Institutional Repository
Technical University of Crete
EN  |  EL

Search

Browse

My Space

The million dollar handshake: secure and attested communications in the cloud

Chalkiadakis Nikolaos, Deyannis Dimitris, Karnikis Dimitris, Vasiliadis Giorgos, Ioannidis Sotirios

Simple record


URIhttp://purl.tuc.gr/dl/dias/D0559E76-A652-4231-A068-48D0295D96F2-
Identifierhttps://doi.org/10.1109/CLOUD49709.2020.00022-
Identifierhttps://ieeexplore.ieee.org/document/9284285-
Languageen-
Extent8 pagesen
TitleThe million dollar handshake: secure and attested communications in the clouden
CreatorChalkiadakis Nikolaosen
CreatorDeyannis Dimitrisen
CreatorKarnikis Dimitrisen
CreatorVasiliadis Giorgosen
CreatorIoannidis Sotiriosen
CreatorΙωαννιδης Σωτηριοςel
PublisherInstitute of Electrical and Electronics Engineersen
Content SummaryThe number of applications and services that are hosted on cloud platforms is constantly increasing. Nowadays, more and more applications are hosted as services on cloud platforms, co-existing with other services in a mutually untrusted environment. Facilities such as virtual machines, containers and encrypted communication channels aim to offer isolation between the various applications and protect sensitive user data. However, such techniques are not always able to provide a secure execution environment for sensitive applications nor they offer guarantees that data are not monitored by an honest but curious provider once they reach the cloud infrastructure. The recent advancements of trusted execution environments within commodity processors, such as Intel SGX, provide a secure reverse sandbox, where code and data are isolated even from the underlying operating system. Moreover, Intel SGX provides a remote attestation mechanism, allowing the communicating parties to verify their identity as well as prove that code is executed on hardware-assisted software enclaves. Many approaches try to ensure code and data integrity, as well as enforce channel encryption schemes such as TLS, however, these techniques are not enough to achieve complete isolation and secure communications without hardware assistance or are not efficient in terms of performance. In this work, we design and implement a practical attestation system that allows the service provider to offer a seamless attestation service between the hosted applications and the end clients. Furthermore, we implement a novel caching system that is capable to eliminate the latencies introduced by the remote attestation process. Our approach allows the parties to attest one another before each communication attempt, with improved performance when compared to a standard TLS handshake.en
Type of ItemΔημοσίευση σε Συνέδριοel
Type of ItemConference Publicationen
Licensehttp://creativecommons.org/licenses/by/4.0/en
Date of Item2022-01-24-
Date of Publication2020-
SubjectRemote attestationen
SubjectSecure communicationen
SubjectSecure enclavesen
Bibliographic CitationN. Chalkiadakis, D. Deyannis, D. Karnikis, G. Vasiliadis and S. Ioannidis, "The million dollar handshake: secure and attested communications in the cloud," in IEEE Int. Conf. Cloud Comp. CLOUD, 2020, pp. 63-70. doi: 10.1109/CLOUD49709.2020.00022.en

Services

Statistics