Extending TLS with KMIP protocol for cloud computing

Source of Publication

2016 8th IFIP International Conference on New Technologies, Mobility and Security, NTMS 2016


© 2016 IEEE. Any information system using encryption tends to have its own key management infrastructure. In practice, we find a separate key management systems dedicated to application encryption, or database encryption, or file encryption etc. This emergent needs to several key management systems and multiple cryptographic algorithms are resolved by the new Key Management Interoperability Protocol (KMIP). This work specifies how the Key Management Interoperability Protocol (KMIP) can be included in Transport Layer Security (TLS) protocol in order to provide additional security features, flexibility, interoperability and authentication specially in distributed systems like Cloud Computing. Till now, authentication in TLS is limited to digital certificate and Kerberos. In this paper, we use the Key Management Interoperability Protocol to make an additional authentication option for TLS and we reduce handshake latency to 0-RTT for repeated handshakes and 1-RTT for full handshakes. We specify also the KMIP-TLS extension and its formal validation with AVISPA tool.

Document Type

Conference Proceeding



Publication Date