点击蓝字关注我们
英特尔SGX和区块链
iExec端到端解决方案
iExec很荣幸地宣布即将推出首个集成英特尔SGX的端到端解决方案,用于分布式计算的安全技术应用。在2018年10月30日布拉格Devcon4会议上,iExec和英特尔将宣布重大合作新闻。
张磊,iExec安全总监介绍了英特尔SGXEnclave技术,以及如何保证参与区块链网络的用户和应用的安全问题,特别是基于区块链的分布式云技术方面。
敬请关注!
正文相关链接
IntelSGX:https://software.intel.com/en-us/sgx
Thechallenge:Howcanweguaranteesecurityondecentralizedanddistributednetworks?
Blockchain-basedapplicationsandcomputingarenotownedorcontrolledbyonespecificentitybutratherpoweredbyadistributednetworkofmultiplemachinesor‘nodes’.Thedistributednatureofdecentralizedcloudcomputingnetworkspresentachallengetoguaranteesecurityasanyrootprivilegeusermayeasilyinspectthesensitivedataandtamperwiththeapplicationrunningonthedecentralizedhost.Fortraditionalcentralizedcloudcomputingproviders,itiseasiertoemployexistingsecuritymechanismsprotecttheinvolvedapplication.
Fordecentralizedblockchain-basedclouds,asilicon-basedsecuritysolution,called‘IntelSGX’,istheonlyefficientsolutiontoprotectusersandapplicationsinvolvedinBlockchain-baseddecentralizedcomputing.
IntelSGX(IntelSoftwareGuardExtensions),isasetofCPUinstructioncodesthatenabletheexecutionofselectpiecescodeanddatainprotectedareascalledenclaves.Basically,whileyouhaveanapplicationrunningonahostmachine,SGXenclavesessentiallyactasabubble,isolatingandprotectingtheapplicationfromthehostmachine,inthisway,eventherootprivilegeadministratorofthehostmachineisnotabletopenetratethisbubbletoaccessandtamperwiththeapplication.
KuCoin以100亿美元估值完成1.5亿美元融资,Jump Crypto领投:5月10日消息,加密货币交易所KuCoin以100亿美元估值完成1.5亿美元融资,Jump Crypto领投,Circle Ventures、IDG Capital和Matrix Partners等参投。KuCoin将利用这笔资金扩大其产品线,如加密钱包、DeFi和NFT平台。(CoinDesk)[2022/5/10 3:04:22]
AnintroductiontoIntelSGXEnclaves-iExecSecurityR&D,LeiZhang
“WhatmakesIntelSGXcompellingisthatitprovidesahardwaretrustedexecutionenvironment(TEE),allowingbetterprotectionsfordatain-use,at-restandin-transit,built-inCPUinstructionsandplatformenhancementsprovidecryptographicassertionsforthecodethatispermittedtoaccessthedata.Ifthecodeisalteredortampered,thenaccessisdeniedandtheenvironmentdisabled.”
—RickEchevarria,VicepresidentofIntel’sSoftwareandServicesGroup.
1.TheiExecE2ESGXsolution
iExecispioneeringthebuildingofablockchain-enableddecentralizedanddistributedcloudnetwork.Theyhavenowprovidedthefirsteverfullandend-to-endsolutionintegratingSGXfortheblockchain-basedcloud.SomeofourinitialworkwithintelSGXcanbereadinthisblogpostandiscoveredinthisvideopresentation.iExecpresentedthefirstphaseofworkonSGXinMarch2018attheIBMThinkConferenceinLasVegasandco-presentedalongsideIntelinMay2018atConsensusinNewYork..Thisfirstphasefocusedontheprotectionofthesecretsbuiltindecentralizedapplications:althoughtheapplicationsrunsondecentralizednodes,theinvolvedsensitivedatacannotbeinspectedoralteredwithbymaliciousattackersonthenetwork.Howeverthefirststageofworkwasbasedonsomesophisticated(raw)frameworksandthefunctionalityofthesolutionwaslimitedtoonlyprotectnativesecretsoftheapplication,furthermorethesolutioncouldbecomplicatedforappdevelopersandusers,especiallyforthosewhoarenotinthefieldofITandcomputing.
加密金融服务公司Blofin完成5000万美元B轮融资,KuCoin领投:3月2日消息,加密金融服务公司 Blofin 完成 5000 万美元 B 轮融资,KuCoin 领投,SIG 和经纬创投参投。通过新一轮融资,Blofin 将招募更多的交易、技术、产品、运营、营销和合规人才。当前 Blofin 的全球管理资产(AUM)已达 3 亿美元。2021 年,Blofin 的交易量达到了超过 1000 亿美元。公司将专注于改善交易基础设施,创造新的融资产品和服务,开发和推出其移动应用程序,在多个国家扩张,并在全球获得更多牌照。(newsfilecorp)[2022/3/2 13:31:46]
iExechastocontinuedtomakesignificantcontributions,workingdiligentlywithourpartners,topushforwardapowerfulanduser-friendlyend-to-endSGXsolution.Thissolutionisintendedtobeusedasanindustryreferencetoenhancetheoverallsecurityofdecentralizedcloudcomputing.ThisnewSGXsolution,combinedwithBlockchain,allowsforunmatchedleveloftrustforDecentralizedApplications(Dapps)andexecution/dataprocessingondecentralizednodes.TheiExecapproachspecificallyallowsBlockchaintoworkwithSGXinorderto:
ProtecttheDAppandprovidefulldataprotectionthatcannotbeaccessedbytheexecutionhost,especiallyforuser’sinputandoutputdata.
GuaranteetheintegrationoftheDapp/Data,makingsurethecorrectandexpectedDApporDataisrunningonthedecentralizednode.
Provideblockchain-basedvalidationforoff-chaincomputing,verifyingthattheDappiscorrectlyexecutedinanenclaveandisneithertamperednorinterruptedbythedecentralizednode.Asmart-contractsignatureissignedinsidethissecureenclavebeforetheverificationisdonebytheblockchainnetwork.
KuCoin(库币)宣布支持Kusama平行链插槽竞拍:据KuCoin(库币)消息,为全面支持波卡生态及社区发展,KuCoin(库币)平台将同步支持Kusama平行链插槽竞拍,凡持有KSM的用户可通过KuCoin平台为心仪的波卡生态项目助力拍得插槽。
KuCoin(库币)旨在发掘优质区块链项目,为来自207个国家的800万用户提供现货、杠杆、合约、Staking 、借贷等一站式服务。[2021/6/4 23:12:32]
MakesuretheexecutionandDAppresultisvalid,neithercopied,norfabricatedbymaliciousdecentralizednode.
Protecttheend-to-endprivacyofDAppresult,whichcanneverbeinspectedbyanyoneelsebuttheuser.
Afriendly-userinterface:significantsimplificationforuserstoencrypt/decrypttheinput/outputdataandtriggertheSGXapplicationexecution.
EasyusabilityisakeyelementofUserExperience;withthenewiExecE2ESGXsolution,useronlyneeds3simplestepstorunanE2ESGXapplicationandtoprovideafullprotectionofuser’sinputandoutputdata.
Let’sthinkaboutatypicalSGXapplication,sayforexampleaFinTechapplication.Theapplicationisfedbysomeuserinputdatawhichcontainssomeuser’spersonalandsensitivesecrets(e.g.bankaccountinformation,personalprivacy,etc…),theoutputresultsoftheapplicationalsocontainsomesensitivedataandareonlyintendedtouserwhotriggerstheapplication.Theinputdataandtheoutputresultsneedtobestrictlyprotectedduringthewholeprocedure.Thenon-encryptedsensitivedataneverleavesuserlocalscopeorhigh-securedtrustedexecutionenvironment:SXGenclave.Hereisagenericdescriptionofthe3simplestepsofiExec’sSGXsolution.
英特尔加入蚂蚁区块链生态:5月27日,英特尔加入蚂蚁区块链生态,正式宣布战略合作。加入蚂蚁区块链生态后,以英特尔为源头的硬件租赁供应链体系,将实现整体区块链化,租赁厂商、保险公司、资金机构全部上链,流转过程中所有信息均真实不可改。(36氪)[2020/5/27]
Step1:Useronlyneedstorunonesimplecommandwhichallowstoautomatically:
Encryptuser’sinputdata
Pushtheencrypteddatatoaremotefilesystem(i.e.theremotefilesystemcanbeanypublicfilesharingserviceandenduserisfreetochoosehis/herpreferredone,pleasenotethatthisserviceisnotprovidedbyiExec)
Updaterelatedsessiondata(i.e.eachuser’striggeringoftheapplicationisasession)toaSGXbasedsecretmanagementservice.Secretmanagementservicecanbedeployedinaflexibleway:itcanbeatuser’sside,orscheduler’sside(i.e.SGXworkpool).
Step2:UsertriggersthetargetapplicationviasimpleclicksfromtheiExecDappstoreandmarketplaceviaauser-friendlyUIinterface.
OncethetargetapplicationistriggeredatremoteSGXdecentralizednode,theapplicationwillfirstlyautomaticallypulltheencrypteduserinputdatafromremotefilesystem(i.e.pushedinstep1);retrievethesecretkeyviasecuredSGXprovisionchannel,whichisthenusedtodecrypttheuserinputdata,thedecryptionisdoneonlyinsidethehigh-securedtrustedenvironment—SGXenclave;thedecrypteddatacanthenbeusedtofeedtheapplicationexecution,assoonastheapplicationresultisavailable,asignatureisprecededbasedontheprivatekeyprotectedinsidetheSGXenclave,whichcannotbeinspectedbytheoutsideworld.TheapplicationresultisfinallyencryptedandthentheiExec’sverificationprocedure(i.e.ProofofContribution)istriggered.EverythingissecurelyhappenedinsidetheIntelSGXenclaveensuredbyIntelhardwareCPUandnosecretisabletorevealedtotheoutsideworld.
受累于英特尔Bug Bittrex钱包被强制下线:在星期三,科技界爆出“计算机芯片漏洞导致关键数据暴露”事宜,引发业内震动。本次新发现的主要影响Intel芯片的Bug被命名为“ Meltdown”和“Spectre”。就安全角度而言,这个问题涉及到所有使用英特尔技术支持设备连接到互联网的人。而实际上,这个bug也已经被人真实的感受到:Bittrex交易所在服务器修补期间迫使钱包下线。[2018/1/5]
Thesignatureisfinallytransferredtoon-chainnetworkandverifiedbyon-chainsmartcontractviatheregisteredcorrespondingpublickey.Ifthesignatureverificationpassesandapplicationresult’strustlevelachievesagiventhreshold.Theuserwillbeinformedtodownloadtheencryptedresult.
Thewholeprocedureisdoneautomaticallyinahighsecureway,andthisprocedureistriggeredbyonlysomesimpleclicksfromuserviathefriendlyUIinterface.
Fig.1iExec’sE2ESGXworkflow
Step3:Usercandownloadtheencryptedresultpackage,andusercanjustrunonesimplecommandtodecrypttheresult.Pleasenotethatonlytheuserwhotriggersthetask(i.e.SGXapplication)isabletodownloadtheencryptedresult,andonlytheuserownsthekeytodecrypttheapplicationresult.
Pleasenotethattheprocedureisplatformindependent,andthereforeiscompatiblewithdifferentoperatingsystems:Windows,Linux,MacOS.
Inthenearfuture,wewillfurthersimplifyuser’sprocedure—allthethreestepswillbeintegratedintoonesimplestep,andcanbedonebyseveralsimpleclicksfromuserviauserfriendlyuserinterface—https://market.iex.ec/.
2.TheiExecSolutionisSGXVendorAgnostic
TheiExecplatformisopentodifferentSGXsolutionvendors.Specifically,iExechasbeencollaboratingwithSCONEandFortanixtointegratetheirSGXframeworksintoiExec’sE2ESGXsolution.WearealsointhephaseofevaluatingIntel’sPDOframework.Inthefuture,wewillalsoconsidertheSGXframeworkofGraphene/Graphene-ng.AllthemainstreamSGXsolutionswillbe100%compatiblewithiExec’splatform,andwewillleaveiExecDappdevelopersanduserstofreelychoosetheirpreferredSGXframeworks.OurobjectistopromotetheemergenceofanecosystemwhichprovidestrustedexecutionforBlockchainbasedcomputing,andthesetrustedservicecanbemonetizedviaiExec’smarketplace.
3.iExecContributionstowardsIndustryStandardization
iExecarepioneersinthefieldofblockchain-basedTrustComputing,andisveryactiveinleadingandpushingforwardtheindustrialstandardizationforinthiscontextforBlockchaintechnology.
Especially:
iExecisveryactiveinEEA(EnterpriseEthereumAlliance):iExecischairingtheTrustedComputeWorkGroup,andkeepscontributingandpushingforwardtheEEAspecifications,especiallytheOff-chainTrustedComputeSpecificationwhichistobepubliclyreleasedsoon.
iExecisactiveinIEEEaswell.iExecismemberofIEEEP2418,andisinvolvedinIEEEstandardprojectonDLT-basedFederatedIdentity,CredentialandTrustManagement.iExecleadsthestandardizationworkinseveralBlockchainbaseddomains,especiallythesecurityandTEE(TrustedExecutionEnvironment)
iExeciscollaboratingwithhardwaretrustedexecutionvendorstomoveforwardthishardwarebasedsecuritysolution(SGX)tobefullystandard-compliant,staytunedforthecomingupdatesduringDevcon4.
iExecisalsocollaboratingwithourpartnerstomoveforwardthestandardizationforBlockchainbasedFogComputinginthecontextofOpenFogconsortium.SomeresultofthefirststagecollaborationwithourpartnersonFogComputingwillbereleasedsoon,pleasestaytunedinthefollowingdays.
长按扫码关注公众号
点“阅读原文”了解更多
郑重声明: 本文版权归原作者所有, 转载文章仅为传播更多信息之目的, 如作者信息标记有误, 请第一时间联系我们修改或删除, 多谢。