Research On Key Management Technology Based On CASB

In recent years,cloud computing has been greatly promoted and applied in daily work and life,but the problem of safe storage of user data has become increasingly prominent.In order to solve the security risks in cloud services,Gartner proposed the concept of CASB(Cloud Access Security Broker)in 2012,and has been researched and explored by many domestic and foreign security companies in recent years.Currently,the CASB application market is mainly concentrated abroad,and it is estimated that 85% of large enterprises will use CASB by 2020.CASB is strictly a security policy enforcement point.It inserts security policies between the cloud platform and users when users access cloud resources.Key management technology is the core of the overall security policy.At present,there are few academic studies on the CASB system,and the research on related key management technologies is very rare.Therefore,the research of CASB-based key management technology not only helps CASB in China,but also makes up for the academic research gap in this field,and it also has great significance for solving the data security risks of cloud computing.The CASB system,the research of key management technology at home and abroad,and the related key management technology research in CASB products are analyzed.The demand of key management technology in CASB system is summarized.A key management system based on CASB is proposed.The key management service is mainly divided into a socket service and a web service.The proxy server in the CASB system communicates with the key management server through the socket service,and manages the life cycle of the key generation,splitting and reconstruction,distribution,and update.The web user interacts with the key management server through the web service to manage the lifecycle of the key,such as leaking,archiving,and destroying the key.Among them,the system designs and implements the key splitting and reconstruction based on the theory of threshold secret sharing.In addition,according to the CASBarchitecture,a new set of key distribution and update algorithm logic is designed and implemented.Moreover,the system manages the keys for different purposes,ensuring the order and scalability of the overall key management system.At present,the key management system has been integrated with the relevant CASB products.The test results show that the key management system has stable performance and can provide complete key lifecycle management functions.