Enhancing Data Trustworthiness via Assured Digital Signing

Enhancing Data Trustworthiness via Assured Digital Signing

Digital signatures are an important mechanism for ensuring data trustworthiness via source authenticity, integrity, and source nonrepudiation. However, their trustworthiness guarantee can be subverted in the real world by sophisticated attacks, which can obtain cryptographically legitimate digital s...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on dependable and secure computing 2012-11, Vol.9 (6), p.838-851
Hauptverfasser: Weiqi Dai, Parker, T. P., Hai Jin, Shouhuai Xu
Format: Artikel
Sprache:eng
Schlagworte:
Computation
cryptographic assurance
Cryptography
Data integrity
Data trustworthiness
Digital
Digital signatures
Malware
Mathematical models
Operating systems
Public Key Infrastructure
Signatures
Studies
system-based assurance
Trustworthiness
Virtual machine monitors
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 851
container_issue 6
container_start_page 838
container_title IEEE transactions on dependable and secure computing
container_volume 9
creator Weiqi Dai
Parker, T. P.
Hai Jin
Shouhuai Xu
description Digital signatures are an important mechanism for ensuring data trustworthiness via source authenticity, integrity, and source nonrepudiation. However, their trustworthiness guarantee can be subverted in the real world by sophisticated attacks, which can obtain cryptographically legitimate digital signatures without actually compromising the private signing key. This problem cannot be adequately addressed by a purely cryptographic approach, by the revocation mechanism of Public Key Infrastructure (PKI) because it may take a long time to detect the compromise, or by using tamper-resistant hardware because the attacker does not need to compromise the hardware. This problem will become increasingly more important and evident because of stealthy malware (or Advanced Persistent Threats). In this paper, we propose a novel solution, dubbed Assured Digital Signing (ADS), to enhancing the data trustworthiness vouched by digital signatures. In order to minimize the modifications to the Trusted Computing Base (TCB), ADS simultaneously takes advantage of trusted computing and virtualization technologies. Specifically, ADS allows a signature verifier to examine not only a signature's cryptographic validity but also its system security validity that the private signing key and the signing function are secure, despite the powerful attack that the signing application program and the general-purpose Operating System (OS) kernel are malicious. The modular design of ADS makes it application-transparent (i.e., no need to modify the application source code in order to deploy it) and almost hypervisor-independent (i.e., it can be implemented with any Type I hypervisor). To demonstrate the feasibility of ADS, we report the implementation and analysis of an Xen-based ADS system.
doi_str_mv 10.1109/TDSC.2012.71
format Article
fullrecord <record><control><sourceid>proquest_RIE</sourceid><recordid>TN_cdi_proquest_miscellaneous_1136439386</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6261326</ieee_id><sourcerecordid>2992169991</sourcerecordid><originalsourceid>FETCH-LOGICAL-c316t-4c53d846f212db2b407f2f575c67f8b4c80aad9a2fea91268052aa3c6e9d77b33</originalsourceid><addsrcrecordid>eNpd0D1PwzAQBmALgUQpbGwskVgYSPHZjh2zVW35kCoxtMyW4zitq9QpdgLi35MqiIHpbnje0-lF6BrwBADLh_V8NZsQDGQi4ASNQDJIMYb8tN8zlqWZFHCOLmLcYUxYLtkIPS78Vnvj_CaZ61Yn69DF9qsJ7dZ5G2Py6XQyjbELtkzmbuNaXScrt_F94BKdVbqO9up3jtH702I9e0mXb8-vs-kyNRR4mzKT0TJnvCJAyoIUDIuKVJnIDBdVXjCTY61LqUlltQTCc5wRranhVpZCFJSO0d1w9xCaj87GVu1dNLautbdNFxUA5YxKmvOe3v6ju6YLvv9O9YgDYYO6H5QJTYzBVuoQ3F6HbwVYHYtUxyLVsUgloOc3A3fW2j_KCQdKOP0BN-VtIQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1366124386</pqid></control><display><type>article</type><title>Enhancing Data Trustworthiness via Assured Digital Signing</title><source>IEEE Electronic Library (IEL)</source><creator>Weiqi Dai ; Parker, T. P. ; Hai Jin ; Shouhuai Xu</creator><creatorcontrib>Weiqi Dai ; Parker, T. P. ; Hai Jin ; Shouhuai Xu</creatorcontrib><description>Digital signatures are an important mechanism for ensuring data trustworthiness via source authenticity, integrity, and source nonrepudiation. However, their trustworthiness guarantee can be subverted in the real world by sophisticated attacks, which can obtain cryptographically legitimate digital signatures without actually compromising the private signing key. This problem cannot be adequately addressed by a purely cryptographic approach, by the revocation mechanism of Public Key Infrastructure (PKI) because it may take a long time to detect the compromise, or by using tamper-resistant hardware because the attacker does not need to compromise the hardware. This problem will become increasingly more important and evident because of stealthy malware (or Advanced Persistent Threats). In this paper, we propose a novel solution, dubbed Assured Digital Signing (ADS), to enhancing the data trustworthiness vouched by digital signatures. In order to minimize the modifications to the Trusted Computing Base (TCB), ADS simultaneously takes advantage of trusted computing and virtualization technologies. Specifically, ADS allows a signature verifier to examine not only a signature's cryptographic validity but also its system security validity that the private signing key and the signing function are secure, despite the powerful attack that the signing application program and the general-purpose Operating System (OS) kernel are malicious. The modular design of ADS makes it application-transparent (i.e., no need to modify the application source code in order to deploy it) and almost hypervisor-independent (i.e., it can be implemented with any Type I hypervisor). To demonstrate the feasibility of ADS, we report the implementation and analysis of an Xen-based ADS system.</description><identifier>ISSN: 1545-5971</identifier><identifier>EISSN: 1941-0018</identifier><identifier>DOI: 10.1109/TDSC.2012.71</identifier><identifier>CODEN: ITDSCM</identifier><language>eng</language><publisher>Washington: IEEE</publisher><subject>Computation ; cryptographic assurance ; Cryptography ; Data integrity ; Data trustworthiness ; Digital ; Digital signatures ; Malware ; Mathematical models ; Operating systems ; Public Key Infrastructure ; Signatures ; Studies ; system-based assurance ; Trustworthiness ; Virtual machine monitors</subject><ispartof>IEEE transactions on dependable and secure computing, 2012-11, Vol.9 (6), p.838-851</ispartof><rights>Copyright IEEE Computer Society Nov/Dec 2012</rights><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c316t-4c53d846f212db2b407f2f575c67f8b4c80aad9a2fea91268052aa3c6e9d77b33</citedby><cites>FETCH-LOGICAL-c316t-4c53d846f212db2b407f2f575c67f8b4c80aad9a2fea91268052aa3c6e9d77b33</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6261326$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,792,27901,27902,54733</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6261326$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Weiqi Dai</creatorcontrib><creatorcontrib>Parker, T. P.</creatorcontrib><creatorcontrib>Hai Jin</creatorcontrib><creatorcontrib>Shouhuai Xu</creatorcontrib><title>Enhancing Data Trustworthiness via Assured Digital Signing</title><title>IEEE transactions on dependable and secure computing</title><addtitle>TDSC</addtitle><description>Digital signatures are an important mechanism for ensuring data trustworthiness via source authenticity, integrity, and source nonrepudiation. However, their trustworthiness guarantee can be subverted in the real world by sophisticated attacks, which can obtain cryptographically legitimate digital signatures without actually compromising the private signing key. This problem cannot be adequately addressed by a purely cryptographic approach, by the revocation mechanism of Public Key Infrastructure (PKI) because it may take a long time to detect the compromise, or by using tamper-resistant hardware because the attacker does not need to compromise the hardware. This problem will become increasingly more important and evident because of stealthy malware (or Advanced Persistent Threats). In this paper, we propose a novel solution, dubbed Assured Digital Signing (ADS), to enhancing the data trustworthiness vouched by digital signatures. In order to minimize the modifications to the Trusted Computing Base (TCB), ADS simultaneously takes advantage of trusted computing and virtualization technologies. Specifically, ADS allows a signature verifier to examine not only a signature's cryptographic validity but also its system security validity that the private signing key and the signing function are secure, despite the powerful attack that the signing application program and the general-purpose Operating System (OS) kernel are malicious. The modular design of ADS makes it application-transparent (i.e., no need to modify the application source code in order to deploy it) and almost hypervisor-independent (i.e., it can be implemented with any Type I hypervisor). To demonstrate the feasibility of ADS, we report the implementation and analysis of an Xen-based ADS system.</description><subject>Computation</subject><subject>cryptographic assurance</subject><subject>Cryptography</subject><subject>Data integrity</subject><subject>Data trustworthiness</subject><subject>Digital</subject><subject>Digital signatures</subject><subject>Malware</subject><subject>Mathematical models</subject><subject>Operating systems</subject><subject>Public Key Infrastructure</subject><subject>Signatures</subject><subject>Studies</subject><subject>system-based assurance</subject><subject>Trustworthiness</subject><subject>Virtual machine monitors</subject><issn>1545-5971</issn><issn>1941-0018</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2012</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpd0D1PwzAQBmALgUQpbGwskVgYSPHZjh2zVW35kCoxtMyW4zitq9QpdgLi35MqiIHpbnje0-lF6BrwBADLh_V8NZsQDGQi4ASNQDJIMYb8tN8zlqWZFHCOLmLcYUxYLtkIPS78Vnvj_CaZ61Yn69DF9qsJ7dZ5G2Py6XQyjbELtkzmbuNaXScrt_F94BKdVbqO9up3jtH702I9e0mXb8-vs-kyNRR4mzKT0TJnvCJAyoIUDIuKVJnIDBdVXjCTY61LqUlltQTCc5wRranhVpZCFJSO0d1w9xCaj87GVu1dNLautbdNFxUA5YxKmvOe3v6ju6YLvv9O9YgDYYO6H5QJTYzBVuoQ3F6HbwVYHYtUxyLVsUgloOc3A3fW2j_KCQdKOP0BN-VtIQ</recordid><startdate>20121101</startdate><enddate>20121101</enddate><creator>Weiqi Dai</creator><creator>Parker, T. P.</creator><creator>Hai Jin</creator><creator>Shouhuai Xu</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20121101</creationdate><title>Enhancing Data Trustworthiness via Assured Digital Signing</title><author>Weiqi Dai ; Parker, T. P. ; Hai Jin ; Shouhuai Xu</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c316t-4c53d846f212db2b407f2f575c67f8b4c80aad9a2fea91268052aa3c6e9d77b33</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2012</creationdate><topic>Computation</topic><topic>cryptographic assurance</topic><topic>Cryptography</topic><topic>Data integrity</topic><topic>Data trustworthiness</topic><topic>Digital</topic><topic>Digital signatures</topic><topic>Malware</topic><topic>Mathematical models</topic><topic>Operating systems</topic><topic>Public Key Infrastructure</topic><topic>Signatures</topic><topic>Studies</topic><topic>system-based assurance</topic><topic>Trustworthiness</topic><topic>Virtual machine monitors</topic><toplevel>online_resources</toplevel><creatorcontrib>Weiqi Dai</creatorcontrib><creatorcontrib>Parker, T. P.</creatorcontrib><creatorcontrib>Hai Jin</creatorcontrib><creatorcontrib>Shouhuai Xu</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology &amp; Engineering</collection><collection>Engineering Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on dependable and secure computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Weiqi Dai</au><au>Parker, T. P.</au><au>Hai Jin</au><au>Shouhuai Xu</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Enhancing Data Trustworthiness via Assured Digital Signing</atitle><jtitle>IEEE transactions on dependable and secure computing</jtitle><stitle>TDSC</stitle><date>2012-11-01</date><risdate>2012</risdate><volume>9</volume><issue>6</issue><spage>838</spage><epage>851</epage><pages>838-851</pages><issn>1545-5971</issn><eissn>1941-0018</eissn><coden>ITDSCM</coden><abstract>Digital signatures are an important mechanism for ensuring data trustworthiness via source authenticity, integrity, and source nonrepudiation. However, their trustworthiness guarantee can be subverted in the real world by sophisticated attacks, which can obtain cryptographically legitimate digital signatures without actually compromising the private signing key. This problem cannot be adequately addressed by a purely cryptographic approach, by the revocation mechanism of Public Key Infrastructure (PKI) because it may take a long time to detect the compromise, or by using tamper-resistant hardware because the attacker does not need to compromise the hardware. This problem will become increasingly more important and evident because of stealthy malware (or Advanced Persistent Threats). In this paper, we propose a novel solution, dubbed Assured Digital Signing (ADS), to enhancing the data trustworthiness vouched by digital signatures. In order to minimize the modifications to the Trusted Computing Base (TCB), ADS simultaneously takes advantage of trusted computing and virtualization technologies. Specifically, ADS allows a signature verifier to examine not only a signature's cryptographic validity but also its system security validity that the private signing key and the signing function are secure, despite the powerful attack that the signing application program and the general-purpose Operating System (OS) kernel are malicious. The modular design of ADS makes it application-transparent (i.e., no need to modify the application source code in order to deploy it) and almost hypervisor-independent (i.e., it can be implemented with any Type I hypervisor). To demonstrate the feasibility of ADS, we report the implementation and analysis of an Xen-based ADS system.</abstract><cop>Washington</cop><pub>IEEE</pub><doi>10.1109/TDSC.2012.71</doi><tpages>14</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 1545-5971
ispartof IEEE transactions on dependable and secure computing, 2012-11, Vol.9 (6), p.838-851
issn 1545-5971
1941-0018
language eng
recordid cdi_proquest_miscellaneous_1136439386
source IEEE Electronic Library (IEL)
subjects Computation
cryptographic assurance
Cryptography
Data integrity
Data trustworthiness
Digital
Digital signatures
Malware
Mathematical models
Operating systems
Public Key Infrastructure
Signatures
Studies
system-based assurance
Trustworthiness
Virtual machine monitors
title Enhancing Data Trustworthiness via Assured Digital Signing
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-03T02%3A46%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Enhancing%20Data%20Trustworthiness%20via%20Assured%20Digital%20Signing&rft.jtitle=IEEE%20transactions%20on%20dependable%20and%20secure%20computing&rft.au=Weiqi%20Dai&rft.date=2012-11-01&rft.volume=9&rft.issue=6&rft.spage=838&rft.epage=851&rft.pages=838-851&rft.issn=1545-5971&rft.eissn=1941-0018&rft.coden=ITDSCM&rft_id=info:doi/10.1109/TDSC.2012.71&rft_dat=%3Cproquest_RIE%3E2992169991%3C/proquest_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1366124386&rft_id=info:pmid/&rft_ieee_id=6261326&rfr_iscdi=true