Abstract
Driven by cloud computing technology, traditional cryptography is transforming into cloud cryptographic service. Cryptographic cards must be virtualized if they are to be used in cloud. Hardware virtualization is the most commonly used cryptographic card virtualization solution, however, all existing hardware solutions rely on high-performance cryptographic cards that support Single Root I/O Virtualization (SR-IOV). Such cryptographic cards are expensive, providing a limited number of virtual cryptographic cards, making it challenging to support large-scale computing in cloud. Furthermore, existing software-based virtualization solutions perform poorly and do not support operations such as virtual machine(VM) migration and replication. This paper proposes a shared memory based cryptographic card software virtualization solution, which virtualizes a single PCIe cryptographic card into multiple virtual cryptographic cards, and encapsulates it as a virtual cipher machine (VCM) for users. This solution enables multiple VCMs to share hardware cryptographic resources effectively and reduce the hardware requirements for cloud servers to use cryptographic resources dramatically, realizing elastic expansion and an on-demand supply of cryptographic resources. Experimental results demonstrate that the performance of the solution proposed in this paper is better than the existing software virtualization solutions and can meet the requirements of high availability and high concurrency of cryptographic applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Top Threats to Cloud Computing. https://cloudsecurityalliance.org/press-releases. Accessed 28 Sept 2020
Cloud Cryptography Service Technical White Paper. http://www.bccia.org.cn/upload/files/2019/12/19f490f47a6d26bd.pdf. Accessed 4 Apr 2022
Sansec. https://www.sansec.com.cn/product/62.html. Accessed 1 Apr 2022
Yan, Z., Rongwei, C., Yuchao, S.: Application of cryptographic resource pool system in cloud computing environment. In: Research on Information Security, pp. 558–561 (2016)
Lei, S., Zewu, W., Kun, Z., Ruichen, S., Shuai, L.: Research and design of cryptography cloud framework. In: IEEE 3rd International Conference on Cloud Computing and Big Data Analysis 2018, pp. 147–154, (2018)
Sun, L., Wang, Z.W., Sun, R.C.: Research and design of cryptocard virtualization framework. In: Proceedings of 2016 International Conference on Wireless Communication and Network Engineering, pp. 311–319. Lancaster (2016)
Tang, L., Dou, T., Sang, H., Zhang, Y.: Software virtualization of password card based on I/O front-end and back-end model. In: Computer System Application, pp. 286–294 (2022)
Jiafu, Z.: Research on virtual desktop privacy protection based on password card virtualization. In: Huazhong University of Science and Technology. Wuhan (2017)
Li, Y.: The Research and Implementation of Cryptographic Algorithim Model in Cloud Computing Environment. In: Shandong University. Jinan (2016)
RodrÃguez-Haro, F., Freitag, F., Navarro, L.: A summary of virtualization techniques. In: Procedia Technology, pp. 267–272 (2012)
Zhang, B., et al.: A Survey on I/O virtualization and optimization. In: 2010 Fifth Annual ChinaGrid Conference, pp. 117–123 (2010)
Barham, P., Dragovic, B., Fraser, K.: Xen and the art of virtualization. In: Proceedings of the 19th ACM Symposium on Operating System Principles, pp. 581–596 (2013)
Keir, F., et al.: Safe hardware access with the Xen virtual machine monitor. In: Proceedings of the 1st Workshop on Operating System and Architectural Support for the on demand IT InfraStructure, pp. 109–120 (2014)
Ma, L.: Design and implementation of high-speed password card based on SR-IOV virtualization technology. In: Shanghai Jiaotong University. Shanghai (2016)
Ren, J., Lin, S., Ye, Y.: Research and implementation of SR-IOV technology based on FPGA. In: Communication Technology, pp. 2321–2324. Shenzhen(2019)
Yang, Y., Yan, F., Yu, Z., et al.: Research on a virtual machine security isolation framework based on VT-d technology. In: Information Network Security, pp. 21–14 (2006)
Su, Z.: Research and implementation of password card virtualization technology. In: Integrated Technology, pp. 31–41 (2019)
Yang, W., Liu, J., Tu, Z., et al.: Design of virtualized trusted platform based on password card. In: Information Technology, pp. 171–176 (2016)
Tass. https://www.tass.com.cn/portal/article/index/cid/6/id/1.html. Accessed 2 May 2022
https://blog.csdn.net/LU_ZHAO/article/details/105237107. Accessed 20 May 2022
Russell, R.: Virtio: towards a de-facto standard for virtual I/O devices. In: ACM SIGOPS Operating Systems Review, pp. 95–103 (2008)
Liu, Y., Niu, B.: Network request performance optimization of paravirtualization framework virtio. In: Small Microcomputer System, pp. 105–110 (2018)
El Amri, A., Meddeb, A.: Optimal server selection for competitive service providers in network virtualization context. In: Telecommunication Systems, pp. 451–467 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Li, C., Tu, B., Feng, Y. (2022). The Shared Memory Based Cryptographic Card Virtualization. In: Su, C., Sakurai, K., Liu, F. (eds) Science of Cyber Security. SciSec 2022. Lecture Notes in Computer Science, vol 13580. Springer, Cham. https://doi.org/10.1007/978-3-031-17551-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-17551-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17550-3
Online ISBN: 978-3-031-17551-0
eBook Packages: Computer ScienceComputer Science (R0)