Yang Shi, Mianhong Li, Wujing Wei, Yangyang Liu, Xiapu Luo
{"title":"云计算环境下安全高效的数据保护白盒加密方案","authors":"Yang Shi, Mianhong Li, Wujing Wei, Yangyang Liu, Xiapu Luo","doi":"10.1109/ISSRE52982.2021.00053","DOIUrl":null,"url":null,"abstract":"In cloud computing, since virtual machines (VMs) running on the same physical server share CPU caches, adversaries can exploit CPU's vulnerabilities to launch shared cache attacks (e.g., Spectre vulnerability) for illegally accessing sensitive data (e.g., key of symmetric encryption) on other VMs. Since it is difficult to fix such vulnerabilities, in this paper, we propose a novel solution that leverages two salient features of white-box encryption to protect data against such attacks: white-box encryption turns the keys and code into unintelligible programs; it is provably secure even if part of its critical data is accessed by adversaries. Although there are many white-box schemes, they cannot be used in our solution due to their limitations. Therefore, we propose a new white-box encryption scheme with highly efficient instances. These instances are parameterized, and can be configured according to the tradeoff between security margin and storage cost. Moreover, our scheme is provably secure in the space-hardness model. The evaluation shows that our solution works well in public clouds and outperforms other methods.","PeriodicalId":162410,"journal":{"name":"2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Secure and Efficient White-box Encryption Scheme for Data Protection against Shared Cache Attacks in Cloud Computing\",\"authors\":\"Yang Shi, Mianhong Li, Wujing Wei, Yangyang Liu, Xiapu Luo\",\"doi\":\"10.1109/ISSRE52982.2021.00053\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In cloud computing, since virtual machines (VMs) running on the same physical server share CPU caches, adversaries can exploit CPU's vulnerabilities to launch shared cache attacks (e.g., Spectre vulnerability) for illegally accessing sensitive data (e.g., key of symmetric encryption) on other VMs. Since it is difficult to fix such vulnerabilities, in this paper, we propose a novel solution that leverages two salient features of white-box encryption to protect data against such attacks: white-box encryption turns the keys and code into unintelligible programs; it is provably secure even if part of its critical data is accessed by adversaries. Although there are many white-box schemes, they cannot be used in our solution due to their limitations. Therefore, we propose a new white-box encryption scheme with highly efficient instances. These instances are parameterized, and can be configured according to the tradeoff between security margin and storage cost. Moreover, our scheme is provably secure in the space-hardness model. The evaluation shows that our solution works well in public clouds and outperforms other methods.\",\"PeriodicalId\":162410,\"journal\":{\"name\":\"2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISSRE52982.2021.00053\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSRE52982.2021.00053","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Secure and Efficient White-box Encryption Scheme for Data Protection against Shared Cache Attacks in Cloud Computing
In cloud computing, since virtual machines (VMs) running on the same physical server share CPU caches, adversaries can exploit CPU's vulnerabilities to launch shared cache attacks (e.g., Spectre vulnerability) for illegally accessing sensitive data (e.g., key of symmetric encryption) on other VMs. Since it is difficult to fix such vulnerabilities, in this paper, we propose a novel solution that leverages two salient features of white-box encryption to protect data against such attacks: white-box encryption turns the keys and code into unintelligible programs; it is provably secure even if part of its critical data is accessed by adversaries. Although there are many white-box schemes, they cannot be used in our solution due to their limitations. Therefore, we propose a new white-box encryption scheme with highly efficient instances. These instances are parameterized, and can be configured according to the tradeoff between security margin and storage cost. Moreover, our scheme is provably secure in the space-hardness model. The evaluation shows that our solution works well in public clouds and outperforms other methods.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
