Institutional Repository [SANDBOX]
Technical University of Crete
EN  |  EL

Search

Browse

My Space

The million dollar handshake: secure and attested communications in the cloud

Chalkiadakis Nikolaos, Deyannis Dimitris, Karnikis Dimitris, Vasiliadis Giorgos, Ioannidis Sotirios

Full record


URI: http://purl.tuc.gr/dl/dias/D0559E76-A652-4231-A068-48D0295D96F2
Year 2020
Type of Item Conference Publication
License
Details
Bibliographic Citation N. Chalkiadakis, D. Deyannis, D. Karnikis, G. Vasiliadis and S. Ioannidis, "The million dollar handshake: secure and attested communications in the cloud," in IEEE Int. Conf. Cloud Comp. CLOUD, 2020, pp. 63-70. doi: 10.1109/CLOUD49709.2020.00022. https://doi.org/10.1109/CLOUD49709.2020.00022
Appears in Collections

Summary

The number of applications and services that are hosted on cloud platforms is constantly increasing. Nowadays, more and more applications are hosted as services on cloud platforms, co-existing with other services in a mutually untrusted environment. Facilities such as virtual machines, containers and encrypted communication channels aim to offer isolation between the various applications and protect sensitive user data. However, such techniques are not always able to provide a secure execution environment for sensitive applications nor they offer guarantees that data are not monitored by an honest but curious provider once they reach the cloud infrastructure. The recent advancements of trusted execution environments within commodity processors, such as Intel SGX, provide a secure reverse sandbox, where code and data are isolated even from the underlying operating system. Moreover, Intel SGX provides a remote attestation mechanism, allowing the communicating parties to verify their identity as well as prove that code is executed on hardware-assisted software enclaves. Many approaches try to ensure code and data integrity, as well as enforce channel encryption schemes such as TLS, however, these techniques are not enough to achieve complete isolation and secure communications without hardware assistance or are not efficient in terms of performance. In this work, we design and implement a practical attestation system that allows the service provider to offer a seamless attestation service between the hosted applications and the end clients. Furthermore, we implement a novel caching system that is capable to eliminate the latencies introduced by the remote attestation process. Our approach allows the parties to attest one another before each communication attempt, with improved performance when compared to a standard TLS handshake.

Services

Statistics