Portal de Periódicos da CAPES

Virtualization of the Encryption Card for Trust Access in Cloud Computing

2017; Institute of Electrical and Electronics Engineers; Volume: 5; Linguagem: Inglês

10.1109/access.2017.2754515

2169-3536

Deliang Xu, Cai Fu, Guohui Li, Deqing Zou, H. H. Zhang, Xiaoyang Liu,

Physical Unclonable Functions (PUFs) and Hardware Security

The increasing use of virtualization puts stringent security requirements on software integrity and workload isolation of cloud computing. The encryption card provides hardware cryptographic services for users and is believed to be superior to software cryptography. However, we cannot use the encryption card directly in the user domain because of the complicated virtualization mechanisms and the security problems about the user key and the user private data flow. To address these challenges, we propose a new virtualization architecture to ensure the trustworthiness of encryption cards. First, we design a privacy preserving model to ensure the security of the dynamic schedule of encryption cards. Second, we present a hardware trust verification procedure based on the trusted platform module to supply a trusted virtualization hardware foundation. Third, we provide a series of security protocols to establish a trusted chain between users and encryption cards. Finally, we give security proofs of the encryption card virtualization architecture. Based on our prototype implementation, the encryption service provided by the encryption card has higher-level security and higher efficiency than software encryption. It provides strong support for security services of virtualization systems in cloud computing.