Protecting cryptographic keys on client platforms using virtualization and raw disk image access

Sujit Sanjeev; Jatin Lodhia; Raghunathan Srinivasan; Partha Dasgupta

doi:10.1109/PASSAT/SocialCom.2011.75

Protecting cryptographic keys on client platforms using virtualization and raw disk image access

Sujit Sanjeev, Jatin Lodhia, Raghunathan Srinivasan, Partha Dasgupta

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Software cryptosystems face the challenge of secure key management. Recent trends in breaking cryptosystems suggest that it is easier to steal the cryptographic keys from unsecure systems than to break the algorithm itself, a prominent example of such an attack is the cracking of the HD-DVD encryption. This paper presents two methods to hide cryptographic keys in an unsecure machine. The first method uses virtualization to isolate the sections of memory that contain cryptographic keys from an untrusted guest operating system (OS). Virtualization is an effective method to provide isolation between trusted and un-trusted components of a system. This work makes the Virtual Machine Monitor (VMM) as a cryptographic service provider for guest OS. The second method provides techniques to securely retrieve and store keys in secondary storage. The information about key storage and retrieval is stored inside the application binary. On execution this section retrieves the key from secondary storage.

Original language	English (US)
Title of host publication	Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011
Pages	1026-1032
Number of pages	7
DOIs	https://doi.org/10.1109/PASSAT/SocialCom.2011.75
State	Published - Dec 1 2011
Event	2011 IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2011 and 2011 IEEE International Conference on Social Computing, SocialCom 2011 - Boston, MA, United States Duration: Oct 9 2011 → Oct 11 2011

Publication series

Name	Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011

Other

Other	2011 IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2011 and 2011 IEEE International Conference on Social Computing, SocialCom 2011
Country/Territory	United States
City	Boston, MA
Period	10/9/11 → 10/11/11

Keywords

Key hiding
Lguest
Linux
Raw disk interface
Secret hiding
Virtualization

ASJC Scopus subject areas

Hardware and Architecture
Safety, Risk, Reliability and Quality

Access to Document

10.1109/PASSAT/SocialCom.2011.75

Cite this

Sanjeev, S., Lodhia, J., Srinivasan, R., & Dasgupta, P. (2011). Protecting cryptographic keys on client platforms using virtualization and raw disk image access. In Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011 (pp. 1026-1032). Article 6113255 (Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011). https://doi.org/10.1109/PASSAT/SocialCom.2011.75

Protecting cryptographic keys on client platforms using virtualization and raw disk image access. / Sanjeev, Sujit; Lodhia, Jatin; Srinivasan, Raghunathan et al.
Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011. 2011. p. 1026-1032 6113255 (Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sanjeev, S, Lodhia, J, Srinivasan, R & Dasgupta, P 2011, Protecting cryptographic keys on client platforms using virtualization and raw disk image access. in Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011., 6113255, Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011, pp. 1026-1032, 2011 IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2011 and 2011 IEEE International Conference on Social Computing, SocialCom 2011, Boston, MA, United States, 10/9/11. https://doi.org/10.1109/PASSAT/SocialCom.2011.75

Sanjeev S, Lodhia J, Srinivasan R, Dasgupta P. Protecting cryptographic keys on client platforms using virtualization and raw disk image access. In Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011. 2011. p. 1026-1032. 6113255. (Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011). doi: 10.1109/PASSAT/SocialCom.2011.75

Sanjeev, Sujit ; Lodhia, Jatin ; Srinivasan, Raghunathan et al. / Protecting cryptographic keys on client platforms using virtualization and raw disk image access. Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011. 2011. pp. 1026-1032 (Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011).

@inproceedings{644d204ddcea4355a5b81582914eee43,

title = "Protecting cryptographic keys on client platforms using virtualization and raw disk image access",

abstract = "Software cryptosystems face the challenge of secure key management. Recent trends in breaking cryptosystems suggest that it is easier to steal the cryptographic keys from unsecure systems than to break the algorithm itself, a prominent example of such an attack is the cracking of the HD-DVD encryption. This paper presents two methods to hide cryptographic keys in an unsecure machine. The first method uses virtualization to isolate the sections of memory that contain cryptographic keys from an untrusted guest operating system (OS). Virtualization is an effective method to provide isolation between trusted and un-trusted components of a system. This work makes the Virtual Machine Monitor (VMM) as a cryptographic service provider for guest OS. The second method provides techniques to securely retrieve and store keys in secondary storage. The information about key storage and retrieval is stored inside the application binary. On execution this section retrieves the key from secondary storage.",

keywords = "Key hiding, Lguest, Linux, Raw disk interface, Secret hiding, Virtualization",

author = "Sujit Sanjeev and Jatin Lodhia and Raghunathan Srinivasan and Partha Dasgupta",

year = "2011",

month = dec,

day = "1",

doi = "10.1109/PASSAT/SocialCom.2011.75",

language = "English (US)",

isbn = "9780769545783",

series = "Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011",

pages = "1026--1032",

booktitle = "Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011",

note = "2011 IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2011 and 2011 IEEE International Conference on Social Computing, SocialCom 2011 ; Conference date: 09-10-2011 Through 11-10-2011",

}

TY - GEN

T1 - Protecting cryptographic keys on client platforms using virtualization and raw disk image access

AU - Sanjeev, Sujit

AU - Lodhia, Jatin

AU - Srinivasan, Raghunathan

AU - Dasgupta, Partha

PY - 2011/12/1

Y1 - 2011/12/1

N2 - Software cryptosystems face the challenge of secure key management. Recent trends in breaking cryptosystems suggest that it is easier to steal the cryptographic keys from unsecure systems than to break the algorithm itself, a prominent example of such an attack is the cracking of the HD-DVD encryption. This paper presents two methods to hide cryptographic keys in an unsecure machine. The first method uses virtualization to isolate the sections of memory that contain cryptographic keys from an untrusted guest operating system (OS). Virtualization is an effective method to provide isolation between trusted and un-trusted components of a system. This work makes the Virtual Machine Monitor (VMM) as a cryptographic service provider for guest OS. The second method provides techniques to securely retrieve and store keys in secondary storage. The information about key storage and retrieval is stored inside the application binary. On execution this section retrieves the key from secondary storage.

AB - Software cryptosystems face the challenge of secure key management. Recent trends in breaking cryptosystems suggest that it is easier to steal the cryptographic keys from unsecure systems than to break the algorithm itself, a prominent example of such an attack is the cracking of the HD-DVD encryption. This paper presents two methods to hide cryptographic keys in an unsecure machine. The first method uses virtualization to isolate the sections of memory that contain cryptographic keys from an untrusted guest operating system (OS). Virtualization is an effective method to provide isolation between trusted and un-trusted components of a system. This work makes the Virtual Machine Monitor (VMM) as a cryptographic service provider for guest OS. The second method provides techniques to securely retrieve and store keys in secondary storage. The information about key storage and retrieval is stored inside the application binary. On execution this section retrieves the key from secondary storage.

KW - Key hiding

KW - Lguest

KW - Linux

KW - Raw disk interface

KW - Secret hiding

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=84856189308&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84856189308&partnerID=8YFLogxK

U2 - 10.1109/PASSAT/SocialCom.2011.75

DO - 10.1109/PASSAT/SocialCom.2011.75

M3 - Conference contribution

AN - SCOPUS:84856189308

SN - 9780769545783

T3 - Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011

SP - 1026

EP - 1032

BT - Proceedings - 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011

T2 - 2011 IEEE International Conference on Privacy, Security, Risk and Trust, PASSAT 2011 and 2011 IEEE International Conference on Social Computing, SocialCom 2011

Y2 - 9 October 2011 through 11 October 2011

ER -

Protecting cryptographic keys on client platforms using virtualization and raw disk image access

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this