1. Virtualization of the Encryption Card for Trust Access in Cloud Computing
- Author
-
Xiao-Yang Liu, Cai Fu, Guohui Li, Deliang Xu, Deqing Zou, and Honghao Zhang
- Subjects
General Computer Science ,Computer science ,Full virtualization ,Data_MISCELLANEOUS ,trusted computing ,Data security ,Cryptography ,Cloud computing ,02 engineering and technology ,computer.software_genre ,Computer security ,Encryption ,Disk encryption hardware ,Email encryption ,020204 information systems ,0202 electrical engineering, electronic engineering, information engineering ,General Materials Science ,020203 distributed computing ,Cloud computing security ,business.industry ,General Engineering ,Client-side encryption ,Trusted Computing ,Cryptographic protocol ,Virtualization ,virtualization ,Disk encryption theory ,Disk encryption ,56-bit encryption ,40-bit encryption ,Keyfile ,Trusted Platform Module ,Link encryption ,lcsh:Electrical engineering. Electronics. Nuclear engineering ,On-the-fly encryption ,business ,computer ,Encryption card ,lcsh:TK1-9971 ,Computer network - Abstract
The increasing use of virtualization puts stringent security requirements on software integrity and workload isolation of cloud computing. The encryption card provides hardware cryptographic services for users and is believed to be superior to software cryptography. However, we cannot use the encryption card directly in the user domain because of the complicated virtualization mechanisms and the security problems about the user key and the user private data flow. To address these challenges, we propose a new virtualization architecture to ensure the trustworthiness of encryption cards. First, we design a privacy preserving model to ensure the security of the dynamic schedule of encryption cards. Second, we present a hardware trust verification procedure based on the trusted platform module to supply a trusted virtualization hardware foundation. Third, we provide a series of security protocols to establish a trusted chain between users and encryption cards. Finally, we give security proofs of the encryption card virtualization architecture. Based on our prototype implementation, the encryption service provided by the encryption card has higher-level security and higher efficiency than software encryption. It provides strong support for security services of virtualization systems in cloud computing.
- Published
- 2017