Skip to main content
SpringerLink
Log in

virtio-ct: A Secure Cryptographic Token Service in Hypervisors

  • Conference paper
  • First Online:
International Conference on Security and Privacy in Communication Networks (SecureComm 2014)

Abstract

Software based cryptographic services are subject to various memory attacks that expose sensitive keys. This poses serious threats to data confidentiality of the stakeholder. Recent research has made progress in safekeeping these keys by employing isolation at all levels. However, all of them depend on the security of the operating system (OS), which is extremely hard to guarantee in practice. To solve this problem, this work designs a virtual hardware cryptographic token with the help of virtualization technology. By pushing cryptographic primitives to ring -1, sensitive key materials are never exposed to the guest OS, thus confidentiality is retained even if the entire guest OS is compromised. The prototype implements the RSA algorithm on KVM and we have developed the corresponding driver for the Linux OS. Experimental results validate that our implementation leaks no copy of any sensitive material in the “guest-physical” address space of the guest OS. Meanwhile, nearly 1,000 2048-bit RSA private requests can be served per second.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Chow, J., Pfaff, B., Garfinkel, T., Rosenblum, M.: Shredding your garbage: reducing data lifetime through secure deallocation. In: 14th USENIX Security Symposium (2005)

    Google Scholar 

  2. The MITRE Corporation, CWE-226: Sensitive information uncleared before release (2013). https://cwe.mitre.org/data/definitions/226.html

  3. The MITRE Corporation, CWE-212: Improper cross-boundary removal of sensitive data (2013). https://cwe.mitre.org/data/definitions/212.html

  4. Tang, Y., Ames, P., Bhamidipati, S., Bijlani, A., Geambasu, R., Sarda, N.: Cleanos: Limiting mobile data exposure with idle eviction. In: 10th USENIX Symposium on Operating Systems Design and Implementation (OSDI 12), Hollywood, CA, pp. 77–91 (2012)

    Google Scholar 

  5. National Vulnerability Database, CVE-2014-0160. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

  6. Engler, D., Chen, D., Hallem, S., Chou, A., Chelf, B.: Bugs as deviant behavior: a general approach to inferring errors in systems code. In: 18th ACM Symposium on Operating Systems Principles, pp. 57–72 (2001)

    Google Scholar 

  7. Lafon, M., Francoise, R.: CAN-2005-0400: Information leak in the Linux kernel ext2 implementation (2005). http://www.securiteam.com

  8. Guninski, G.: Linux kernel 2.6 fun, Windoze is a joke (2005). http://www.guninski.com

  9. Desmedt, Y.G., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)

    Google Scholar 

  10. Itkis, G., Reyzin, L.: SiBIR: signer-base intrusion-resilient signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Parker, T.P., Xu, S.: A method for safekeeping cryptographic keys from memory disclosure attacks. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 39–59. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  12. Mavrogiannopoulos, N., Trmač, M., Preneel, B.: A linux kernel cryptographic framework: decoupling cryptographic keys from applications. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, ser. SAC 2012, pp. 1435–1442 (2012)

    Google Scholar 

  13. Safe Net, Luna g5 usb-attached hsm. http://www.safenet-inc.com/data-encryption/hardware-security-modules-hsms/luna-hsms-key-management/luna-G5-usb-attached-hsm/. Accessed July 2014

  14. Kernel Based Virtual Machine. http://www.linux-kvm.org/page/Main_Page

  15. QEMU open source processor emulator. http://wiki.qemu.org/Main_Page

  16. Russell, R.: Virtio: towards a De-facto standard for virtual I/O devices. SIGOPS Oper. Syst. Rev. 42(5), 95–103 (2008)

    Article  Google Scholar 

  17. Halderman, J., Schoen, S., Heninger, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Appelbaum, J., Felten, E.: Lest we remember: cold boot attacks on encryption keys. In: 17th USENIX Security Symposium, pp. 45–60 (2008)

    Google Scholar 

  18. Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: 15th USENIX Security Symposium, vol. 15 (2006)

    Google Scholar 

  19. Intel Corporation, Intel software guard extensions. https://software.intel.com/en-us/intel-isa-extensions#pid-19539-1495. Accessed July 2014

  20. Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. SIGOPS Oper. Syst. Rev. 37(5), 164–177 (2003)

    Article  Google Scholar 

  21. Shinagawa, T., Eiraku, H., Tanimoto, K., Omote, K., Hasegawa, S., Horie, T., Hirano, M., Kourai, K., Oyama, Y., Kawai, E., Kono, K., Chiba, S., Shinjo, Y., Kato, K.: Bitvisor: a thin hypervisor for enforcing i/o device security. In: Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, pp. 121–130 (2009)

    Google Scholar 

  22. Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701–716 (2005)

    Article  Google Scholar 

  23. Virtual Network Computing. http://www.realvnc.com/

  24. SPICE: Simple Protocol for Indenpendent Enviroment. http://www.spice-space.org/

  25. Heninger, N., Feldman, A.: RSAKeyFinder. https://citp.princeton.edu/research/memory/code/

  26. Garmany, B., Müller, T.: PRIME: private RSA infrastructure for memory-less encryption. In: 29th Annual Computer Security Applications Conference (2013)

    Google Scholar 

  27. Guan, L., Lin, J., Luo, B., Jing, J.: Copker: Computing with private keys without RAM. In: 21st ISOC Network and Distributed System Security Symposium (2014)

    Google Scholar 

  28. RSA Laboratories, PKCS#11: Cryptographic Token Interface Standard. http://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-11-cryptographic-token-interface-standard.htm

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers for their helpful suggestions and valuable comments. Le Guan, Jiwu Jing, Jing Wang and Ziqiang Ma were partially supported by National 973 Program of China under award No. 2014CB340603. Fengjun Li was partially supported by NSF under Award No. EPS0903806 and matching support from the State of Kansas through the Kansas Board of Regents, and the University of Kansas Research Investment Council Strategic Initiative Grant (INS0073037).

Author information

Authors and Affiliations

  1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Le Guan, Jiwu Jing, Jing Wang & Ziqiang Ma

  2. Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing, China

    Le Guan, Jiwu Jing, Jing Wang & Ziqiang Ma

  3. University of Chinese Academy of Sciences, Beijing, China

    Le Guan

  4. Department of Electrical Engineering and Computer Science, The University of Kansas, Lawrence, USA

    Fengjun Li

Authors
  1. Le Guan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fengjun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiwu Jing
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jing Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ziqiang Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Le Guan .

Editor information

Editors and Affiliations

  1. CAS, Institute of Information Engineering, Beijing, China

    Jin Tian

  2. Institute of Information Engineering, Beijing, China

    Jiwu Jing

  3. IBM Thomas J. Watson Research Center, New York, New York, USA

    Mudhakar Srivatsa

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Guan, L., Li, F., Jing, J., Wang, J., Ma, Z. (2015). virtio-ct: A Secure Cryptographic Token Service in Hypervisors. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 153. Springer, Cham. https://doi.org/10.1007/978-3-319-23802-9_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23802-9_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23801-2

  • Online ISBN: 978-3-319-23802-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation