Reputation: 798
How is AWS KMS more secure than traditional method of storing keys?
So I read this
Traditionally, keys have been managed in haphazard ways, from SCP-ing
keys around your instances to baking them into machine images. The safe
way to manage high-value keys has been to employ dedicated Hardware
Security Modules (HSMs), either on-premise or with the AWS CloudHSM
service. In either case, HSMs are expensive and hard to use.
I believe KMS is the same concept of using an HSM. From what I understand instead of hiding/securing the key you are using the KSM "vault" and sending your data to it to get encrypted and the decryptor does the same.
So doesn't it all boil down to this: instead of securing the keys, now we have to secure access to our KSM store? I don't understand how that is better. Someone else can get access to my KMS as easily as they get access to my key is that not so?
I am just trying to understand the benefit of this system (and hsm) in it's simplest form (disregarding envelope encryption for now
Upvotes: 1
Views: 711
Answers (1)
Reputation: 15599
Access to a HSM is timebound. If you lose your keys, anybody that has them can encrypt/decrypt data, produce signatures or perform any other cryptography as long as they want. Of course you can revoke a certificate, but that does not affect a key in many cases (for example it is still good for decryption after certificate revocation).
If you use a HSM, when you discover access compromise, you can disable the attacker's access to the HSM very quickly, and no further data is compromised. Of course the attacker can fully use your keys as long as they have access to the HSM, but not afterwards.
Also securing and equally importantly, auditing access to a HSM is much easier than to a key stored somewhere else. As a key never leaves a HSM, you don't have to care about auditing things like copied key usage (practically impossible) - you have information on exactly who accessed what key, for what purpose. You can grant and revoke such access at will.
A HSM usually provides other aspects of key management as well, for example key distribution may become much easier.
So yes, of course you still need to guard access to the HSM and contained keys. But for the reasons above, it still makes key management much more secure if used properly.
Upvotes: 6
Related Questions
- Difference between KMS encryption and S3 SSE
- Amazon S3 Bucket Encryptions - KMS vs AES256
- Isn't the key used in KMS in data encryption in AWS RDS accessible to Amazon?
- Does using an AWS KMS-managed customer master key provide end-to-end encryption?
- AWS what is the difference between KMS and Secret Manager
- What benefit is KMS s3 encryption in terms of security if IAM is already controlling access?
- Why doesn't AWS KMS encrypt/decrypt need data key?
- Disadvantage of using Amazon KMS to encrypt / decrypt small application data
- Key Management Services
- What is the purpose of encrypting data at rest with AWS KMS?