Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store

Bibliographic Details
Main Author: Rosa, Miguel Gomes
Publication Date: 2019
Format: Master thesis
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/10362/96659
Summary: Cloud computing is being used by almost everyone, from regular consumer to IT specialists, as it is a way to have high availability, geo-replication, and resource elasticity with pay-as-you-go charging models. Another benefit is the minimal management effort and maintenance expenses for its users. However, security is still pointed out as the main reason hindering the full adoption of cloud services. Consumers lose ownership of their data as soon as it goes to the cloud; therefore, they have to rely on cloud provider’s security assumptions and Service Level Agreements regarding privacy and integrity guarantees for their data. Hardware Security Modules (HSMs) are dedicated cryptographic processors, typically used in secure cloud applications, that are designed specifically for the protection of cryptographic keys in all steps of their life cycles. They are physical devices with tamperproof resistance, but rather expensive. There have been some attempts to virtualize HSMs. Virtual solutions can reduce its costs but without much success as performance is incomparable and security guarantees are hard to achieve in software implementations. In this dissertation, we aim at developing a virtualized HSM supported by modern attestation-based trusted hardware in commodity CPUs to ensure privacy and reliability, which are the main requirements of an HSM. High availability will also be achieved through techniques such as cloud-of-clouds replication on top of those nodes. Therefore virtual HSMs, on the cloud, backed with trusted hardware, seem increasingly promising as security, attestation, and high availability will be guaranteed by our solution, and it would be much cheaper and as reliable as having physical HSMs.
id RCAP_9538b711fbf8d6ad6ab5b97d9d47376d
oai_identifier_str oai:run.unl.pt:10362/96659
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Virtual HSM: Building a Hardware-backed Dependable Cryptographic StoreHardware Security ModuleTrusted HardwareIntel SGXCloud ComputingCloud-of-CloudsDomínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e InformáticaCloud computing is being used by almost everyone, from regular consumer to IT specialists, as it is a way to have high availability, geo-replication, and resource elasticity with pay-as-you-go charging models. Another benefit is the minimal management effort and maintenance expenses for its users. However, security is still pointed out as the main reason hindering the full adoption of cloud services. Consumers lose ownership of their data as soon as it goes to the cloud; therefore, they have to rely on cloud provider’s security assumptions and Service Level Agreements regarding privacy and integrity guarantees for their data. Hardware Security Modules (HSMs) are dedicated cryptographic processors, typically used in secure cloud applications, that are designed specifically for the protection of cryptographic keys in all steps of their life cycles. They are physical devices with tamperproof resistance, but rather expensive. There have been some attempts to virtualize HSMs. Virtual solutions can reduce its costs but without much success as performance is incomparable and security guarantees are hard to achieve in software implementations. In this dissertation, we aim at developing a virtualized HSM supported by modern attestation-based trusted hardware in commodity CPUs to ensure privacy and reliability, which are the main requirements of an HSM. High availability will also be achieved through techniques such as cloud-of-clouds replication on top of those nodes. Therefore virtual HSMs, on the cloud, backed with trusted hardware, seem increasingly promising as security, attestation, and high availability will be guaranteed by our solution, and it would be much cheaper and as reliable as having physical HSMs.Ferreira, BernardoRUNRosa, Miguel Gomes2020-04-23T10:47:50Z2019-1020192019-10-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10362/96659enginfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-05-22T17:45:06Zoai:run.unl.pt:10362/96659Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T17:16:25.127345Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store
title Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store
spellingShingle Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store
Rosa, Miguel Gomes
Hardware Security Module
Trusted Hardware
Intel SGX
Cloud Computing
Cloud-of-Clouds
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
title_short Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store
title_full Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store
title_fullStr Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store
title_full_unstemmed Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store
title_sort Virtual HSM: Building a Hardware-backed Dependable Cryptographic Store
author Rosa, Miguel Gomes
author_facet Rosa, Miguel Gomes
author_role author
dc.contributor.none.fl_str_mv Ferreira, Bernardo
RUN
dc.contributor.author.fl_str_mv Rosa, Miguel Gomes
dc.subject.por.fl_str_mv Hardware Security Module
Trusted Hardware
Intel SGX
Cloud Computing
Cloud-of-Clouds
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
topic Hardware Security Module
Trusted Hardware
Intel SGX
Cloud Computing
Cloud-of-Clouds
Domínio/Área Científica::Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática
description Cloud computing is being used by almost everyone, from regular consumer to IT specialists, as it is a way to have high availability, geo-replication, and resource elasticity with pay-as-you-go charging models. Another benefit is the minimal management effort and maintenance expenses for its users. However, security is still pointed out as the main reason hindering the full adoption of cloud services. Consumers lose ownership of their data as soon as it goes to the cloud; therefore, they have to rely on cloud provider’s security assumptions and Service Level Agreements regarding privacy and integrity guarantees for their data. Hardware Security Modules (HSMs) are dedicated cryptographic processors, typically used in secure cloud applications, that are designed specifically for the protection of cryptographic keys in all steps of their life cycles. They are physical devices with tamperproof resistance, but rather expensive. There have been some attempts to virtualize HSMs. Virtual solutions can reduce its costs but without much success as performance is incomparable and security guarantees are hard to achieve in software implementations. In this dissertation, we aim at developing a virtualized HSM supported by modern attestation-based trusted hardware in commodity CPUs to ensure privacy and reliability, which are the main requirements of an HSM. High availability will also be achieved through techniques such as cloud-of-clouds replication on top of those nodes. Therefore virtual HSMs, on the cloud, backed with trusted hardware, seem increasingly promising as security, attestation, and high availability will be guaranteed by our solution, and it would be much cheaper and as reliable as having physical HSMs.
publishDate 2019
dc.date.none.fl_str_mv 2019-10
2019
2019-10-01T00:00:00Z
2020-04-23T10:47:50Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10362/96659
url http://hdl.handle.net/10362/96659
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833596570686193664

Similar Items