Securing Cryptographic Keys in the IaaS Cloud Model

B. Albelooshi, K. Salah, T. Martin, E. Damiani

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

7 Scopus citations

Abstract

Infrastructure-as-a-Service (IaaS) is a widespread cloud computing provisioning model where ICT infrastructure, including servers, storage and networking, is supplied on-demand, in a pay-as-you-go fashion. IaaS cloud providers give their clients virtual machines (VMs) that are controlled by cloud administrators who can run, stop, restore and migrate the VMs. A typical threat to IaaS is unauthorized access of untrustworthy administrators to cloud users' sensitive information residing in VMs' memory. In this paper we focus on the threat of users' cryptographic keys being stolen from the RAM of the VM they provision. We propose a decrypt-scatter/gather-decrypt technique that allows users to carry our encryption/decryption while protecting keys from unauthorized peeks on the part of cloud administrators. Our technique does not require modification to the current cloud architecture, but only the availability of a Trusted Platform Module (TPM) capable of creating and holding a TPM-protected public/private key pair. It lends itself to security-as-a-service scenarios where third parties perform encryption/decryption on behalf of data owners.

Original languageBritish English
Title of host publicationProceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015
EditorsOmer Rana, Rajkumar Buyya, Ioan Raicu
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages397-401
Number of pages5
ISBN (Electronic)9780769556970
DOIs
StatePublished - 2015
Event8th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2015 - Limassol, Cyprus
Duration: 7 Dec 201510 Dec 2015

Publication series

NameProceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015

Conference

Conference8th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2015
Country/TerritoryCyprus
CityLimassol
Period7/12/1510/12/15

Keywords

  • Cloud Computing
  • code obfuscation
  • encryption key
  • memory protection
  • VM RAM security

Fingerprint

Dive into the research topics of 'Securing Cryptographic Keys in the IaaS Cloud Model'. Together they form a unique fingerprint.

Cite this