Abstract | ||
---|---|---|
Software based cryptographic services are subject to various memory attacks that expose sensitive keys. This poses serious threats to data confidentiality of the stakeholder. Recent research has made progress in safekeeping these keys by employing isolation at all levels. However, all of them depend on the security of the operating system (OS), which is extremely hard to guarantee in practice. To solve this problem, this work designs a virtual hardware cryptographic token with the help of virtualization technology. By pushing cryptographic primitives to ring -1, sensitive key materials are never exposed to the guest OS, thus confidentiality is retained even if the entire guest OS is compromised. The prototype implements the RSA algorithm on KVM and we have developed the corresponding driver for the Linux OS. Experimental results validate that our implementation leaks no copy of any sensitive material in the "guest-physical" address space of the guest OS. Meanwhile, nearly 1,000 2048-bit RSA private requests can be served per second. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1007/978-3-319-23802-9_22 | Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering |
Keywords | Field | DocType |
Virtual cryptographic token,KVM,Virtio | Virtualization,Address space,Confidentiality,Cryptography,Computer science,Computer security,Hypervisor,Cryptographic primitive,Software,Security token | Conference |
Volume | ISSN | Citations |
153 | 1867-8211 | 1 |
PageRank | References | Authors |
0.37 | 12 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Guan Le | 1 | 38 | 10.01 |
Fengjun Li | 2 | 233 | 23.55 |
Jiwu Jing | 3 | 234 | 39.34 |
Jing Wang | 4 | 26 | 1.81 |
ZiQiang Ma | 5 | 1 | 0.37 |