Securing Cryptographic Keys in the IaaS Cloud Model

B. Albelooshi; K. Salah; T. Martin; E. Damiani

doi:10.1109/UCC.2015.64

Securing Cryptographic Keys in the IaaS Cloud Model

B. Albelooshi, K. Salah, T. Martin, E. Damiani

Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Scopus citations

Abstract

Infrastructure-as-a-Service (IaaS) is a widespread cloud computing provisioning model where ICT infrastructure, including servers, storage and networking, is supplied on-demand, in a pay-as-you-go fashion. IaaS cloud providers give their clients virtual machines (VMs) that are controlled by cloud administrators who can run, stop, restore and migrate the VMs. A typical threat to IaaS is unauthorized access of untrustworthy administrators to cloud users' sensitive information residing in VMs' memory. In this paper we focus on the threat of users' cryptographic keys being stolen from the RAM of the VM they provision. We propose a decrypt-scatter/gather-decrypt technique that allows users to carry our encryption/decryption while protecting keys from unauthorized peeks on the part of cloud administrators. Our technique does not require modification to the current cloud architecture, but only the availability of a Trusted Platform Module (TPM) capable of creating and holding a TPM-protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption/decryption on behalf of data owners.

Original language	British English
Title of host publication	Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015
Editors	Omer Rana, Rajkumar Buyya, Ioan Raicu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	397-401
Number of pages	5
ISBN (Electronic)	9780769556970
DOIs	https://doi.org/10.1109/UCC.2015.64
State	Published - 2015
Event	8th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2015 - Limassol, Cyprus Duration: 7 Dec 2015 → 10 Dec 2015

Publication series

Name	Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015

Conference

Conference	8th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2015
Country/Territory	Cyprus
City	Limassol
Period	7/12/15 → 10/12/15

Keywords

Cloud Computing
code obfuscation
encryption key
memory protection
VM RAM security

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/UCC.2015.64

Cite this

Albelooshi, B., Salah, K., Martin, T., & Damiani, E. (2015). Securing Cryptographic Keys in the IaaS Cloud Model. In O. Rana, R. Buyya, & I. Raicu (Eds.), Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015 (pp. 397-401). Article 7431439 (Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/UCC.2015.64

Albelooshi, B. ; Salah, K. ; Martin, T. et al. / Securing Cryptographic Keys in the IaaS Cloud Model. Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015. editor / Omer Rana ; Rajkumar Buyya ; Ioan Raicu. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 397-401 (Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015).

@inproceedings{c8804a6fe00444918fe4110bd5360414,

title = "Securing Cryptographic Keys in the IaaS Cloud Model",

abstract = "Infrastructure-as-a-Service (IaaS) is a widespread cloud computing provisioning model where ICT infrastructure, including servers, storage and networking, is supplied on-demand, in a pay-as-you-go fashion. IaaS cloud providers give their clients virtual machines (VMs) that are controlled by cloud administrators who can run, stop, restore and migrate the VMs. A typical threat to IaaS is unauthorized access of untrustworthy administrators to cloud users' sensitive information residing in VMs' memory. In this paper we focus on the threat of users' cryptographic keys being stolen from the RAM of the VM they provision. We propose a decrypt-scatter/gather-decrypt technique that allows users to carry our encryption/decryption while protecting keys from unauthorized peeks on the part of cloud administrators. Our technique does not require modification to the current cloud architecture, but only the availability of a Trusted Platform Module (TPM) capable of creating and holding a TPM-protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption/decryption on behalf of data owners.",

keywords = "Cloud Computing, code obfuscation, encryption key, memory protection, VM RAM security",

author = "B. Albelooshi and K. Salah and T. Martin and E. Damiani",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 8th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2015 ; Conference date: 07-12-2015 Through 10-12-2015",

year = "2015",

doi = "10.1109/UCC.2015.64",

language = "British English",

series = "Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "397--401",

editor = "Omer Rana and Rajkumar Buyya and Ioan Raicu",

booktitle = "Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015",

address = "United States",

}

Albelooshi, B, Salah, K, Martin, T & Damiani, E 2015, Securing Cryptographic Keys in the IaaS Cloud Model. in O Rana, R Buyya & I Raicu (eds), Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015., 7431439, Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015, Institute of Electrical and Electronics Engineers Inc., pp. 397-401, 8th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2015, Limassol, Cyprus, 7/12/15. https://doi.org/10.1109/UCC.2015.64

Securing Cryptographic Keys in the IaaS Cloud Model. / Albelooshi, B.; Salah, K.; Martin, T. et al.
Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015. ed. / Omer Rana; Rajkumar Buyya; Ioan Raicu. Institute of Electrical and Electronics Engineers Inc., 2015. p. 397-401 7431439 (Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Securing Cryptographic Keys in the IaaS Cloud Model

AU - Albelooshi, B.

AU - Salah, K.

AU - Martin, T.

AU - Damiani, E.

PY - 2015

Y1 - 2015

N2 - Infrastructure-as-a-Service (IaaS) is a widespread cloud computing provisioning model where ICT infrastructure, including servers, storage and networking, is supplied on-demand, in a pay-as-you-go fashion. IaaS cloud providers give their clients virtual machines (VMs) that are controlled by cloud administrators who can run, stop, restore and migrate the VMs. A typical threat to IaaS is unauthorized access of untrustworthy administrators to cloud users' sensitive information residing in VMs' memory. In this paper we focus on the threat of users' cryptographic keys being stolen from the RAM of the VM they provision. We propose a decrypt-scatter/gather-decrypt technique that allows users to carry our encryption/decryption while protecting keys from unauthorized peeks on the part of cloud administrators. Our technique does not require modification to the current cloud architecture, but only the availability of a Trusted Platform Module (TPM) capable of creating and holding a TPM-protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption/decryption on behalf of data owners.

AB - Infrastructure-as-a-Service (IaaS) is a widespread cloud computing provisioning model where ICT infrastructure, including servers, storage and networking, is supplied on-demand, in a pay-as-you-go fashion. IaaS cloud providers give their clients virtual machines (VMs) that are controlled by cloud administrators who can run, stop, restore and migrate the VMs. A typical threat to IaaS is unauthorized access of untrustworthy administrators to cloud users' sensitive information residing in VMs' memory. In this paper we focus on the threat of users' cryptographic keys being stolen from the RAM of the VM they provision. We propose a decrypt-scatter/gather-decrypt technique that allows users to carry our encryption/decryption while protecting keys from unauthorized peeks on the part of cloud administrators. Our technique does not require modification to the current cloud architecture, but only the availability of a Trusted Platform Module (TPM) capable of creating and holding a TPM-protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption/decryption on behalf of data owners.

KW - Cloud Computing

KW - code obfuscation

KW - encryption key

KW - memory protection

KW - VM RAM security

UR - http://www.scopus.com/inward/record.url?scp=84965043703&partnerID=8YFLogxK

U2 - 10.1109/UCC.2015.64

DO - 10.1109/UCC.2015.64

M3 - Conference contribution

AN - SCOPUS:84965043703

T3 - Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015

SP - 397

EP - 401

BT - Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015

A2 - Rana, Omer

A2 - Buyya, Rajkumar

A2 - Raicu, Ioan

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 8th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2015

Y2 - 7 December 2015 through 10 December 2015

ER -

Albelooshi B, Salah K, Martin T, Damiani E. Securing Cryptographic Keys in the IaaS Cloud Model. In Rana O, Buyya R, Raicu I, editors, Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015. Institute of Electrical and Electronics Engineers Inc. 2015. p. 397-401. 7431439. (Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015). doi: 10.1109/UCC.2015.64

Securing Cryptographic Keys in the IaaS Cloud Model

Abstract

Publication series

Conference

Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this