The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Devido à reforma legal sobre a proteção de informações pessoais nos EUA/Japão e à aplicação do Regulamento Geral de Proteção de Dados (GDPR) na Europa, os prestadores de serviços são obrigados a gerir de forma mais segura os dados sensíveis armazenados nos seus servidores. Para proteger este tipo de dados, eles geralmente empregam um esquema de criptografia criptográfica e esquemas seguros de gerenciamento de chaves, como um Módulo de Segurança de Hardware (HSM) e um Módulo de Plataforma Confiável (TPM). Neste artigo, adotamos uma abordagem diferente, baseada na cifra espacial. A cifra espacial tem uma propriedade interessante chamada dureza espacial. A dureza do espaço garante segurança suficiente contra o adversário que obtém uma parte dos dados-chave, por exemplo, 1/4 dos dados-chave. Combinado com uma técnica simples de monitoramento de rede, desenvolvemos um esquema prático de resiliência a vazamentos Virtual Vault, que é seguro contra o adversário do snapshot que tem acesso total à memória do servidor por um curto período. É importante ressaltar que o Virtual Vault pode ser implantado apenas por um dispositivo de baixo preço para monitoramento de rede, por exemplo, switch L2, e software de criptografia de espaço rígido e analisador de pacotes, enquanto as soluções típicas exigem um hardware dedicado para gerenciamento seguro de chaves, como HSM e TPM. Assim, o Virtual Vault é facilmente adicionado aos servidores existentes que não possuem esse hardware dedicado.
Yuji KOIKE
University of Hyogo
Takuya HAYASHI
Digital Garage, Inc.
Jun KURIHARA
University of Hyogo
Takanori ISOBE
University of Hyogo,National Institute of Information and Communications Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Yuji KOIKE, Takuya HAYASHI, Jun KURIHARA, Takanori ISOBE, "Virtual Vault: A Practical Leakage Resilient Scheme Using Space-Hard Ciphers" in IEICE TRANSACTIONS on Fundamentals,
vol. E104-A, no. 1, pp. 182-189, January 2021, doi: 10.1587/transfun.2020CIP0026.
Abstract: Due to the legal reform on the protection of personal information in US/Japan and the enforcement of the General Data Protection Regulation (GDPR) in Europe, service providers are obliged to more securely manage the sensitive data stored in their server. In order to protect this kind of data, they generally employ a cryptographic encryption scheme and secure key management schemes such as a Hardware Security Module (HSM) and Trusted Platform Module (TPM). In this paper, we take a different approach based on the space-hard cipher. The space-hard cipher has an interesting property called the space hardness. Space hardness guarantees sufficient security against the adversary who gains a part of key data, e.g., 1/4 of key data. Combined with a simple network monitoring technique, we develop a practical leakage resilient scheme Virtual Vault, which is secure against the snapshot adversary who has full access to the memory in the server for a short period. Importantly, Virtual Vault is deployable by only a low-price device for network monitoring, e.g. L2 switch, and software of space-hard ciphers and packet analyzer, while typical solutions require a dedicated hardware for secure key managements such as HSM and TPM. Thus, Virtual Vault is easily added on the existing servers which do not have such dedicated hardware.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.2020CIP0026/_p
Copiar
@ARTICLE{e104-a_1_182,
author={Yuji KOIKE, Takuya HAYASHI, Jun KURIHARA, Takanori ISOBE, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Virtual Vault: A Practical Leakage Resilient Scheme Using Space-Hard Ciphers},
year={2021},
volume={E104-A},
number={1},
pages={182-189},
abstract={Due to the legal reform on the protection of personal information in US/Japan and the enforcement of the General Data Protection Regulation (GDPR) in Europe, service providers are obliged to more securely manage the sensitive data stored in their server. In order to protect this kind of data, they generally employ a cryptographic encryption scheme and secure key management schemes such as a Hardware Security Module (HSM) and Trusted Platform Module (TPM). In this paper, we take a different approach based on the space-hard cipher. The space-hard cipher has an interesting property called the space hardness. Space hardness guarantees sufficient security against the adversary who gains a part of key data, e.g., 1/4 of key data. Combined with a simple network monitoring technique, we develop a practical leakage resilient scheme Virtual Vault, which is secure against the snapshot adversary who has full access to the memory in the server for a short period. Importantly, Virtual Vault is deployable by only a low-price device for network monitoring, e.g. L2 switch, and software of space-hard ciphers and packet analyzer, while typical solutions require a dedicated hardware for secure key managements such as HSM and TPM. Thus, Virtual Vault is easily added on the existing servers which do not have such dedicated hardware.},
keywords={},
doi={10.1587/transfun.2020CIP0026},
ISSN={1745-1337},
month={January},}
Copiar
TY - JOUR
TI - Virtual Vault: A Practical Leakage Resilient Scheme Using Space-Hard Ciphers
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 182
EP - 189
AU - Yuji KOIKE
AU - Takuya HAYASHI
AU - Jun KURIHARA
AU - Takanori ISOBE
PY - 2021
DO - 10.1587/transfun.2020CIP0026
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E104-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2021
AB - Due to the legal reform on the protection of personal information in US/Japan and the enforcement of the General Data Protection Regulation (GDPR) in Europe, service providers are obliged to more securely manage the sensitive data stored in their server. In order to protect this kind of data, they generally employ a cryptographic encryption scheme and secure key management schemes such as a Hardware Security Module (HSM) and Trusted Platform Module (TPM). In this paper, we take a different approach based on the space-hard cipher. The space-hard cipher has an interesting property called the space hardness. Space hardness guarantees sufficient security against the adversary who gains a part of key data, e.g., 1/4 of key data. Combined with a simple network monitoring technique, we develop a practical leakage resilient scheme Virtual Vault, which is secure against the snapshot adversary who has full access to the memory in the server for a short period. Importantly, Virtual Vault is deployable by only a low-price device for network monitoring, e.g. L2 switch, and software of space-hard ciphers and packet analyzer, while typical solutions require a dedicated hardware for secure key managements such as HSM and TPM. Thus, Virtual Vault is easily added on the existing servers which do not have such dedicated hardware.
ER -