Ιδρυματικό Αποθετήριο
Πολυτεχνείο Κρήτης
EN  |  EL

Αναζήτηση

Πλοήγηση

Ο Χώρος μου

The million dollar handshake: secure and attested communications in the cloud

Chalkiadakis Nikolaos, Deyannis Dimitris, Karnikis Dimitris, Vasiliadis Giorgos, Ioannidis Sotirios

Απλή Εγγραφή


URIhttp://purl.tuc.gr/dl/dias/D0559E76-A652-4231-A068-48D0295D96F2-
Αναγνωριστικόhttps://doi.org/10.1109/CLOUD49709.2020.00022-
Αναγνωριστικόhttps://ieeexplore.ieee.org/document/9284285-
Γλώσσαen-
Μέγεθος8 pagesen
ΤίτλοςThe million dollar handshake: secure and attested communications in the clouden
ΔημιουργόςChalkiadakis Nikolaosen
ΔημιουργόςDeyannis Dimitrisen
ΔημιουργόςKarnikis Dimitrisen
ΔημιουργόςVasiliadis Giorgosen
ΔημιουργόςIoannidis Sotiriosen
ΔημιουργόςΙωαννιδης Σωτηριοςel
ΕκδότηςInstitute of Electrical and Electronics Engineersen
ΠερίληψηThe number of applications and services that are hosted on cloud platforms is constantly increasing. Nowadays, more and more applications are hosted as services on cloud platforms, co-existing with other services in a mutually untrusted environment. Facilities such as virtual machines, containers and encrypted communication channels aim to offer isolation between the various applications and protect sensitive user data. However, such techniques are not always able to provide a secure execution environment for sensitive applications nor they offer guarantees that data are not monitored by an honest but curious provider once they reach the cloud infrastructure. The recent advancements of trusted execution environments within commodity processors, such as Intel SGX, provide a secure reverse sandbox, where code and data are isolated even from the underlying operating system. Moreover, Intel SGX provides a remote attestation mechanism, allowing the communicating parties to verify their identity as well as prove that code is executed on hardware-assisted software enclaves. Many approaches try to ensure code and data integrity, as well as enforce channel encryption schemes such as TLS, however, these techniques are not enough to achieve complete isolation and secure communications without hardware assistance or are not efficient in terms of performance. In this work, we design and implement a practical attestation system that allows the service provider to offer a seamless attestation service between the hosted applications and the end clients. Furthermore, we implement a novel caching system that is capable to eliminate the latencies introduced by the remote attestation process. Our approach allows the parties to attest one another before each communication attempt, with improved performance when compared to a standard TLS handshake.en
ΤύποςΔημοσίευση σε Συνέδριοel
ΤύποςConference Publicationen
Άδεια Χρήσηςhttp://creativecommons.org/licenses/by/4.0/en
Ημερομηνία2022-01-24-
Ημερομηνία Δημοσίευσης2020-
Θεματική ΚατηγορίαRemote attestationen
Θεματική ΚατηγορίαSecure communicationen
Θεματική ΚατηγορίαSecure enclavesen
Βιβλιογραφική ΑναφοράN. Chalkiadakis, D. Deyannis, D. Karnikis, G. Vasiliadis and S. Ioannidis, "The million dollar handshake: secure and attested communications in the cloud," in IEEE Int. Conf. Cloud Comp. CLOUD, 2020, pp. 63-70. doi: 10.1109/CLOUD49709.2020.00022.en

Υπηρεσίες

Στατιστικά