CN113810382A - Cipher text loading method for resisting SGX side channel attack - Google Patents
Cipher text loading method for resisting SGX side channel attack Download PDFInfo
- Publication number
- CN113810382A CN113810382A CN202110973607.8A CN202110973607A CN113810382A CN 113810382 A CN113810382 A CN 113810382A CN 202110973607 A CN202110973607 A CN 202110973607A CN 113810382 A CN113810382 A CN 113810382A
- Authority
- CN
- China
- Prior art keywords
- user
- program
- enclave
- report
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000011068 loading method Methods 0.000 title claims abstract description 20
- 238000000034 method Methods 0.000 claims abstract description 27
- 230000008569 process Effects 0.000 claims abstract description 14
- 238000004891 communication Methods 0.000 claims abstract description 10
- 238000012795 verification Methods 0.000 claims description 12
- 230000004044 response Effects 0.000 claims description 6
- 238000005259 measurement Methods 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 abstract description 5
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a cipher text loading method for resisting SGX side channel attack, which comprises the steps of firstly encrypting a source program and transmitting the encrypted program to a cloud provider, loading cipher text codes and a loader program by the cloud provider, and initializing an Enclave of a cloud environment according to the information; the method comprises the steps that remote authentication is conducted between a user and a cloud environment, a safe communication channel is established, and the user transmits a key used in encryption to an Enclave in the cloud environment safely through a key exchange protocol; finally, the Enclave uses the key decryption program and the loader program, and the loader program executes the program according to the parameters transmitted by the user; before the encrypted message is transmitted to the envelope, the program exists in a ciphertext mode, a malicious environment cannot acquire a program plaintext, the confidentiality of the program is guaranteed, a remote authentication mechanism in an SGX is fully utilized, a key established by combining a key exchange protocol is used for protecting an encryption key used in the process of encrypting the plaintext program, and the overhead of the scheme is reduced while side channel attack is resisted.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a ciphertext loading method for resisting SGX side channel attack.
Background
At present, more and more computing tasks are processed by cloud servers, so that codes and data of users are controlled by cloud platforms, which seriously affects information security of the users, for example, a cloud provider attacks proprietary algorithms of the users through privileges. SGX (software guard extensions) instruction set extension aims to provide a trusted execution environment of a user space by taking hardware security as mandatory guarantee and not depending on the security state of firmware and software, and realizes isolated operation among different programs by a new instruction set extension and an access control mechanism so as to guarantee that confidentiality and integrity of user key codes and data are not damaged by malicious software. With SGX, it is possible to establish a secure compute region in a computer and provide hardware level security isolation and protection for internal code. In the SGX-enabled device, a user can create a secure container (enclosure) in a memory by using an instruction to protect an internal program, and even malicious privileged software (such as an operating system, a virtual monitor, and the like) cannot destroy the integrity and confidentiality of the program in the execution process. The implementation of secure execution of programs in the SGX can effectively improve the versatility of the scheme. However, the existing SGX has a side channel attack problem, such as a page table-based side channel attack, a cache-based side channel attack, and a DRAM-based side channel attack.
Aiming at the side channel attack problem of SGX, Shih and the like provide a special T-SGX scheme for resisting abnormal information leakage caused by asynchronous envelope exit due to abnormal occurrence in code execution, and page faults and other synchronous abnormalities are effectively inhibited by means of widely deployed Transactional Synchronization Extensions (TSX), so that side channel page table attack is relieved; ahmad et al propose OBFUSCURO, a solution for resisting access mode leakage of software and hardware combination of SGX and ORAM technologies, code and data are compiled into code blocks and data blocks with fine granularity by an LLVM compiler before Enclave runs, the data access times of one code block are strictly controlled to be one time, and side channel attacks based on a page table, a cache and a DRAM are effectively resisted. Furthermore, Lee et al propose a zigbee scheme that converts conditional branch code in a program into unconditional branch code that jumps to a fixed location, thereby hiding control flow. Existing schemes can resist one or several SGX side channel attacks, but their overhead is large. There is therefore a need for a more efficient technique that can achieve protection against side channel attacks by SGX.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a ciphertext loading method for resisting SGX side channel attack, which comprises the following steps:
step 1: the user generates a symmetric key and trustees the encrypted ciphertext to an application program of a cloud service provider;
step 2: verifying whether the security container Enable in the cloud server is trusted according to a remote authentication protocol to realize a remote authentication process;
and step 3: in the process of remote authentication, an ECDH algorithm is used for constructing a safe communication channel for both a user and a server;
and 4, step 4: and transmitting the key used by the encrypted program and the parameters required by the program operation to the Enclave of the cloud environment for decrypting the ciphertext.
The step 1 comprises the following steps:
step 1.1: AES-GCM algorithm implemented by user using AES-NI instruction set provided by Intel generates a pair of symmetric keys k0;
Step 1.2: using the generated symmetric key k0Clear text program P for user to be hosted to cloud service provideruserEncrypting to obtain encrypted application program { Puser}k0;
Step 1.3: application program P after encryptionuser}k0Sending the { P to a cloud service provider, and sending the { P to the cloud service provider through the cloud service provideruser}k0And a loader program PloaderLoading into an Enclave of the platform;
step 1.4: creating a secure container Enclave to a port through a cloud service providerPuser}k0The allocated safe memory page is set as an Enclave code page with read, write and execute rights.
The step 2 comprises the following steps:
step 2.1: the SGX platform application receives the challenge value sent by the challenger;
step 2.2: sending the received challenge value and the authentication request to a security container Enclave to be authenticated through an application program of the SGX platform;
step 2.3: the security container Enable to be authenticated generates a local authentication Report according to the Report key and the measurement log, and sends the Report to the application program;
step 2.4: after receiving the REPORT, the application program sends the REPORT to a querying envelope for verification and signature;
step 2.5: the checking Enable calls a REPORT key to verify the REPORT, then uses an authentication key to sign the REPORT to generate a remote authentication REPORT QUOTE, and returns the REPORT to the application program;
step 2.6: the application program sends a remote authentication report QUOTE to a remote party;
step 2.7: the remote party verifies by sending the queue to the Intel authentication service IAS and returns a response signal for remote verification.
The step 3 comprises the following steps:
step 3.1: calculating g according to the random number x generated by the user terminalxmod n, let X be gxmod n, wherein n is a prime number shared by both the user and the server, g is an integer shared by both the user and the server, g is an original root of n, and mod represents a remainder operation;
step 3.2: constructing the identity of the user side and the generated X into a REPORT and sending the REPORT to a Quote Enclave;
step 3.3: the Quote Enclave verifies the identity information of the client side security container Enclave, and returns a Quote structure QUOTE after verification is successful;
step 3.4: encrypting QUOTE by using EPID and sending the encrypted QUOTE to a security container Enclave at a cloud server end, decrypting the security container Enclave to obtain X, and simultaneously generating a random numberNumber of machines y, and calculate gymod n, let Y equal gy mod n;
Step 3.5: the security container Enclave at the cloud server side sends the Y and the response signal of the remote verification to the security container Enclave at the client side;
step 3.6: user side computing Yxmod n, while the server side computes Xymod n, if the calculated results are the same, it indicates that a secure communication channel is successfully established between the user and the server, and the calculated result is recorded as K.
The step 4 comprises the following steps:
step 4.1: user encrypts key K with result K0And executing the parameters Par needing to be submitted to obtain k0Par K, and sends it to the cloud service provider, which forwards it to the secure container Enclave;
step 4.2: verifying whether the source of the message is from the correct user through the secure container envelope, and then decrypting the K by using the K0Par K, obtaining the decryption key K of the program0And parameters of program execution Par;
step 4.3: use of k by a safety Container Enclave0Decryption { Puser}k0Obtaining a plaintext program P of a useruserThen loader program PloaderThe result R corresponding to the execution parameter ParparEncrypted with K to obtain { RparK, returning to a cloud service provider, and sending to a user by the cloud service provider;
step 4.4: user decryption using K { R }parK, and obtaining a program execution result Rpar。
The invention has the beneficial effects that:
the invention provides a cipher text loading method for resisting SGX side channel attack, which makes full use of a remote authentication mechanism in SGX and protects an encryption key used in the process of encrypting a plaintext program by combining a key constructed by a key exchange protocol, thereby reducing the cost of a scheme while resisting side channel attack. In addition, the method solves the problem that the code page granted with the writable and executable authority lacks data execution protection.
Drawings
FIG. 1 is a flowchart of a ciphertext loading method for defending against SGX side channel attacks in the present invention;
FIG. 2 is a schematic diagram of a ciphertext loading method for defending against SGX side channel attack in the present invention;
fig. 3 is a block diagram of the remote authentication and key exchange process of the present invention.
Detailed Description
The invention is further described with reference to the following figures and specific examples. The invention provides a scheme for defending the channel on the SGX side against the attack based on ciphertext loading from the viewpoint of limiting attack conditions. The scheme is based on a remote authentication mechanism and combines a key exchange protocol to provide an SGX side channel attack protection scheme with low cost. The remote authentication technology is a mechanism provided by Intel for helping Enclave prove to another remote party that a specific code enables safe operation in a platform of the SGX, and the key exchange protocol is a protocol provided by Intel for realizing that two parties construct a secure channel, and by combining the two protocols, side channel attack can be resisted, and meanwhile, less overhead is used.
A cipher text loading method for resisting SGX side channel attack is based on remote authentication provided by Intel SGX, and uses a key exchange protocol on the basis of the remote authentication, thereby effectively protecting a key used in the process of encrypting a program, and safely transmitting the program into an Intel processor SGX envelope and safely decrypting the program; the symbols involved in the invention are described below: puser: a program of a user; k is a radical of0: user encryption PuserA key to use; ploader: a loader program; par: the parameters that are passed in; rpar: par-based execution of PuserThe obtained return value; k: user and PloaderThe key established in (c).
As shown in fig. 2, for the source program, the source program is first encrypted and transmitted to the cloud provider, and the cloud provider loads the ciphertext code and the loader program and initializes the envelope of the cloud environment according to these pieces of information. And then, performing remote authentication between the user and the cloud environment, and constructing a secure communication channel, wherein in a remote authentication protocol, Intel provides some user-defined data, and the user securely transmits a key used in encryption to Enclave in the cloud environment through a key exchange protocol. Finally Enclave uses the key to decrypt the program and the loader program, which executes the program according to the parameters passed by the user. Before the program is transmitted to the Enclave, the program exists in a ciphertext mode, and the malicious environment cannot acquire the plaintext of the program, so that the confidentiality of the program is ensured.
Based on the above principle, a ciphertext loading method for resisting SGX side channel attack is provided, as shown in fig. 1, including the following steps:
step 1: the user generates a symmetric key and trustees the encrypted ciphertext to an application program of a cloud service provider; the method comprises the following steps:
step 1.1: AES-GCM algorithm implemented by user using AES-NI instruction set provided by Intel generates a pair of symmetric keys k0(ii) a The AES-GCM algorithm is an algorithm with authentication and encryption, and encryption data and an authentication code can be generated for a given original text at the same time.
Step 1.2: using the generated symmetric key k0Clear text program P for user to be hosted to cloud service provideruserEncrypting to obtain encrypted application program { Puser}k0;
Step 1.3: application program P after encryptionuser}k0Sending the { P to a cloud service provider, and sending the { P to the cloud service provider through the cloud service provideruser}k0And a loader program PloaderLoading into an Enclave of the platform;
step 1.4: setting security container Enable to be { P through cloud service provideruser}k0The allocated safe memory page is set as an Enclave code page with read, write and execute rights.
And in the key exchange stage, a user verifies whether the Enclave in the cloud server is credible by using a remote authentication protocol provided by Intel, and the implementation of the protocol is based on a process of multiple interactions.
Step 2: verifying whether the security container Enable in the cloud server is trusted according to a remote authentication protocol to realize a remote authentication process; the method comprises the following steps:
step 2.1: the SGX platform application receives the challenge value sent by the challenger;
step 2.2: sending the received challenge value and the authentication request to a security container Enclave to be authenticated through an application program of the SGX platform;
step 2.3: the security container Enclave to be authenticated generates a local authentication Report according to a Report key (Report key, only enclaves of the same platform can generate the same Report key) and a measurement log (the measurement log is generated by hardware and records all activities in the Enclave construction process), and sends the local authentication Report to an application program;
step 2.4: after receiving the REPORT, the application program sends the REPORT to a querying envelope for verification and signature; the Quoting Enclave is a special Enclave provided by Intel officials, and only the Quoting Enclave can call an authentication Key Attestation Key for binding platform hardware information. Attestation Key represents the trustworthiness of the platform.
Step 2.5: the checking Enable calls a REPORT Key to verify the REPORT, then uses an authentication Key Attestation Key to sign the REPORT to generate a remote authentication REPORT QUOTE, and returns the REPORT to the application program;
step 2.6: the application program sends a remote authentication report QUOTE to a remote party;
step 2.7: the remote party verifies by sending the queue to an Intel Authentication Service (IAS) and returns a response signal of remote verification.
In the process of remote authentication, Intel provides some self-defined data for users to control, and the self-defined data is used for implementing an ECDH (explicit-Curve Diffie-Hellman) algorithm, so as to construct a secure communication channel for both the users and the server.
And step 3: in the process of remote authentication, an ECDH algorithm is used for constructing a safe communication channel for both a user and a server; the method comprises the following steps:
step 3.1: according to the userEnd-generated random number x calculates gxmod n, let X be gxmod n, wherein n is a prime number shared by both the user and the server, g is an integer shared by both the user and the server, g is an original root of n, and mod represents a remainder operation; the user and the server share a prime number n and an integer g, and the two data are public and can be seen by an attacker.
Step 3.2: constructing the identity of the user side and the generated X into a REPORT and sending the REPORT to a Quote Enclave;
step 3.3: the Quote Enclave verifies the identity information of the client side security container Enclave, and returns a Quote structure QUOTE after verification is successful;
step 3.4: encrypting QUOTE by using EPID and sending the encrypted QUOTE to a security container Enclave at a cloud server end, decrypting the security container Enclave to obtain X, generating a random number y, and calculating gymod n, let Y equal gymod n; the EPID (enhanced Privacy id) creates a platform-certified signature key by referring to enclave, this key represents not only the platform but also the trustworthiness of the underlying hardware, and binds the version of the processor firmware, and only the referring enclave can access the EPID key when the enclave system is running.
Step 3.5: the security container Enclave at the cloud server side sends the Y and the response signal of the remote verification to the security container Enclave at the client side;
step 3.6: user side computing Yxmod n, while the server side computes Xymod n, if the calculated results are the same, it indicates that a secure communication channel is successfully established between the user and the server, and the calculated result is recorded as K.
The user and the server have already established a secure communication channel, and at this time, only the key used by the encrypted program and the parameters required for program operation need to be transferred to the envelope of the cloud environment, as shown in fig. 3.
And 4, step 4: transmitting a key used by the encrypted program and parameters required by program operation to an encrypt of the cloud environment for decryption of the ciphertext; the method comprises the following steps:
step 4.1: user utilizing knotFruit K encryption key K0And executing the parameters Par needing to be submitted to obtain k0Par K, and sends it to the cloud service provider, which forwards it to the secure container Enclave;
step 4.2: verifying whether the source of the message is from the correct user through the secure container envelope, and then decrypting the K by using the K0Par K, obtaining the decryption key K of the program0And parameters of program execution Par;
step 4.3: use of k by a safety Container Enclave0Decryption { Puser}k0Obtaining a plaintext program P of a useruserThen loader program PloaderThe result R corresponding to the execution parameter ParparEncrypted with K to obtain { RparK, returning to a cloud service provider, and sending to a user by the cloud service provider;
step 4.4: user decryption using K { R }parK, and obtaining a program execution result Rpar。
Since the loader needs to complete the writing and execution of the application program at runtime, the user's code page is granted writable and executable rights, and one feature of Enclave is that the corresponding attribute cannot be changed after initialization, which may result in the code page in Enclave lacking data execution protection.
The method solves this problem by implementing a protection method based on software data, the core idea of which is to implement a virtual barrier between code pages and data pages based on software implementing NRW boundaries (i.e. unreadable and writeable boundaries) inside an envelope. Typically, program execution uses explicit memory access instructions (mov, inc, add, etc.) to read and write to memory pages. For such instructions to read and write to a code page, it is ensured that the memory address being accessed is always above the NRW boundary (i.e. the operands should not point to the code page). The scheme uses registers to hold NRW boundaries that are stored into registers by the loader program prior to execution of the user program.
The method can resist side channel attacks of most SGX through the logic of the encryption code hiding plaintext program, and has the comprehensiveness of resisting the attacks; the method only encrypts the plaintext program without performing other confusion operations on the program, so that the cost is low; the method is a data execution protection method based on software, and can effectively solve the problem that a code page lacks data execution protection.
Claims (5)
1. A ciphertext loading method for resisting SGX side channel attack is characterized by comprising the following steps:
step 1: the user generates a symmetric key and trustees the encrypted ciphertext to an application program of a cloud service provider;
step 2: verifying whether the security container Enable in the cloud server is trusted according to a remote authentication protocol to realize a remote authentication process;
and step 3: in the process of remote authentication, an ECDH algorithm is used for constructing a safe communication channel for both a user and a server;
and 4, step 4: and transmitting the key used by the encrypted program and the parameters required by the program operation to the Enclave of the cloud environment for decrypting the ciphertext.
2. The ciphertext loading method for defending against SGX side channel attack according to claim 1, wherein the step 1 comprises:
step 1.1: AES-GCM algorithm implemented by user using AES-NI instruction set provided by Intel generates a pair of symmetric keys k0;
Step 1.2: using the generated symmetric key k0Clear text program P for user to be hosted to cloud service provideruserEncrypting to obtain encrypted application program { Puser}k0;
Step 1.3: application program P after encryptionuser}k0Sending the { P to a cloud service provider, and sending the { P to the cloud service provider through the cloud service provideruser}k0And a loader program PloaderLoading into an Enclave of the platform;
step 1.4: setting security container Enable to be { P through cloud service provideruser}k0The allocated secure memory pages are arranged to have read, write andan envelope code page for the execution authority.
3. The ciphertext loading method for defending against SGX side channel attack according to claim 1, wherein the step 2 comprises:
step 2.1: the SGX platform application receives the challenge value sent by the challenger;
step 2.2: sending the received challenge value and the authentication request to a security container Enclave to be authenticated through an application program of the SGX platform;
step 2.3: the security container Enable to be authenticated generates a local authentication Report according to the Report key and the measurement log, and sends the Report to the application program;
step 2.4: after receiving the REPORT, the application program sends the REPORT to a querying envelope for verification and signature;
step 2.5: the checking Enable calls a REPORT key to verify the REPORT, then uses an authentication key to sign the REPORT to generate a remote authentication REPORT QUOTE, and returns the REPORT to the application program;
step 2.6: the application program sends a remote authentication report QUOTE to a remote party;
step 2.7: the remote party verifies by sending the queue to the Intel authentication service IAS and returns a response signal for remote verification.
4. The ciphertext loading method for defending against SGX side channel attack according to claim 1, wherein the step 3 comprises:
step 3.1: calculating g according to the random number x generated by the user terminalxmod n, let X be gxmod n, wherein n is a prime number shared by both the user and the server, g is an integer shared by both the user and the server, g is an original root of n, and mod represents a remainder operation;
step 3.2: constructing the identity of the user side and the generated X into a REPORT and sending the REPORT to a Quote Enclave;
step 3.3: the Quote Enclave verifies the identity information of the client side security container Enclave, and returns a Quote structure QUOTE after verification is successful;
step 3.4: encrypting QUOTE by using EPID and sending the encrypted QUOTE to a security container Enclave at a cloud server end, decrypting the security container Enclave to obtain X, generating a random number y, and calculating gymod n, let Y equal gy mod n;
Step 3.5: the security container Enclave at the cloud server side sends the Y and the response signal of the remote verification to the security container Enclave at the client side;
step 3.6: user side computing Yxmod n, while the server side computes Xymod n, if the calculated results are the same, it indicates that a secure communication channel is successfully established between the user and the server, and the calculated result is recorded as K.
5. The ciphertext loading method for defending against SGX side channel attack according to claim 1, wherein the step 4 comprises:
step 4.1: user encrypts key K with result K0And executing the parameters Par needing to be submitted to obtain k0Par K, and sends it to the cloud service provider, which forwards it to the secure container Enclave;
step 4.2: verifying whether the source of the message is from the correct user through the secure container envelope, and then decrypting the K by using the K0Par K, obtaining the decryption key K of the program0And parameters of program execution Par;
step 4.3: use of k by a safety Container Enclave0Decryption { Puser}k0Obtaining a plaintext program P of a useruserThen loader program PloaderThe result R corresponding to the execution parameter ParparEncrypted with K to obtain { RparK, returning to a cloud service provider, and sending to a user by the cloud service provider;
step 4.4: user decryption using K { R }parK, and obtaining a program execution result Rpar。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110973607.8A CN113810382B (en) | 2021-08-24 | 2021-08-24 | Ciphertext loading method for resisting SGX side channel attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110973607.8A CN113810382B (en) | 2021-08-24 | 2021-08-24 | Ciphertext loading method for resisting SGX side channel attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113810382A true CN113810382A (en) | 2021-12-17 |
CN113810382B CN113810382B (en) | 2023-07-11 |
Family
ID=78894008
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110973607.8A Active CN113810382B (en) | 2021-08-24 | 2021-08-24 | Ciphertext loading method for resisting SGX side channel attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113810382B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114462047A (en) * | 2022-01-25 | 2022-05-10 | 北京工业大学 | Cloud outsourcing computing security method based on SGX technology |
CN115081000A (en) * | 2022-06-17 | 2022-09-20 | 苏州浪潮智能科技有限公司 | Method, system, device and storage medium for protecting source code of remote object program |
CN115270134A (en) * | 2022-07-18 | 2022-11-01 | 京信数据科技有限公司 | Computing method and system based on FPGA trusted execution environment |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104392188A (en) * | 2014-11-06 | 2015-03-04 | 三星电子(中国)研发中心 | Security data storage method and system |
CN108595950A (en) * | 2018-04-18 | 2018-09-28 | 中南大学 | A kind of safe Enhancement Methods of SGX of combination remote authentication |
CN109150517A (en) * | 2018-09-04 | 2019-01-04 | 大唐高鸿信安(浙江)信息科技有限公司 | Key security management system and method based on SGX |
CN109361668A (en) * | 2018-10-18 | 2019-02-19 | 国网浙江省电力有限公司 | A kind of data trusted transmission method |
CN110138799A (en) * | 2019-05-30 | 2019-08-16 | 东北大学 | A kind of secure cloud storage method based on SGX |
CN110535628A (en) * | 2019-08-29 | 2019-12-03 | 阿里巴巴集团控股有限公司 | The method and device of Secure calculating is carried out by certificate issuance |
CN110912686A (en) * | 2019-10-15 | 2020-03-24 | 福建联迪商用设备有限公司 | Secure channel key negotiation method and system |
US20200151170A1 (en) * | 2018-11-14 | 2020-05-14 | Baidu Online Network Technology (Beijing) Co., Ltd. | Spark query method and system supporting trusted computing |
CN111181720A (en) * | 2019-12-31 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Service processing method and device based on trusted execution environment |
CN112182615A (en) * | 2020-09-29 | 2021-01-05 | 北京电子科技学院 | Cloud computing key protection system based on SGX and ORAM technology |
CN112948810A (en) * | 2021-05-12 | 2021-06-11 | 支付宝(杭州)信息技术有限公司 | Trusted computing program calling method and device, electronic equipment and storage medium |
-
2021
- 2021-08-24 CN CN202110973607.8A patent/CN113810382B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104392188A (en) * | 2014-11-06 | 2015-03-04 | 三星电子(中国)研发中心 | Security data storage method and system |
CN108595950A (en) * | 2018-04-18 | 2018-09-28 | 中南大学 | A kind of safe Enhancement Methods of SGX of combination remote authentication |
CN109150517A (en) * | 2018-09-04 | 2019-01-04 | 大唐高鸿信安(浙江)信息科技有限公司 | Key security management system and method based on SGX |
CN109361668A (en) * | 2018-10-18 | 2019-02-19 | 国网浙江省电力有限公司 | A kind of data trusted transmission method |
US20200151170A1 (en) * | 2018-11-14 | 2020-05-14 | Baidu Online Network Technology (Beijing) Co., Ltd. | Spark query method and system supporting trusted computing |
CN110138799A (en) * | 2019-05-30 | 2019-08-16 | 东北大学 | A kind of secure cloud storage method based on SGX |
CN110535628A (en) * | 2019-08-29 | 2019-12-03 | 阿里巴巴集团控股有限公司 | The method and device of Secure calculating is carried out by certificate issuance |
CN110912686A (en) * | 2019-10-15 | 2020-03-24 | 福建联迪商用设备有限公司 | Secure channel key negotiation method and system |
CN111181720A (en) * | 2019-12-31 | 2020-05-19 | 支付宝(杭州)信息技术有限公司 | Service processing method and device based on trusted execution environment |
CN112182615A (en) * | 2020-09-29 | 2021-01-05 | 北京电子科技学院 | Cloud computing key protection system based on SGX and ORAM technology |
CN112948810A (en) * | 2021-05-12 | 2021-06-11 | 支付宝(杭州)信息技术有限公司 | Trusted computing program calling method and device, electronic equipment and storage medium |
Non-Patent Citations (1)
Title |
---|
王冠: "基于SGX的Hadoop KMS安全增强方案", 《信息安全研究》, pages 2 - 6 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114462047A (en) * | 2022-01-25 | 2022-05-10 | 北京工业大学 | Cloud outsourcing computing security method based on SGX technology |
CN114462047B (en) * | 2022-01-25 | 2024-03-29 | 北京工业大学 | Cloud outsourcing calculation safety method based on SGX technology |
CN115081000A (en) * | 2022-06-17 | 2022-09-20 | 苏州浪潮智能科技有限公司 | Method, system, device and storage medium for protecting source code of remote object program |
CN115270134A (en) * | 2022-07-18 | 2022-11-01 | 京信数据科技有限公司 | Computing method and system based on FPGA trusted execution environment |
CN115270134B (en) * | 2022-07-18 | 2023-04-18 | 京信数据科技有限公司 | Computing method and system based on FPGA trusted execution environment |
Also Published As
Publication number | Publication date |
---|---|
CN113810382B (en) | 2023-07-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA3048894C (en) | Addressing a trusted execution environment using encryption key | |
US10972265B2 (en) | Addressing a trusted execution environment | |
AU2017396531B2 (en) | Addressing a trusted execution environment using signing key | |
CN107506659B (en) | Data protection system and method of general database based on SGX | |
CN113810382B (en) | Ciphertext loading method for resisting SGX side channel attack | |
US10897360B2 (en) | Addressing a trusted execution environment using clean room provisioning | |
US11783091B2 (en) | Executing entity-specific cryptographic code in a cryptographic coprocessor | |
CN113726733A (en) | Encryption intelligent contract privacy protection method based on trusted execution environment | |
US20230254160A1 (en) | A calculation method and device for elliptic curve digital signature to resist memory disclosure attacks | |
US20210111901A1 (en) | Executing entity-specific cryptographic code in a trusted execution environment | |
Hao et al. | Trusted block as a service: Towards sensitive applications on the cloud | |
Mavrogiannopoulos et al. | A linux kernel cryptographic framework: decoupling cryptographic keys from applications | |
CN115081000B (en) | Method, system, device and storage medium for protecting remote target program source code | |
KR101188659B1 (en) | Method for protecting the digital contents between player and cartridges | |
Tsai et al. | Cloud encryption using distributed environmental keys | |
He et al. | EnShare: Sharing Files Securely and Efficiently in the Cloud using Enclave | |
Mavrogiannopoulos et al. | A Linux kernel cryptographic framework: Decoupling cryptographic keys from applications [extended version] | |
EP4042630A1 (en) | Executing entity-specific cryptographic code in a cryptographic coprocessor | |
NZ754540B2 (en) | Addressing a trusted execution environment using signing key |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CB03 | Change of inventor or designer information |
Inventor after: Shi Wenbo Inventor after: Zhang Jian Inventor after: Zhang Jianlei Inventor after: Wang Qinghao Inventor after: Lu Ning Inventor before: Zhang Jian Inventor before: Zhang Jianlei Inventor before: Wang Qinghao Inventor before: Shi Wenbo Inventor before: Lu Ning |
|
CB03 | Change of inventor or designer information |