A New Cloud Cryptographic Computing Platform Architecture and Implementation

doi:10.3969/j.issn.1671-1122.2019.09.019

Abstract

Abstract:

This paper proposes a cryptographic cloud service platform, which can provide flexible cryptographic operation ability through speed-limiting module and scheduling the underlying cryptographic machine. It can identify the user’s identity through a uniform identity authentication system and isolate the key specifically. The prototype system is implemented based on the cipher machine complying with national standard in this paper. Compared with connect to cipher machine directly, the performance loss can reach 18.201%.

Key words: cloud cryptographic computing, cloud computing, key isolation, key management

CLC Number:

TP309

Liangqin REN, Wei WANG, Qiongxiao WANG, Linli LU. A New Cloud Cryptographic Computing Platform Architecture and Implementation[J]. Netinfo Security, 2019, 19(9): 91-95.

Figures/Tables 3

References 14

[1]	China Internet Network Information Center. 43rd Statistical Report on the Development of Internet in China[R]. Beijing: China Internet Network Information Center, V0228, 2019.
	中国互联网信息中心.第43次中国互联网络发展状况统计报告[R].北京:中国互联网信息中心,V0228,2019.
[2]	WANG Wenxu, ZHANG Jian, CHANG Qing, et al.Research on the Security Problem of Cloud Computing Virtualization Platform[J]. Netinfo Security, 2016, 16(9): 163-168.
	王文旭,张健,常青,等.云计算虚拟化平台安全问题研究[J].信息网络安全,2016,16(9):163-168.
[3]	MEI Donghui, LI Hongling.Research on Load Balancing of Virtual Machine Based on Multiple Objective Hybrid Particle Swarm Optimization[J]. Netinfo Security, 2018, 18(2): 78-83.
	梅东晖,李红灵.基于多目标混合粒子群算法的虚拟机负载均衡研究[J].信息网络安全,2018,18(2):78-83.
[4]	WANG Zewu.Research on Management and Scheduling Technique of Cryptographic Service Cloud[D]. Zhengzhou: PLA Strategic Support Force Information University, 2018.
	王泽武. 密码服务云管理与调度技术研究[D].郑州:战略支援部队信息工程大学,2018.
[5]	CHENG Wangzhao.Research on High Performance Cryptography Service System Based on GPU[D]. Beijing: Institute of Information Engineering, 2019.
	程王钊. 基于GPU的密码服务系统研究[D].北京:信息工程研究所,2019.
[6]	DONG Jiankuo.Research on High Speed Asymmetric Cryptography Implementation Based on GPU[D]. Beijing: Institute of Information Enginerring, 2019.
	董建阔. 基于GPU的非对称密码高速实现技术研究[D].北京:信息工程研究所,2019.
[7]	CHENG W, ZHENG F, PAN W, et al.High-Performance Symmetric Cryptography Server with GPU Acceleration[C]//Springer. ICICS 2017. April 4-6, 2017, Irbid, Jordan. Berlin: Springer, 2017: 529-540.
[8]	SZERWINSKI R, GÜNEYSUT. Exploiting the Power of GPUs for Asymmetric Cryptography[C]//Springer. CHES 2008. August 10-13, 2008, Washington, DC, USA. Berlin: Springer, 2008: 79-99.
[9]	HARRISON O, WALDRON J. Public Key Cryptography on Modern Graphics Hardware[EB/OL]. , 2009-10-15.
[10]	BERNSTEIN DJ, CHEN TR, CHENG C M, et al.ECM on Graphics Cards[C]//Springer. Eurocrypt 2009. April 26-30, 2009, Cologne, Germany. Berlin: Springer, 2009: 483-501.
[11]	BOS J W.Low-latency Elliptic Curve Scalar Multiplication[J]. International Journal of Parallel Programming, 2012, 40(5): 532-550.
[12]	DONG J, ZHENG F, EMMART N, et al.sDPF-RSA: Utilizing Floating-point Computing Power of GPUs for Massive Digital Signature Computations[C]//IEEE. 2018 International Parallel and Distributed Processing Symposium. May 21-25, 2018, Vancouver, British Columbia CANADA. Piscataway, NJ: IEEE, 2018: 599-609.
[13]	PAN W, ZHENG F, ZHAO Y, et al.An Efficient Elliptic Curve Cryptography Signature Server with GPU Acceleration[J]. IEEE Trans on Information Forensics and Srcurity, 2017, 12(1): 111-122.
[14]	YE Weiwei, OU Qingyu, BAI Xiaowu.Research on Authentication Scheme of Cryptographic Service System Based on Service Architecture. Netinfo Security, 2016, 16(5): 37-43.
	叶伟伟,欧庆于,柏小武.基于服务架构的密码服务系统认证方案研究[J].信息网络安全,2016,16(5):37-43.

CPU	Intel Xeon CPU E5-2690v4 at 2.90GHz * 2
GPU	NVIDIA GTX 1080
OS	Ubuntu 16.04x64 LTS
Memory	Kingston DDR4 8GB * 2
Network	Broadcom BCM5720 10 Gigabit

	运算速度/Mbps			GPU利用率/%
消息 /Byte	密码云平台	直连密码机	损耗比	密码云平台	直连密码机
64	29.049	77.106	62.325	30.733	36.083
128	55.676	121.450	54.157	31.467	40.383
256	118.442	152.672	22.420	34.417	40.817
512	250.036	320.851	22.071	41.617	49.317
1024	518.886	660.299	21.416	48.417	61.550
2048	1402.030	1770.140	20.795	82.183	86.383
4096	2676.230	3344.880	19.990	94.250	96.200
8192	4348.740	5316.420	18.201	98.300	96.583

[1]	Yuan LIU, Wei QIAO. Research and Optimization of Container Network Based on Kubernetes Cluster System in Cloud Environment [J]. Netinfo Security, 2020, 20(3): 36-44.
[2]	Jiameng BAI, Yingshuai KOU, Zeyi LIU, Daren ZHA. Docker-based RBAC Task Management System [J]. Netinfo Security, 2020, 20(1): 75-82.
[3]	Yi YU, Liangshuang LV, Xiaojian LI, Tianbo WANG. Dynamic Network Topology Description Language for Mobile Cloud Computing Scenario [J]. Netinfo Security, 2019, 19(9): 120-124.
[4]	Zixuan WANG, Liangshuang LV, Xiaojian LI, Tianbo WANG. A Shared Storage-based Virtual Machine Application Distribution Strategy for OpenStack [J]. Netinfo Security, 2019, 19(9): 125-129.
[5]	Yanpeng CUI, Luming FENG, Zheng YAN, Huaqing LIN. Research on Software Security Model of Cloud Computing Based on Program Slicing Technology [J]. Netinfo Security, 2019, 19(7): 31-41.
[6]	Xinrui GE, Wei CUI, Rong HAO, Jia YU. Verifiable Keywords Ranked Search Scheme over Encrypted Cloud Data [J]. Netinfo Security, 2019, 19(7): 82-89.
[7]	Chunqi TIAN, Jing LI, Wei WANG, Liqing ZHANG. A Method for Improving the Performance of Spark on Container Cluster Based on Machine Learning [J]. Netinfo Security, 2019, 19(4): 11-19.
[8]	Pu ZHAO, Wei CUI, Rong HAO, Jia YU. A Secure Outsourcing Computation Scheme for El-Gamal Signature Generation [J]. Netinfo Security, 2019, 19(3): 81-86.
[9]	Zhenfeng ZHANG, Zhiwen ZHANG, Ruichao WANG. Model of Cloud Computing Security and Compliance Capability for Classified Protection of Cybersecurity 2.0 [J]. Netinfo Security, 2019, 19(11): 1-7.
[10]	Xiang ZOU, Bing CHEN. Research on Anti-counterfeiting Technologyof Seal Based on Domestic Cryptography Algorithm [J]. Netinfo Security, 2019, 19(1): 76-82.
[11]	LIU Jinghao, PING Jianchuan, FU Xiaomei. Research on A Distributed Public Key System Based on Blockchain [J]. 信息网络安全, 2018, 18(8): 25-33.
[12]	FENG Xinyang, SHEN Jianjing. A Yarn and NMF Based Big Data Clustering Algorithm [J]. 信息网络安全, 2018, 18(8): 43-49.
[13]	TAO Yuan, HUANG Tao, ZHANG Mohan, LI Shuilin. Research and Development Trend Analysis of Key Technologies for Cyberspace Security Situation Awareness [J]. 信息网络安全, 2018, 18(8): 79-85.
[14]	ZHANG Qi, LIN Xijun, QU Haipeng. Identity-based Encryption Scheme Support Authorization Equality Test in Cloud Environment [J]. 信息网络安全, 2018, 18(6): 52-60.
[15]	WANG Yue, CHENG Xiangguo, WANG Xuqi. Research on Key-insulated Group Signature Scheme Based on Bilinear Pairings [J]. 信息网络安全, 2018, 18(6): 61-66.