Quantum cryptography for the benefit of API keys safety

Abstract

To cope with the unauthorized access to the cloud treasure of resources and services, several cloud service providers implement the API-based access control approach and grant thus a full authentication of any client application. Once called, each cloud API (Application Programming Interface) is required to authenticate through a secret access key, commonly termed API key. A plethora of security risks is associated with these keys whether during their generation, storage, or utilization. The hardware secure element-based proposal aims for an end-to-end security between a cloud service provider and a client application. To ensure a reliable and secure API key exchange, the concerned entities rely on Public Key Infrastructure (PKI). As soon as an adversary acquires an unbounded computing power, it would be easy to intercept the keys and then unlock the gate behind the valuables over the cloud. In this paper, we propose a revised scheme that discards the PKI and installs a quantum mechanism to mutually authenticate the secure element and the cloud service provider by establishing a set of shared keys. A pioneering absolute security of the presented approach is warranted by the principles of quantum physics. To analyze the security of the quantum technology, we establish a formal verification based on PRISM model checking tool. We outstandingly focus on satisfying two prominent properties: (i) both the parties engaged in the quantum protocol are able to detect any disallowed eavesdropping and (ii) the valid amount of information caught by an adversary on the installed key must be negligible.