and
Thomas Zefferer
Affiliation:
Graz University of Technology, Austria
Keyword(s):
Cloud Security, Central Cryptographic Solutions, Advanced Cryptographic Protocols, Heterogeneous Applications, Mobile Devices.
Related
Ontology
Subjects/Areas/Topics:
Internet Technology
;
Mobile Cloud
;
Mobile Information Systems
;
Web Information Systems and Technologies
;
Web Security and Privacy
Abstract:
Today’s applications need to work with a heterogeneous collection of platforms. Servers, desktops, mobile
devices, and web browsers share data and workload. Many of these applications handle sensitive data or even
have security as their core feature. Secure messaging, password storage, encrypted cloud storage applications
or alike make use of cryptographic algorithms and protocols. These algorithms and protocols require keys.
The keys in turn have to be provisioned, securely stored, and shared between various devices. Unfortunately,
handling the keys and the availability of cryptographic APIs evokes non-trivial challenges in current heterogeneous
platform environments. Also, the implementation of APIs supporting cryptographic protocols on
arbitrary platforms require significant effort, which is a major challenge when new cryptographic protocols
become available. Our approach, the Crypto Service Interoperability Layer (CrySIL), enables applications to
securely store/use/share key mate
rial and supports a wide range of cryptographic protocols and algorithms on
heterogeneous platforms. CrySIL complements existing solutions that mitigate the aforementioned problems
through central services by allowing for more flexible deployment scenarios. In this work, we explain the motivation
of CrySIL, describe its architecture, highlight its deployment in a typical heterogeneous application
use case and reflect on achievements and shortcomings.
(More)