Secure and Efficient White-box Encryption Scheme for Data Protection against Shared Cache Attacks in Cloud Computing

Yang Shi, Mianhong Li, Wujing Wei, Yangyang Liu, Xiapu Luo

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

In cloud computing, since virtual machines (VMs) running on the same physical server share CPU caches, adversaries can exploit CPU's vulnerabilities to launch shared cache attacks (e.g., Spectre vulnerability) for illegally accessing sensitive data (e.g., key of symmetric encryption) on other VMs. Since it is difficult to fix such vulnerabilities, in this paper, we propose a novel solution that leverages two salient features of white-box encryption to protect data against such attacks: white-box encryption turns the keys and code into unintelligible programs; it is provably secure even if part of its critical data is accessed by adversaries. Although there are many white-box schemes, they cannot be used in our solution due to their limitations. Therefore, we propose a new white-box encryption scheme with highly efficient instances. These instances are parameterized, and can be configured according to the tradeoff between security margin and storage cost. Moreover, our scheme is provably secure in the space-hardness model. The evaluation shows that our solution works well in public clouds and outperforms other methods.
Original languageEnglish
Title of host publicationProceedings - 2021 IEEE 32nd International Symposium on Software Reliability Engineering, ISSRE 2021
EditorsZhi Jin, Xuandong Li, Jianwen Xiang, Leonardo Mariani, Ting Liu, Xiao Yu, Nahgmeh Ivaki
PublisherIEEE
Pages446-456
Number of pages11
ISBN (Electronic)978-1-6654-2587-2
DOIs
Publication statusPublished - Oct 2021

Publication series

NameProceedings - International Symposium on Software Reliability Engineering, ISSRE
Volume2021-October
ISSN (Print)1071-9458

Fingerprint

Dive into the research topics of 'Secure and Efficient White-box Encryption Scheme for Data Protection against Shared Cache Attacks in Cloud Computing'. Together they form a unique fingerprint.

Cite this