Key Management Service Update
고객의 중요 정보 암호화에 사용된 키를 고객이 설정한 보안 정책에 따라 엄격히 관리하고 안전하게 보호할 수 있습니다.
Safe Protection and Management of the Data Encryption Key
Key Management Service provides various features to closely and safely protect encryption keys for your convenience.
Protect your encryption key using the convenient management features of Key Management Service
- Hierarchical Key Management
- Encryption key management is vital for data protection. Key Management Service allows hierarchical management of the keys for a safe management of encryption keys. Protect up to 32KB of credentials using the master key (MK) managed by Key Management Service.
- Compliance of Key Management Standards
- Key Management Service manages keys according to domestic and foreign encryption key management standards. Key Management Service blocks the sources of all unauthorized access according to the access control policy standards set by the customer, and guarantees confidentiality and integrity of the system according to the root key management process that is physically isolated for enhanced security.
- Easy Management Feature
- You can easily manage permissions on the key by linking with subaccount management. On top of that, you can set the periodic key rotation according to the recommended standard of encryption and perform key audit using the key usage history monitoring feature. You can also manage the life cycle of the encryption key using the status management feature.
- High Availability Infrastructure with Safety
- Key Management Service operates on a high availability system designed for a reliable service. The locally distributed system guarantees a reliable service under any environment and has added safety by blocking all unauthorized access via the internal encryption.
NAVER CLOUD PLATFORM Key Management Service provides various features to provide an easy solution for encrypted key protection. Using
Key Management Service, you can easily take care of key management, such as creation, rotation, status management, or disposal. You
can utilize the strict management procedure for the protection of encryption keys or up to 32KB of credentials.
In addition, you can easily implement hierarchical key management by using the key, which is the safety managed in the cloud system, as the master key.
Overview of Data Encryption · Decryption using NAVER CLOUD PLATFORM Key Management Service
Customers who need Key Management Service
- All developers in need of a safe data protection using encryption and a safe key management process.
- Security administrators and auditors in need of easy and convenient management features, such as setting key permissions or viewing usage history.
Use of Key: Protection of Credentials
Key Management Service protects not only keys but also all credentials that require guarantee of confidentiality. Here, credential refers to all cryptographic data required for data protection, such as DK and password. With Key Management Service, you can safely protect DK and credentials. MK uses the AES256 encryption of symmetric key method to protect credentials of up to 32KB.
Use of Key: Signature and Verification
For public key encryption method, the signature and verification feature for authentication and non-repudiation is difficult to implement together with the management of private keys. However, if you create a Key Management Service management key with ECDSA, you can easily gain signature and verification value of up to 8KB.
Access Control by Each Key
Key Management Service carries out the role-based access control (RBAC) based on the role policy for each key. You can set up access control on the key by assigning roles for key usage on the subaccount. Try assigning the roles for key usage based on the minimum permissions rule.
Key Life Cycle
Encryption keys must be managed based on a consistent standard. It must be renewed by rotating on a fixed cycle and the keys that are no longer in use must be disabled or discarded as a means to prevent against an encryption based attack. Key Management Service provides features for easy manage of status for each key.
Detailed Features of Hierarchical Key Management
Hierarchical management is important for a safe key management. In the NAVER CLOUD PLATFORM Key Management Service, the encrypted data is called a data key (DK) and a key that has encrypted DK is called a master key (MK). Manage your MK with Key Management Service. With Key Management Service, you can easily implement the safe 'envelope encryption' method. Also the internal system key of a customer, called a root key, is used for management in a strictly encrypted condition.
Strict Internal Access Control
If a system handles sensitive information, it must also be prepared against a possible threat by internal administrators. Key Management Service is prepared for such events by partitioning system root keys and storing it an isolated location. As it is impossible to calculate the root key of system with a portion of the partitioned keys, this method provides a strong protection measure against internal threats.
Periodic audit and management carried out by an expert is essential for the safe usage of keys. All requests on keys are recorded immediately and the users with the permission on key audit can monitor the history of key usage anytime.
One of the purposes of Key Management Service is to provide a feature to suitable implement data encryption and decryption. With Key Management Service, users with the key usage permissions can make the REST API calls for operations, such as encryption/decryption, encrypted data renewal, or data key request for the keys managed in Key Management Service.
- Internal System Protection: AES256 GCM mode
- Credential Protection: AES256 GCM mode
- Signature: ECDSA p256 curve, RSA 2048/4096 (scheduled)
Key Management Service usage fee will be charged by combining the monthly usage fee based on the number of keys owned and the number of key calls.
|Charge (Monthly)||Unit||Usage Fee (KRW)|
|Monthly Usage Fee Based on the No. of Keys Owned||No. of keys owned||1,000 KRW/month|
|Monthly Usage Fee Based on the No. of Key Calls||No. of key calls (10,000 calls)||Under 20,000 calls/month: free|
|Over 20,000 calls/month: 30 KRW/month per 10,000 calls|
- The number of key calls is not carried forward to the following month.
- Pricing will be implemented based on Korea Standard Time (UTC+9).
Case 1) If Key 1 is owned from Sept 1-5 and Key 2 is owned from Sept 1-20,
→ 833 KRW = 5 days / 30 days x 1000 KRW + 20 days /30 days x 1000 KRW
Case 2) If Key 1 is called 15,000 times and Key 2 is called 10,000 times in the same month,
→ 30 KRW = Rounded up to the nearest 10,000 on the calculation (15,000 calls on Key 1 + 10,000 calls on Key 2 - 20,000 Free Calls) to result in 5,000 Calls / 10,000 X 30 KRW