On-demand bootstrapping mechanism for isolated cryptographic operations on commodity accelerators

General-Purpose computing on a Graphics Processing Unit (GPGPU) involves leveraging commodity GPUs as massively parallel processing units. GPGPU is an emerging computing paradigm for high-performance and data-intensive computations such as cryptographic operations. Although GPGPU is an attractive so...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Computers & security 2016-09, Vol.62, p.33-48
Hauptverfasser:	Kim, Yonggon, Kwon, Ohmin, Jang, Jinsoo, Jin, Seongwook, Baek, Hyeongboo, Kang, Brent Byunghoon, Yoon, Hyunsoo
Format:	Artikel
Sprache:	eng
Schlagworte:	Accelerators Bootstrap method Commodities Computation Computer information security Cryptographic key protection Cryptography GPGPU GPU security Graphics processing units Kernels Secure systems SMM Software services Studies Systems management Trusted computing technology Trustworthy execution
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	48
container_issue
container_start_page	33
container_title	Computers & security
container_volume	62
creator	Kim, Yonggon Kwon, Ohmin Jang, Jinsoo Jin, Seongwook Baek, Hyeongboo Kang, Brent Byunghoon Yoon, Hyunsoo
description	General-Purpose computing on a Graphics Processing Unit (GPGPU) involves leveraging commodity GPUs as massively parallel processing units. GPGPU is an emerging computing paradigm for high-performance and data-intensive computations such as cryptographic operations. Although GPGPU is an attractive solution for accelerating modern cryptographic operations, the security challenges that stem from utilizing commodity GPUs remain an unresolved problem. In this paper, we present an On-demand Bootstrapping Mechanism for Isolated cryptographic operations (OBMI). OBMI transforms commodity GPUs into a securely isolated processing core for various cryptographic operations while maintaining cost-effective computations. By leveraging System Management Mode (SMM), a privileged execution mode provided by x86 architectures, OBMI implements a program and a secret key into the GPU such that they are securely isolated during the acceleration of cryptographic operations, even in the presence of compromised kernels. Our approach does not require an additional hardware-abstraction layer such as a hypervisor or micro-kernel, and it does not entail modifying the GPU driver. An evaluation of the proposed OBMI demonstrated that even adversaries with kernel privileges cannot gain access to the secret key, and it also showed that the proposed mechanism incurs negligible performance degradation for both the CPU and GPU.
doi_str_mv	10.1016/j.cose.2016.06.006
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1855375220</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404816300712</els_id><sourcerecordid>1855375220</sourcerecordid><originalsourceid>FETCH-LOGICAL-c361t-51d624cc3700ef9f6be76608c71bd3551f7deb6c63567321eaf02c08507acdf53</originalsourceid><addsrcrecordid>eNp9kEtrWzEQhUVoIW7aP9CVIJturjvStR6GbkroCwLZJGshj-YmMr7SjSQX_O8r4666KAzMwHxnOHMY-yhgLUDoz_s15kpr2ec19AJ9xVbCGjloCfYNW_WFGTawsdfsXa17AGG0tSvmH9IQaPYp8F3OrbbilyWmZz4TvvgU68ynXHis-eAbBY7ltLT83KmXiDwvVHyLOVWeE8c8zznEduIekQ7nVS71PXs7-UOlD3_7DXv6_u3x7udw__Dj193X-wFHLdqgRNBygzgaAJq2k96R0RosGrELo1JiMoF2GvWotBmlID-BRLAKjMcwqfGGfbrcXUp-PVJtbo612zj4RPlYnbBKjUZJCR29_Qfd52NJ3V2n5HYzbq2QnZIXCkuutdDklhJnX05OgDun7vbunLo7p-6gF-gu-nIRUX_1d6TiKkZKSCEWwuZCjv-T_wGqY4y5</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1829439812</pqid></control><display><type>article</type><title>On-demand bootstrapping mechanism for isolated cryptographic operations on commodity accelerators</title><source>Elsevier ScienceDirect Journals</source><creator>Kim, Yonggon ; Kwon, Ohmin ; Jang, Jinsoo ; Jin, Seongwook ; Baek, Hyeongboo ; Kang, Brent Byunghoon ; Yoon, Hyunsoo</creator><creatorcontrib>Kim, Yonggon ; Kwon, Ohmin ; Jang, Jinsoo ; Jin, Seongwook ; Baek, Hyeongboo ; Kang, Brent Byunghoon ; Yoon, Hyunsoo</creatorcontrib><description>General-Purpose computing on a Graphics Processing Unit (GPGPU) involves leveraging commodity GPUs as massively parallel processing units. GPGPU is an emerging computing paradigm for high-performance and data-intensive computations such as cryptographic operations. Although GPGPU is an attractive solution for accelerating modern cryptographic operations, the security challenges that stem from utilizing commodity GPUs remain an unresolved problem. In this paper, we present an On-demand Bootstrapping Mechanism for Isolated cryptographic operations (OBMI). OBMI transforms commodity GPUs into a securely isolated processing core for various cryptographic operations while maintaining cost-effective computations. By leveraging System Management Mode (SMM), a privileged execution mode provided by x86 architectures, OBMI implements a program and a secret key into the GPU such that they are securely isolated during the acceleration of cryptographic operations, even in the presence of compromised kernels. Our approach does not require an additional hardware-abstraction layer such as a hypervisor or micro-kernel, and it does not entail modifying the GPU driver. An evaluation of the proposed OBMI demonstrated that even adversaries with kernel privileges cannot gain access to the secret key, and it also showed that the proposed mechanism incurs negligible performance degradation for both the CPU and GPU.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2016.06.006</identifier><identifier>CODEN: CPSEDU</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Accelerators ; Bootstrap method ; Commodities ; Computation ; Computer information security ; Cryptographic key protection ; Cryptography ; GPGPU ; GPU security ; Graphics processing units ; Kernels ; Secure systems ; SMM ; Software services ; Studies ; Systems management ; Trusted computing technology ; Trustworthy execution</subject><ispartof>Computers & security, 2016-09, Vol.62, p.33-48</ispartof><rights>2016 Elsevier Ltd</rights><rights>Copyright Elsevier Sequoia S.A. Sep 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c361t-51d624cc3700ef9f6be76608c71bd3551f7deb6c63567321eaf02c08507acdf53</citedby><cites>FETCH-LOGICAL-c361t-51d624cc3700ef9f6be76608c71bd3551f7deb6c63567321eaf02c08507acdf53</cites><orcidid>0000-0001-8500-0074</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S0167404816300712$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,776,780,3537,27901,27902,65306</link.rule.ids></links><search><creatorcontrib>Kim, Yonggon</creatorcontrib><creatorcontrib>Kwon, Ohmin</creatorcontrib><creatorcontrib>Jang, Jinsoo</creatorcontrib><creatorcontrib>Jin, Seongwook</creatorcontrib><creatorcontrib>Baek, Hyeongboo</creatorcontrib><creatorcontrib>Kang, Brent Byunghoon</creatorcontrib><creatorcontrib>Yoon, Hyunsoo</creatorcontrib><title>On-demand bootstrapping mechanism for isolated cryptographic operations on commodity accelerators</title><title>Computers & security</title><description>General-Purpose computing on a Graphics Processing Unit (GPGPU) involves leveraging commodity GPUs as massively parallel processing units. GPGPU is an emerging computing paradigm for high-performance and data-intensive computations such as cryptographic operations. Although GPGPU is an attractive solution for accelerating modern cryptographic operations, the security challenges that stem from utilizing commodity GPUs remain an unresolved problem. In this paper, we present an On-demand Bootstrapping Mechanism for Isolated cryptographic operations (OBMI). OBMI transforms commodity GPUs into a securely isolated processing core for various cryptographic operations while maintaining cost-effective computations. By leveraging System Management Mode (SMM), a privileged execution mode provided by x86 architectures, OBMI implements a program and a secret key into the GPU such that they are securely isolated during the acceleration of cryptographic operations, even in the presence of compromised kernels. Our approach does not require an additional hardware-abstraction layer such as a hypervisor or micro-kernel, and it does not entail modifying the GPU driver. An evaluation of the proposed OBMI demonstrated that even adversaries with kernel privileges cannot gain access to the secret key, and it also showed that the proposed mechanism incurs negligible performance degradation for both the CPU and GPU.</description><subject>Accelerators</subject><subject>Bootstrap method</subject><subject>Commodities</subject><subject>Computation</subject><subject>Computer information security</subject><subject>Cryptographic key protection</subject><subject>Cryptography</subject><subject>GPGPU</subject><subject>GPU security</subject><subject>Graphics processing units</subject><subject>Kernels</subject><subject>Secure systems</subject><subject>SMM</subject><subject>Software services</subject><subject>Studies</subject><subject>Systems management</subject><subject>Trusted computing technology</subject><subject>Trustworthy execution</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><recordid>eNp9kEtrWzEQhUVoIW7aP9CVIJturjvStR6GbkroCwLZJGshj-YmMr7SjSQX_O8r4666KAzMwHxnOHMY-yhgLUDoz_s15kpr2ec19AJ9xVbCGjloCfYNW_WFGTawsdfsXa17AGG0tSvmH9IQaPYp8F3OrbbilyWmZz4TvvgU68ynXHis-eAbBY7ltLT83KmXiDwvVHyLOVWeE8c8zznEduIekQ7nVS71PXs7-UOlD3_7DXv6_u3x7udw__Dj193X-wFHLdqgRNBygzgaAJq2k96R0RosGrELo1JiMoF2GvWotBmlID-BRLAKjMcwqfGGfbrcXUp-PVJtbo612zj4RPlYnbBKjUZJCR29_Qfd52NJ3V2n5HYzbq2QnZIXCkuutdDklhJnX05OgDun7vbunLo7p-6gF-gu-nIRUX_1d6TiKkZKSCEWwuZCjv-T_wGqY4y5</recordid><startdate>201609</startdate><enddate>201609</enddate><creator>Kim, Yonggon</creator><creator>Kwon, Ohmin</creator><creator>Jang, Jinsoo</creator><creator>Jin, Seongwook</creator><creator>Baek, Hyeongboo</creator><creator>Kang, Brent Byunghoon</creator><creator>Yoon, Hyunsoo</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0001-8500-0074</orcidid></search><sort><creationdate>201609</creationdate><title>On-demand bootstrapping mechanism for isolated cryptographic operations on commodity accelerators</title><author>Kim, Yonggon ; Kwon, Ohmin ; Jang, Jinsoo ; Jin, Seongwook ; Baek, Hyeongboo ; Kang, Brent Byunghoon ; Yoon, Hyunsoo</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c361t-51d624cc3700ef9f6be76608c71bd3551f7deb6c63567321eaf02c08507acdf53</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Accelerators</topic><topic>Bootstrap method</topic><topic>Commodities</topic><topic>Computation</topic><topic>Computer information security</topic><topic>Cryptographic key protection</topic><topic>Cryptography</topic><topic>GPGPU</topic><topic>GPU security</topic><topic>Graphics processing units</topic><topic>Kernels</topic><topic>Secure systems</topic><topic>SMM</topic><topic>Software services</topic><topic>Studies</topic><topic>Systems management</topic><topic>Trusted computing technology</topic><topic>Trustworthy execution</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Kim, Yonggon</creatorcontrib><creatorcontrib>Kwon, Ohmin</creatorcontrib><creatorcontrib>Jang, Jinsoo</creatorcontrib><creatorcontrib>Jin, Seongwook</creatorcontrib><creatorcontrib>Baek, Hyeongboo</creatorcontrib><creatorcontrib>Kang, Brent Byunghoon</creatorcontrib><creatorcontrib>Yoon, Hyunsoo</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers & security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Kim, Yonggon</au><au>Kwon, Ohmin</au><au>Jang, Jinsoo</au><au>Jin, Seongwook</au><au>Baek, Hyeongboo</au><au>Kang, Brent Byunghoon</au><au>Yoon, Hyunsoo</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>On-demand bootstrapping mechanism for isolated cryptographic operations on commodity accelerators</atitle><jtitle>Computers & security</jtitle><date>2016-09</date><risdate>2016</risdate><volume>62</volume><spage>33</spage><epage>48</epage><pages>33-48</pages><issn>0167-4048</issn><eissn>1872-6208</eissn><coden>CPSEDU</coden><abstract>General-Purpose computing on a Graphics Processing Unit (GPGPU) involves leveraging commodity GPUs as massively parallel processing units. GPGPU is an emerging computing paradigm for high-performance and data-intensive computations such as cryptographic operations. Although GPGPU is an attractive solution for accelerating modern cryptographic operations, the security challenges that stem from utilizing commodity GPUs remain an unresolved problem. In this paper, we present an On-demand Bootstrapping Mechanism for Isolated cryptographic operations (OBMI). OBMI transforms commodity GPUs into a securely isolated processing core for various cryptographic operations while maintaining cost-effective computations. By leveraging System Management Mode (SMM), a privileged execution mode provided by x86 architectures, OBMI implements a program and a secret key into the GPU such that they are securely isolated during the acceleration of cryptographic operations, even in the presence of compromised kernels. Our approach does not require an additional hardware-abstraction layer such as a hypervisor or micro-kernel, and it does not entail modifying the GPU driver. An evaluation of the proposed OBMI demonstrated that even adversaries with kernel privileges cannot gain access to the secret key, and it also showed that the proposed mechanism incurs negligible performance degradation for both the CPU and GPU.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2016.06.006</doi><tpages>16</tpages><orcidid>https://orcid.org/0000-0001-8500-0074</orcidid></addata></record>
fulltext	fulltext
identifier	ISSN: 0167-4048
ispartof	Computers & security, 2016-09, Vol.62, p.33-48
issn	0167-4048 1872-6208
language	eng
recordid	cdi_proquest_miscellaneous_1855375220
source	Elsevier ScienceDirect Journals
subjects	Accelerators Bootstrap method Commodities Computation Computer information security Cryptographic key protection Cryptography GPGPU GPU security Graphics processing units Kernels Secure systems SMM Software services Studies Systems management Trusted computing technology Trustworthy execution
title	On-demand bootstrapping mechanism for isolated cryptographic operations on commodity accelerators
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-03T05%3A42%3A46IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=On-demand%20bootstrapping%20mechanism%20for%20isolated%20cryptographic%20operations%20on%20commodity%20accelerators&rft.jtitle=Computers%20&%20security&rft.au=Kim,%20Yonggon&rft.date=2016-09&rft.volume=62&rft.spage=33&rft.epage=48&rft.pages=33-48&rft.issn=0167-4048&rft.eissn=1872-6208&rft.coden=CPSEDU&rft_id=info:doi/10.1016/j.cose.2016.06.006&rft_dat=%3Cproquest_cross%3E1855375220%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1829439812&rft_id=info:pmid/&rft_els_id=S0167404816300712&rfr_iscdi=true