Space-Hard Obfuscation Against Shared Cache Attacks and its Application in Securing ECDSA for Cloud-Based Blockchains

IF 5.3 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Cloud Computing Pub Date : 2024-04-01 DOI:10.1109/TCC.2024.3383661

Yang Shi;Yimin Li;Tianyuan Luo;Xiong Jiang;Bowen Du;Hongfei Fan

{"title":"Space-Hard Obfuscation Against Shared Cache Attacks and its Application in Securing ECDSA for Cloud-Based Blockchains","authors":"Yang Shi;Yimin Li;Tianyuan Luo;Xiong Jiang;Bowen Du;Hongfei Fan","doi":"10.1109/TCC.2024.3383661","DOIUrl":null,"url":null,"abstract":"In cloud computing environments, virtual machines (VMs) running on cloud servers are vulnerable to shared cache attacks, such as Spectre and Foreshadow. By exploiting memory sharing among VMs, these attacks can compromise cryptographic keys in software modules. Program obfuscation serves as a promising countermeasure against key compromises by transforming a program into an unintelligent form while preserving its functionality. Unfortunately, for certain cryptographic algorithms such as the digital signature schemes, it is extremely difficult to construct provably secure obfuscators using traditional obfuscation approaches. To address such a challenge, this study proposes a novel approach to construct obfuscators for cryptographic algorithms named space-hard obfuscation, which can mitigate the threats from adversaries with the capability of acquiring a limited size of memory in shared cache attacks. Considering the extensive use of the Elliptic Curve Digital Signature Algorithm (ECDSA) in cloud-based Blockchain-as-a-Service (BaaS) and its potential vulnerability to shared cache attacks, we construct an exemplary scheme with provable security using space-hard obfuscation for ECDSA. Experimental results have demonstrated the scheme's high efficiency on cloud servers, as well as its successful integration with Hyperledger Fabric and Ethereum, two widely used blockchain systems.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"12 2","pages":"625-643"},"PeriodicalIF":5.3000,"publicationDate":"2024-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cloud Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10487030/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In cloud computing environments, virtual machines (VMs) running on cloud servers are vulnerable to shared cache attacks, such as Spectre and Foreshadow. By exploiting memory sharing among VMs, these attacks can compromise cryptographic keys in software modules. Program obfuscation serves as a promising countermeasure against key compromises by transforming a program into an unintelligent form while preserving its functionality. Unfortunately, for certain cryptographic algorithms such as the digital signature schemes, it is extremely difficult to construct provably secure obfuscators using traditional obfuscation approaches. To address such a challenge, this study proposes a novel approach to construct obfuscators for cryptographic algorithms named space-hard obfuscation, which can mitigate the threats from adversaries with the capability of acquiring a limited size of memory in shared cache attacks. Considering the extensive use of the Elliptic Curve Digital Signature Algorithm (ECDSA) in cloud-based Blockchain-as-a-Service (BaaS) and its potential vulnerability to shared cache attacks, we construct an exemplary scheme with provable security using space-hard obfuscation for ECDSA. Experimental results have demonstrated the scheme's high efficiency on cloud servers, as well as its successful integration with Hyperledger Fabric and Ethereum, two widely used blockchain systems.

查看原文本刊更多论文

针对共享缓存攻击的空间硬混淆及其在确保基于云的区块链 ECDSA 安全中的应用

在云计算环境中，云服务器上运行的虚拟机（VM）很容易受到共享缓存攻击，如 Spectre 和 Foreshadow。通过利用虚拟机之间的内存共享，这些攻击可以破坏软件模块中的加密密钥。程序混淆是防止密钥泄露的有效对策，它能在保留程序功能的同时，将程序转换为非智能形式。遗憾的是，对于某些加密算法（如数字签名方案），使用传统的混淆方法构建可证明安全的混淆器极为困难。为了应对这一挑战，本研究提出了一种新的方法来构建加密算法的混淆器，并将其命名为 "空间硬混淆"（space-hard obfuscation），这种方法可以在共享缓存攻击中减轻来自有能力获取有限大小内存的对手的威胁。考虑到椭圆曲线数字签名算法（ECDSA）在基于云的区块链即服务（BaaS）中的广泛应用及其在共享缓存攻击中的潜在脆弱性，我们利用空间硬混淆为ECDSA构建了一个具有可证明安全性的示例方案。实验结果表明了该方案在云服务器上的高效性，以及它与 Hyperledger Fabric 和 Ethereum 这两个广泛使用的区块链系统的成功集成。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Cloud Computing Computer Science-Software

CiteScore

9.40

自引率

6.20%

发文量

167

期刊介绍： The IEEE Transactions on Cloud Computing (TCC) is dedicated to the multidisciplinary field of cloud computing. It is committed to the publication of articles that present innovative research ideas, application results, and case studies in cloud computing, focusing on key technical issues related to theory, algorithms, systems, applications, and performance.