DocumentCode
3610733
Title
Introspecting for RSA Key Material to Assist Intrusion Detection
Author
Saxon, John ; Bordbar, Behzad ; Harrison, Keith
Author_Institution
Univ. of Birmingham, Birmingham, UK
Volume
2
Issue
5
fYear
2015
Firstpage
30
Lastpage
38
Abstract
Although the deployment of TLS has been of great importance to its users in preventing eavesdroppers from reading personal data, it also prevents intrusion detection systems (IDSs) from completing their own tasks, as they are, in essence, eavesdroppers themselves. Cloud providers specifically are at risk because of the pure mass of data they accrue over the many applications they serve, so they have a responsibility to protect both themselves and their users. Without the keys, however, they can´t provide the service they require. A method to acquire these keys is to use virtual machine introspection (VMI), a technique that allows an application to read the internal state of a virtual machine. Current methods are expensive and require the application to read the entire virtual machine´s memory. The authors present an efficient approach to acquire RSA keys, commonly used on the Internet, using the forensic virtual machine (FVM) framework. This framework provides the ability, from another virtual machine to use VMI to find, analyze, and act on these findings.
Keywords
cloud computing; digital forensics; public key cryptography; virtual machines; FVM framework; IDS; Internet; RSA key material; TLS; VMI; cloud provider; eavesdropper; forensic virtual machine framework; intrusion detection system; personal data; virtual machine introspection; virtual machine memory; Ciphers; Cloud computing; Forensics; Operating systems; Random access memory; Virtual machining; asymmetric cryptography; cloud; cloud computing; forensics; key retrieval; virtual machine introspection;
fLanguage
English
Journal_Title
Cloud Computing, IEEE
Publisher
ieee
ISSN
2325-6095
Type
jour
DOI
10.1109/MCC.2015.100
Filename
7331177
Link To Document