TY - GEN
T1 - Secure and Efficient White-box Encryption Scheme for Data Protection against Shared Cache Attacks in Cloud Computing
AU - Shi, Yang
AU - Li, Mianhong
AU - Wei, Wujing
AU - Liu, Yangyang
AU - Luo, Xiapu
N1 - Funding Information:
This research has been supported by the National Natural Science Foundation of China (No. 61772371, 62172301), HK Research Grants Council Project (No. PolyU15223918), and Natural Science Foundation of Shanghai (No. 21ZR1465100). *Xiapu Luo is the corresponding author.
Publisher Copyright:
© 2021 IEEE.
PY - 2021/10
Y1 - 2021/10
N2 - In cloud computing, since virtual machines (VMs) running on the same physical server share CPU caches, adversaries can exploit CPU's vulnerabilities to launch shared cache attacks (e.g., Spectre vulnerability) for illegally accessing sensitive data (e.g., key of symmetric encryption) on other VMs. Since it is difficult to fix such vulnerabilities, in this paper, we propose a novel solution that leverages two salient features of white-box encryption to protect data against such attacks: white-box encryption turns the keys and code into unintelligible programs; it is provably secure even if part of its critical data is accessed by adversaries. Although there are many white-box schemes, they cannot be used in our solution due to their limitations. Therefore, we propose a new white-box encryption scheme with highly efficient instances. These instances are parameterized, and can be configured according to the tradeoff between security margin and storage cost. Moreover, our scheme is provably secure in the space-hardness model. The evaluation shows that our solution works well in public clouds and outperforms other methods.
AB - In cloud computing, since virtual machines (VMs) running on the same physical server share CPU caches, adversaries can exploit CPU's vulnerabilities to launch shared cache attacks (e.g., Spectre vulnerability) for illegally accessing sensitive data (e.g., key of symmetric encryption) on other VMs. Since it is difficult to fix such vulnerabilities, in this paper, we propose a novel solution that leverages two salient features of white-box encryption to protect data against such attacks: white-box encryption turns the keys and code into unintelligible programs; it is provably secure even if part of its critical data is accessed by adversaries. Although there are many white-box schemes, they cannot be used in our solution due to their limitations. Therefore, we propose a new white-box encryption scheme with highly efficient instances. These instances are parameterized, and can be configured according to the tradeoff between security margin and storage cost. Moreover, our scheme is provably secure in the space-hardness model. The evaluation shows that our solution works well in public clouds and outperforms other methods.
UR - http://www.scopus.com/inward/record.url?scp=85126396612&partnerID=8YFLogxK
U2 - 10.1109/ISSRE52982.2021.00053
DO - 10.1109/ISSRE52982.2021.00053
M3 - Conference article published in proceeding or book
T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE
SP - 446
EP - 456
BT - Proceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021
A2 - Jin, Zhi
A2 - Li, Xuandong
A2 - Xiang, Jianwen
A2 - Mariani, Leonardo
A2 - Liu, Ting
A2 - Yu, Xiao
A2 - Ivaki, Nahgmeh
PB - IEEE
ER -