vTPM-SM: An Application Scheme of SM2/SM3/SM4 Algorithms Based on Trusted Computing in Cloud Environment

Q1 Computer Science

IEEE Cloud Computing Pub Date : 2022-07-01 DOI:10.1109/CLOUD55607.2022.00058

Min Zhou, Shuhua Ruan, Junwei Liu, Xingshu Chen, Miaomiao Yang, Qixu Wang

{"title":"vTPM-SM: An Application Scheme of SM2/SM3/SM4 Algorithms Based on Trusted Computing in Cloud Environment","authors":"Min Zhou, Shuhua Ruan, Junwei Liu, Xingshu Chen, Miaomiao Yang, Qixu Wang","doi":"10.1109/CLOUD55607.2022.00058","DOIUrl":null,"url":null,"abstract":"Numbers of applications and businesses are hosted on cloud computing platforms, and it is essential for cloud tenants to protect their data through encryption or other methods. When tenants use encryption algorithms provided by software, they are bound to face the defect that keys are not protected by hardware. Trusted computing technology can securely store the key in the hardware device. However, the hardware TPM cannot provide services for multiple VMs simultaneously. The virtual trusted computing technology virtualizes the TPM and can assign vTPM to each VM. Currently, vTPM only supports RSA, ECDSA, SHA256, and AES algorithms, et al. Relevant studies have shown that SM2/SM3/SM4 algorithms are more secure than ECDSA/SHA256/AES. In order to cope with the limitations of the cryptographic algorithms supported by vTPM, we design the vTPM-SM scheme to provide a secure and reliable SM2/SM3/SM4 algorithm application method for cloud environments. Experiments show that vTPM-SM can effectively realize the VM using Chinese commercial cryptographic algorithms through vTPM. Compared with the existing scheme, using SM2/SM3/SM4 algorithm reduces the time overhead by about 31.6%, 83.3% and 15.5%, respectively.","PeriodicalId":54281,"journal":{"name":"IEEE Cloud Computing","volume":"140 1","pages":"351-356"},"PeriodicalIF":0.0000,"publicationDate":"2022-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CLOUD55607.2022.00058","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Computer Science","Score":null,"Total":0}

引用次数: 2

Abstract

Numbers of applications and businesses are hosted on cloud computing platforms, and it is essential for cloud tenants to protect their data through encryption or other methods. When tenants use encryption algorithms provided by software, they are bound to face the defect that keys are not protected by hardware. Trusted computing technology can securely store the key in the hardware device. However, the hardware TPM cannot provide services for multiple VMs simultaneously. The virtual trusted computing technology virtualizes the TPM and can assign vTPM to each VM. Currently, vTPM only supports RSA, ECDSA, SHA256, and AES algorithms, et al. Relevant studies have shown that SM2/SM3/SM4 algorithms are more secure than ECDSA/SHA256/AES. In order to cope with the limitations of the cryptographic algorithms supported by vTPM, we design the vTPM-SM scheme to provide a secure and reliable SM2/SM3/SM4 algorithm application method for cloud environments. Experiments show that vTPM-SM can effectively realize the VM using Chinese commercial cryptographic algorithms through vTPM. Compared with the existing scheme, using SM2/SM3/SM4 algorithm reduces the time overhead by about 31.6%, 83.3% and 15.5%, respectively.

查看原文本刊更多论文

基于可信计算的SM2/SM3/SM4算法在云环境中的应用方案

许多应用程序和企业托管在云计算平台上，云租户必须通过加密或其他方法保护他们的数据。当租户使用软件提供的加密算法时，必然会面临密钥不受硬件保护的缺陷。可信计算技术可以将密钥安全地存储在硬件设备中。硬件TPM无法同时为多个虚拟机提供服务。虚拟可信计算技术将TPM进行虚拟化，可以为每个虚拟机分配vTPM。目前，vTPM只支持RSA、ECDSA、SHA256、AES等算法。相关研究表明，SM2/SM3/SM4算法比ECDSA/SHA256/AES更安全。为了应对vTPM所支持的加密算法的局限性，我们设计了vTPM- sm方案，为云环境提供了一种安全可靠的SM2/SM3/SM4算法应用方法。实验表明，vTPM- sm通过vTPM可以有效地实现使用中国商用加密算法的虚拟机。与现有方案相比，采用SM2/SM3/SM4算法分别减少了约31.6%、83.3%和15.5%的时间开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Cloud Computing Computer Science-Computer Networks and Communications

CiteScore

11.20

自引率

0.00%

发文量

期刊介绍： Cessation. IEEE Cloud Computing is committed to the timely publication of peer-reviewed articles that provide innovative research ideas, applications results, and case studies in all areas of cloud computing. Topics relating to novel theory, algorithms, performance analyses and applications of techniques are covered. More specifically: Cloud software, Cloud security, Trade-offs between privacy and utility of cloud, Cloud in the business environment, Cloud economics, Cloud governance, Migrating to the cloud, Cloud standards, Development tools, Backup and recovery, Interoperability, Applications management, Data analytics, Communications protocols, Mobile cloud, Private clouds, Liability issues for data loss on clouds, Data integration, Big data, Cloud education, Cloud skill sets, Cloud energy consumption, The architecture of cloud computing, Applications in commerce, education, and industry, Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Business Process as a Service (BPaaS)