The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - Nov.-Dec. (2012 vol.9)
pp: 838-851
Weiqi Dai , Huazhong University of Science and Technology, Wuhan and University of Texas at San Antonio, San Antonio
T. Paul Parker , Dallas Baptist University and University of Texas at San Antonio, San Antonio
Hai Jin , Huazhong University of Science and Technology, Wuhan
Shouhuai Xu , University of Texas at San Antonio, San Antonio
ABSTRACT
Digital signatures are an important mechanism for ensuring data trustworthiness via source authenticity, integrity, and source nonrepudiation. However, their trustworthiness guarantee can be subverted in the real world by sophisticated attacks, which can obtain cryptographically legitimate digital signatures without actually compromising the private signing key. This problem cannot be adequately addressed by a purely cryptographic approach, by the revocation mechanism of Public Key Infrastructure (PKI) because it may take a long time to detect the compromise, or by using tamper-resistant hardware because the attacker does not need to compromise the hardware. This problem will become increasingly more important and evident because of stealthy malware (or Advanced Persistent Threats). In this paper, we propose a novel solution, dubbed Assured Digital Signing (ADS), to enhancing the data trustworthiness vouched by digital signatures. In order to minimize the modifications to the Trusted Computing Base (TCB), ADS simultaneously takes advantage of trusted computing and virtualization technologies. Specifically, ADS allows a signature verifier to examine not only a signature's cryptographic validity but also its system security validity that the private signing key and the signing function are secure, despite the powerful attack that the signing application program and the general-purpose Operating System (OS) kernel are malicious. The modular design of ADS makes it application-transparent (i.e., no need to modify the application source code in order to deploy it) and almost hypervisor-independent (i.e., it can be implemented with any Type I hypervisor). To demonstrate the feasibility of ADS, we report the implementation and analysis of an Xen-based ADS system.
INDEX TERMS
Virtual machine monitors, Digital signatures, Cryptography, Digital signatures, Malware, malware, Data trustworthiness, digital signatures, cryptographic assurance, system-based assurance
CITATION
Weiqi Dai, T. Paul Parker, Hai Jin, Shouhuai Xu, "Enhancing Data Trustworthiness via Assured Digital Signing", IEEE Transactions on Dependable and Secure Computing, vol.9, no. 6, pp. 838-851, Nov.-Dec. 2012, doi:10.1109/TDSC.2012.71
REFERENCES
[1] S. Goldwasser, S. Micali, and R. Rivest, "A Digital Signature Scheme Secure against Adaptive Chosen-Message Attacks," SIAM J. Computing, vol. 17, pp. 281-308, Apr. 1988.
[2] A. Akavia, S. Goldwasser, and V. Vaikuntanathan, "Simultaneous Hardcore Bits and Cryptography against Memory Attacks," Proc. Sixth Theory of Cryptography Conf. Theory of Cryptography (TCC), O. Reingold, ed., pp. 474-495, 2009.
[3] Y. Desmedt and Y. Frankel, "Threshold Cryptosystems," Proc. Ninth Ann. Int'l Cryptology Conf. Advances in Cryptology, pp. 307-315, 1990.
[4] R. Ostrovsky and M. Yung, "How to Withstand Mobile Virus Attacks (Extended Abstract)," Proc. 10th Ann. ACM Symp. Principles of Distributed Computing (PODC '91), pp. 51-59, 1991.
[5] R. Anderson, "On the Forward Security of Digital Signatures," technical report, 1997.
[6] M. Bellare and S. Miner, "A Forward-Secure Digital Signature Scheme," Crypto '99: Proc. 19th Ann. Int'l Cryptology Conf. Advances in Cryptology, M. Wiener, ed., pp. 431-448, 1999.
[7] Y. Dodis, J. Katz, S. Xu, and M. Yung, "Strong Key-Insulated Signature Schemes," Proc. Sixth Int'l Workshop Theory and Practice in Public Key Cryptography (PKC '03), pp. 130-144, 2003.
[8] G. Itkis and L. Reyzin, "SiBIR: Signer-Base Intrusion-Resilient Signatures," CRYPTO '02: Proc. 22nd Ann. Int'l Cryptology Conf. Advances in Cryptology, pp. 499-514, 2002.
[9] B. Yee, "Using Secure Coprocessors," PhD thesis, Carnegie Mellon Univ., May 1994.
[10] P. Loscocco, S. Smalley, P. Muckelbauer, R. Taylor, S. Turner, and J. Farrell, "The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments," Proc. 21st Nat'l Information Systems Security Conf. (NISSC '98), 1998.
[11] S. Xu and M. Yung, "Expecting the Unexpected: Towards Robust Credential Infrastructure," Proc. Int'l Conf. Financial Cryptography and Data Security (FC '09), Feb. 2009.
[12] Z. Wang and X. Jiang, "Hypersafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity," Proc. IEEE Symp. Security and Privacy, pp. 380-395, 2010.
[13] A. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N. Skalsky, "Hypersentry: Enabling Stealthy In-Context Measurement of Hypervisor Integrity," Proc. ACM Conf. Computer and Comm. Security, pp. 38-49, 2010.
[14] G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D.C.P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood, "Sel4: Formal Verification of an os Kernel," Proc. ACM SIGOPS 22nd Symp. Operating Systems Principles (SOSP '09), 2009.
[15] U. Steinberg and B. Kauer, "Nova: A Microhypervisor-Based Secure Virtualization Architecture," Proc. Fifth European Conf. Computer systems (EuroSys '10), 2010.
[16] J. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig, "TrustVisor: Efficient TCB Reduction and Attestation," Proc. IEEE Symp. Security and Privacy, 2010.
[17] A. Kivity, Y. Kamay, D. Laor, U. Lublin, and A. Liguori, "Kvm: The Linux Virtual Machine Monitor," Proc. Linux Symp., 2007.
[18] C. Systems, "Xen Project." http:/www.xen.org/, 2011.
[19] C. Systems, "Citrix Xenserver." http://www.citrix.com xenserver, 2011.
[20] R. Oglesby and S. Herold, VMware ESX Server: Advanced Technical Design Guide, Advanced Technical Design Guide Series. The Brian Madden Company, 2005.
[21] C. Chauba, "The Architecture of Vmware Esxi," VMware White Paper, 2008.
[22] Microsoft, "Windows Server 2008 r2 Hyper-V." http://www. microsoft.com/en-us/server-cloud/ windows-server hyper-v.aspx, 2010.
[23] T.C. Group https:/www.trustedcomputinggroup.org/, 2012.
[24] E. Brickell, J. Camenisch, and L. Chen, "Direct Anonymous Attestation," Proc. 11th ACM Conf. Computer and Comm. Security (CCS '04), pp. 132-145, 2004.
[25] R. Ta-Min, L. Litty, and D. Lie, "Splitting Interfaces: Making Trust between Applications and Operating Systems Configurable," Proc. Seventh Symp. Operating Systems Design and Implementation (OSDI '06), pp. 279-292, 2006.
[26] T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh, "Terra: A Virtual Machine-Based Platform for Trusted Computing," ACM SIGOPS Operating Systems Rev., vol. 37, no. 5, pp. 193-206, Oct., 2003.
[27] M. Armbrust, A. Fox, R. Griffith, A. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, "Above the Clouds: A Berkeley View of Cloud Computing," technical report, EECS Dept., Univ. of California, Berkeley, Feb. 2009.
[28] H. Lagar-Cavilla, J. Whitney, A. Scannell, P. Patchin, S. Rumble, E. de Lara, M. Brudno, and M. Satyanarayanan, "Snowflock: Rapid Virtual Machine Cloning for Cloud Computing," Proc. Fourth ACM European Conf. Computer Systems (EuroSys '09), pp. 1-12, 2009.
[29] K. Xu, H. Xiong, C. Wu, D. Stefan, and D. Yaoxyd, "Data-Provenance Verification for Secure Hosts," IEEE Trans. Dependable and Secure Computing, vol. 9, no. 2, pp. 173-183, Mar./Apr. 2012.
[30] H. Almohri, D. Yao, and D. Kafura, "Identifying Native Applications with High Assurance," Proc. ACM Conf. Data and Application Security and Privacy (CODASPY '12), 2012.
[31] X. Chen, T. Garfinkel, E.C. Lewis, P. Subrahmanyam, C.A. Waldspurger, D. Boneh, J. Dwoskin, and D.R. Ports, "Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems," ASPLOS XIII: Proc. 13th Int'l Conf. Architectural Support for Programming Languages and Operating Systems, pp. 2-13, 2008.
[32] J. Yang and K. Shin, "Using Hypervisor to Provide Data Secrecy for User Applications on a Per-Page Basis," Proc. Fourth Int'l Conf. Virtual Execution Environments (VEE '08), pp. 71-80, 2008.
[33] J. McCune, B. Parno, A. Perrig, M. Reiter, and H. Isozaki, "Flicker: An Execution Infrastructure for Tcb Minimization," Proc. ACM European Conf. Computer Systems (EuroSys '08), 2008.
[34] Intel, "Intel Trusted Execution Technology mle Developers Guide," http://www.intel.com/technologysecurity/, June 2008.
[35] AMD, "Amd64 Virtualization: Secure Virtual Machine Architecture Reference Manual," AMD Publication no. 33047 Rev. 3.01, May 2005.
[36] J. Szefer, E. Keller, R. Lee, and J. Rexford, "Eliminating the Hypervisor Attack Surface for a More Secure Cloud," Proc. ACM Conf. Computer and Comm. Security, pp. 401-412, 2011.
[37] A. Azab, P. Ning, and X. Zhang, "Sice: A Hardware-Level Strongly Isolated Computing Environment for x86 Multi-Core Platforms," Proc. 18th ACM Conf. Computer and Comm. Security (CCS '11), pp. 375-388, 2011.
[38] J. Szefer and R. Lee, "Architectural Support for Hypervisor-Secure Virtualization," Proc. Int'l Conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2012.
27 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool