IEEE Access (Jan 2017)

Virtualization of the Encryption Card for Trust Access in Cloud Computing

  • Deliang Xu,
  • Cai Fu,
  • Guohui Li,
  • Deqing Zou,
  • Honghao Zhang,
  • Xiao-Yang Liu

DOI
https://doi.org/10.1109/ACCESS.2017.2754515
Journal volume & issue
Vol. 5
pp. 20652 – 20667

Abstract

Read online

The increasing use of virtualization puts stringent security requirements on software integrity and workload isolation of cloud computing. The encryption card provides hardware cryptographic services for users and is believed to be superior to software cryptography. However, we cannot use the encryption card directly in the user domain because of the complicated virtualization mechanisms and the security problems about the user key and the user private data flow. To address these challenges, we propose a new virtualization architecture to ensure the trustworthiness of encryption cards. First, we design a privacy preserving model to ensure the security of the dynamic schedule of encryption cards. Second, we present a hardware trust verification procedure based on the trusted platform module to supply a trusted virtualization hardware foundation. Third, we provide a series of security protocols to establish a trusted chain between users and encryption cards. Finally, we give security proofs of the encryption card virtualization architecture. Based on our prototype implementation, the encryption service provided by the encryption card has higher-level security and higher efficiency than software encryption. It provides strong support for security services of virtualization systems in cloud computing.

Keywords