Abstract
Virtual trusted platform module (vTPM) is an important part in building trusted cloud environment. Aiming at the remediation of lack of effective security assurances of vTPM instances in the existing virtual TPM architecture, this paper presents a security-improved scheme for virtual TPM based on kernel- based virtual machine (KVM). By realizing the TPM2.0 specification in hardware and software, we add protection for vTPM’s secrets using the asymmetric encryption algorithm of TPM. This scheme supports the safety migration of a TPM key during VM-vTPM migration and the security association for different virtual machines (VMs) with vTPM instances. We implement a virtual trusted platform with higher security based on KVM virtual infrastructure. The experiments show that the proposed scheme can enhance the security of virtual trusted platform and has fewer additional performance loss for the VM migration with vTPM.
Similar content being viewed by others
References
Shen C X, Zhang H G, Wang H M, et al. Research and development of trusted computing [J]. Computer Technology and Development, 2010, 40(2): 139–166 (Ch).
Trusted Computing Group. TPM main specification [EB/OL]. [2015-03-10]. http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
Trusted Computing Group. Trusted computing platform alliance (TCP) [EB/OL]. [2015-03-14]. http://www.trustedc-omputinggroup.org/files/static_page_files/C2122862-1A4-BB294-D0289FD15408693D/TPM%20Rev%202.0%20Part% 201%20-%20Architecture%2001.07-2014-03-13.pdf.
Berger S, Cáceres R, Goldman K A, et al. vTPM: virtualizing the trusted platform module [C]//Processing of the 15th Usenix Security Symposium. Vancouver: USENIX Press, 2006: 305–320.
Sadeghi A R, Stüble C, Winandy M. Property-based TPM virtualization [C]//Proceedings of the 11th International Conference on Information Security. Berlin, Heidelberg: Springer-Verlag, 2008: 1–16.
Stumpf F, Eckert C, Balfe S. Towards secure e-commerce based on virtualization and attestation techniques [C]//Proceedings of the 3rd International Conference on Availability, Reliability and Security. Washington D C: IEEE Press, 2008: 376–382.
Wang Y C, Yang L, Sun W F. Implementation of IBM vTPM with Xen [J]. Journal of Military Communications Technology, 2010, 31(3): 67–71 (Ch).
Xen Open Source Community. XEN project[EB/OL]. [2015-05-20]. http://www.xen-project.org/.
Red Hat Inc. KVM: Kernel-based virtual machine[EB/OL]. [2015-05-20]. http://www.linux-kvm.org/page/Main_Page.
Bellard F. QEMU, a fast and portable dynamic translator [C]//Proceedings of the annual conference on USENIX Annual Technical Conference. Berkeley: USENIX Press, 2005: 41–46.
Bellard F. Open source processor emulator-QEMU [EB/OL]. [2015-05-20]. http://wiki.qemu.org.
Bellare M, Namprempre C. Authenticated encryption: relations among notions and analysis of the generic composition paradigm [J]. Journal of Cryptology, 2008, 21(4): 469–491.
Berger S, Cáceres R, Pendarakis D, et al. TVDc: Managing security in the trusted virtual datacenter [J]. Ibm Corporation, 2008, 42(1): 40–47.
Danev B, Masti R J, Karame G O, et al. Enabling secure VM-vTPM migration in private clouds [C]//Proceedings of the 27th Annual Computer Security Applications Conference. New York: ACM Press, 2011: 187–196.
Wallom D, Turilli M, Taylor G, et al. MyTrustedCloud: Trusted cloud infrastructure for security-critical computation and data managment [C]//Proceedings of the 2011 IEEE 3rd International Conference on Cloud Computing Technology and Science. New York: ACM Press, 2011: 247–254.
Cucurull J, Guasch S. Virtual TPM for a secure cloud: Fallacy or reality? [C]//Proceedings of the 13th Spanish Meeting on Cryptology and Information Security. Alicante: RECSI Press, 2014: 197–202.
Xu Y, Zhao B, Yu F J, et al. Security enhancement of key duplication in TPM 2.0 [J]. Journal of Wuhan University (Natural Science Edition), 2014, 60(6): 471–477 (Ch).
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the National Basic Research Program of China (973 Program) (2014CB340600), the National High Technology Research and Development Program of China (863 Program) (2015AA016002), the National Natural Science Foundation of China (61173138, 61272452, 61332018)
Biography: SHI Yuan, male, Ph.D. candidate, research direction: information system security.
Rights and permissions
About this article
Cite this article
Shi, Y., Zhao, B., Yu, Z. et al. A security-improved scheme for virtual TPM based on KVM. Wuhan Univ. J. Nat. Sci. 20, 505–511 (2015). https://doi.org/10.1007/s11859-015-1126-5
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-015-1126-5