Protecting cryptographic keys on client platforms using virtualization and raw disk image access

Sujit Sanjeev, Jatin Lodhia, Raghunathan Srinivasan, Partha Dasgupta

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Software cryptosystems face the challenge of secure key management. Recent trends in breaking cryptosystems suggest that it is easier to steal the cryptographic keys from unsecure systems than to break the algorithm itself, a prominent example of such an attack is the cracking of the HD-DVD encryption. This paper presents two methods to hide cryptographic keys in an unsecure machine. The first method uses virtualization to isolate the sections of memory that contain cryptographic keys from an untrusted guest operating system (OS). Virtualization is an effective method to provide isolation between trusted and un-trusted components of a system. This work makes the Virtual Machine Monitor (VMM) as a cryptographic service provider for guest OS. The second method provides techniques to securely retrieve and store keys in secondary storage. The information about key storage and retrieval is stored inside the application binary. On execution this section retrieves the key from secondary storage.

Original languageEnglish (US)
Title of host publicationProceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011
Pages1026-1032
Number of pages7
DOIs
StatePublished - 2011
Event2011 IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2011 and 2011 IEEE International Conference on Social Computing, SocialCom 2011 - Boston, MA, United States
Duration: Oct 9 2011Oct 11 2011

Other

Other2011 IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2011 and 2011 IEEE International Conference on Social Computing, SocialCom 2011
CountryUnited States
CityBoston, MA
Period10/9/1110/11/11

Fingerprint

Cryptography
Videodisks
Computer operating systems
Data storage equipment
Virtualization
Virtual machine

Keywords

  • Key hiding
  • Lguest
  • Linux
  • Raw disk interface
  • Secret hiding
  • Virtualization

ASJC Scopus subject areas

  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Cite this

Sanjeev, S., Lodhia, J., Srinivasan, R., & Dasgupta, P. (2011). Protecting cryptographic keys on client platforms using virtualization and raw disk image access. In Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011 (pp. 1026-1032). [6113255] https://doi.org/10.1109/PASSAT/SocialCom.2011.75

Protecting cryptographic keys on client platforms using virtualization and raw disk image access. / Sanjeev, Sujit; Lodhia, Jatin; Srinivasan, Raghunathan; Dasgupta, Partha.

Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011. 2011. p. 1026-1032 6113255.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sanjeev, S, Lodhia, J, Srinivasan, R & Dasgupta, P 2011, Protecting cryptographic keys on client platforms using virtualization and raw disk image access. in Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011., 6113255, pp. 1026-1032, 2011 IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2011 and 2011 IEEE International Conference on Social Computing, SocialCom 2011, Boston, MA, United States, 10/9/11. https://doi.org/10.1109/PASSAT/SocialCom.2011.75
Sanjeev S, Lodhia J, Srinivasan R, Dasgupta P. Protecting cryptographic keys on client platforms using virtualization and raw disk image access. In Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011. 2011. p. 1026-1032. 6113255 https://doi.org/10.1109/PASSAT/SocialCom.2011.75
Sanjeev, Sujit ; Lodhia, Jatin ; Srinivasan, Raghunathan ; Dasgupta, Partha. / Protecting cryptographic keys on client platforms using virtualization and raw disk image access. Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011. 2011. pp. 1026-1032
@inproceedings{644d204ddcea4355a5b81582914eee43,
title = "Protecting cryptographic keys on client platforms using virtualization and raw disk image access",
abstract = "Software cryptosystems face the challenge of secure key management. Recent trends in breaking cryptosystems suggest that it is easier to steal the cryptographic keys from unsecure systems than to break the algorithm itself, a prominent example of such an attack is the cracking of the HD-DVD encryption. This paper presents two methods to hide cryptographic keys in an unsecure machine. The first method uses virtualization to isolate the sections of memory that contain cryptographic keys from an untrusted guest operating system (OS). Virtualization is an effective method to provide isolation between trusted and un-trusted components of a system. This work makes the Virtual Machine Monitor (VMM) as a cryptographic service provider for guest OS. The second method provides techniques to securely retrieve and store keys in secondary storage. The information about key storage and retrieval is stored inside the application binary. On execution this section retrieves the key from secondary storage.",
keywords = "Key hiding, Lguest, Linux, Raw disk interface, Secret hiding, Virtualization",
author = "Sujit Sanjeev and Jatin Lodhia and Raghunathan Srinivasan and Partha Dasgupta",
year = "2011",
doi = "10.1109/PASSAT/SocialCom.2011.75",
language = "English (US)",
isbn = "9780769545783",
pages = "1026--1032",
booktitle = "Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011",

}

TY - GEN

T1 - Protecting cryptographic keys on client platforms using virtualization and raw disk image access

AU - Sanjeev, Sujit

AU - Lodhia, Jatin

AU - Srinivasan, Raghunathan

AU - Dasgupta, Partha

PY - 2011

Y1 - 2011

N2 - Software cryptosystems face the challenge of secure key management. Recent trends in breaking cryptosystems suggest that it is easier to steal the cryptographic keys from unsecure systems than to break the algorithm itself, a prominent example of such an attack is the cracking of the HD-DVD encryption. This paper presents two methods to hide cryptographic keys in an unsecure machine. The first method uses virtualization to isolate the sections of memory that contain cryptographic keys from an untrusted guest operating system (OS). Virtualization is an effective method to provide isolation between trusted and un-trusted components of a system. This work makes the Virtual Machine Monitor (VMM) as a cryptographic service provider for guest OS. The second method provides techniques to securely retrieve and store keys in secondary storage. The information about key storage and retrieval is stored inside the application binary. On execution this section retrieves the key from secondary storage.

AB - Software cryptosystems face the challenge of secure key management. Recent trends in breaking cryptosystems suggest that it is easier to steal the cryptographic keys from unsecure systems than to break the algorithm itself, a prominent example of such an attack is the cracking of the HD-DVD encryption. This paper presents two methods to hide cryptographic keys in an unsecure machine. The first method uses virtualization to isolate the sections of memory that contain cryptographic keys from an untrusted guest operating system (OS). Virtualization is an effective method to provide isolation between trusted and un-trusted components of a system. This work makes the Virtual Machine Monitor (VMM) as a cryptographic service provider for guest OS. The second method provides techniques to securely retrieve and store keys in secondary storage. The information about key storage and retrieval is stored inside the application binary. On execution this section retrieves the key from secondary storage.

KW - Key hiding

KW - Lguest

KW - Linux

KW - Raw disk interface

KW - Secret hiding

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=84856189308&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84856189308&partnerID=8YFLogxK

U2 - 10.1109/PASSAT/SocialCom.2011.75

DO - 10.1109/PASSAT/SocialCom.2011.75

M3 - Conference contribution

AN - SCOPUS:84856189308

SN - 9780769545783

SP - 1026

EP - 1032

BT - Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011

ER -