Eindhoven University of Technology MASTER Cryptography as a service in a cloud computing environment Ideler, H.A.W. Award date: 2013 Link to publication Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student at Eindhoven University of Technology. Student theses are made available in the TU/e repository upon obtaining the required degree. The grade received is not published on the document as presented in the repository. The required complexity or quality of research of student theses may vary by program, and the required minimum study period may vary in duration. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain EINDHOVEN UNIVERSITY OF TECHNOLOGY Department of Mathematics and Computing Science MASTER’S THESIS Cryptography as a service in a cloud computing environment Hugo a.w. Ideler Eindhoven, December 2012 Supervisors: Prof. dr. Milan Petković∗ Prof. dr.-ing. Ahmad-Reza Sadeghi† Instructors: MSc. Sven Bugiel† MSc. Stefan Nürnberger† ∗Eindhoven University of technology †Center for Advanced Security Research Darmstadt (cased) ii Abstract Nowadays, a serious concern about cloud computing is the protection of clients’ data and computations against various attacks from the cloud provider’s side as well as outsiders. Moreover, cloud consumers are rather limited in implement- ing, deploying and controlling their own security solutions in the cloud. In this thesis, we present a cloud architecture which en- ables cloud consumers to securely deploy and run virtual machines in the cloud, in which the complete deployment lifecycle is considered, and with a special focus on both the malicious insider as well as the external attacker. Our imple- mentation, which is based on the Xen hypervisor, revolves around three core modifications to the status quo. First, the clients’ cryptographic operations run in an isolated client-specific secure execution domain, protected from cloud administrators and outside attackers having gained access to a vm’s data. Second, we present a design that guards the confidentiality and integrity of a user’s vm as a whole against the cloud administrator. This is achieved by enforcing stronger access control and by noninvasive modifications to the Xen architecture. Third, we extend Xen with a design for secure credentials provisioning by leveraging standard trusted computing technology, enabling cloud consumers to always be in control of the access to, and usage of, their cryptographic credentials in the cloud. We evaluate our implementation in a lab setup. In addi- tion, we perform rudimentary experiments in the ec2 public cloud to the extend possible with the constraints imposed by the cloud provider. iii Acknowledgements This thesis is the result of my graduation project at the Center for Advanced Security Research Darmstadt (cased) in cooperation with the Eindhoven University of Technology. I wish to thank my supervisor from Darmstadt, prof. Ahmad-Reza Sadeghi, under whose supervision and guidance I was able to work on a highly interesting and intriguing topic. Furthermore, I am deeply grateful to my instructors, Sven Bugiel and Stefan Nürnberger, on whom I could always rely during my months in Darmstadt to help me out with feedback and fruitful discussions. It was a great pleasure for me to work with them. Finally, I expressly thank my Eindhoven supervisor, prof. Milan Petković, for giving me the opportunity to do my master’s thesis at a different university and for his continuous support during the whole project. Hugo a.w. Ideler Darmstadt, Germany December 2012 iv Contents Abstract iii Acknowledgements iv 1. Introduction1 2. Background information4 2.1. Introduction to virtualization...................4 2.1.1. Virtualization technologies................5 2.1.2. Virtualization techniques.................6 2.1.3. Memory virtualization...................9 2.2. Introduction to the Xen hypervisor................ 10 2.2.1. Virtual devices....................... 11 2.2.2. Tools............................ 14 2.2.3. Xen security........................ 15 2.3. Introduction to trusted computing................ 17 2.3.1. Core concepts........................ 17 2.3.2. Operations......................... 20 3. Problem description 25 3.1. Attacker model........................... 25 3.1.1. Attack channels....................... 25 3.1.2. Assumptions........................ 27 3.1.3. Adversaries......................... 28 3.2. Requirements............................ 29 3.2.1. Security objectives..................... 29 3.2.2. List of requirements.................... 30 4. Related work 31 4.1. Virtualizing the tpm ........................ 31 4.2. Property-based tpm virtualization................ 33 4.3. Disaggregating dom0 ........................ 35 4.4. The Xoar design.......................... 37 v Contents 4.5. The nova microhypervisor.................... 38 4.6. Cloud trust anchors........................ 41 4.7. The Cloudvisor design....................... 42 4.8. Self-service cloud computing.................... 44 5. Architecture 46 5.1. Introduction............................. 46 5.2. Design................................ 48 5.2.1. Cryptographic assistance domain............. 48 5.2.2. Hypervisor access control................. 49 5.2.3. Trusted domain builder.................. 50 5.3. Key provisioning.......................... 51 5.3.1. The basic scheme...................... 51 5.3.2. The cloud verifier scheme................. 55 6. Implementation 59 6.1. Components............................. 59 6.2. Caas bootstrapping........................ 61 6.2.1. Initialization........................ 61 6.2.2. Starting a vm ........................ 65 7. Evaluations 69 7.1. Magnitude of the tcb ....................... 69 7.2. Access control............................ 71 7.3. Passthrough encryption...................... 72 7.3.1. Discussion of results.................... 73 7.3.2. Measurement conclusions................. 74 7.4. Experiments in the public cloud.................. 78 8. Future work 80 9. Conclusions 82 A. Further introduction to Xen 84 A.1. Xen components.......................... 84 A.2. Mini-os ............................... 87 B. Implementation details 89 B.1. Overview.............................. 89 B.2. Data structures........................... 92 vi Contents B.3. Deprivileged management domain................ 94 B.3.1. The xsm framework.................... 96 B.3.2. The caas security module................. 96 B.4. Virtual filesystem driver...................... 99 B.4.1. The caas vfs bridge.................... 99 B.5. Domain builder port........................ 101 B.5.1. The caas domain builder................. 102 B.5.2. Inter-vm pipe........................ 104 B.6. Direct booting of domt in conjunction with dom0 ....... 105 B.6.1. Tboot............................ 105 B.6.2. Direct booting of domt .................. 106 B.7. Trusted platform module driver.................. 108 B.8. Passthrough encryption...................... 108 B.8.1. Cryptography........................ 110 B.8.2. Domc back-end driver................... 112 B.8.3. Applying passthrough encryption............. 112 B.9. vtpms and pv-tgrub ....................... 114 B.10.Services............................... 115 B.10.1. User vm deployment tool................. 115 C. Details on the use of TBoot 117 D. Xenstore device handshaking 120 E. Xenstore security 122 F. Xen hypercalls 123 G. XSM hooks 133 Bibliography 135 Acronyms 143 Index of symbols and identifiers 146 Index of concepts 151 vii List of Figures 2.1. Schematic virtualization overview with hypervisor categories..5 2.2. Protection rings in native and paravirtualized environments..8 2.3. The three layers of memory virtualization............9 2.4. A typical Xen setup........................ 12 2.5. Schematic tpm overview...................... 17 2.6. Chain of trust in an authenticated boot............. 18 3.1. Attack channels........................... 26 4.1. Virtualized tpm architecture................... 32 4.2. Virtualized property-based tpm .................. 34 4.3. Domain builder overview...................... 36 4.4. Overview of various trusted computing bases.......... 38 4.5. Nova architecture......................... 39 4.6. The cloud verifier design...................... 41 5.1. Example of segregating and isolating keys............ 47 5.2. The chicken-and-egg problem with key deployment....... 47 5.3. High-level overview of the caas architecture........... 49 5.4. Tpm interactions in plain scenario................ 52 5.5. Trusted deployment of vm to the cloud.............. 56 6.1. Overview of the components to be discussed in this chapter.. 60 6.2. Bootstrapping the hypervisor securely.............. 62 6.3. The hypervisor boots the two primary work domains...... 63 6.4. Initialization of the two primary work domains......... 64 6.5. Starting a vm ............................ 65 6.6. The building of a vm ........................ 66 6.7. The caas design in operation................... 68 7.2. A comparison of the distribution of Xen hypercalls with