英特尔SGX和区块链安全:iExec的端到端解决方案_AND:newland

点击蓝字关注我们

英特尔SGX和区块链

iExec端到端解决方案

iExec很荣幸地宣布即将推出首个集成英特尔SGX的端到端解决方案,用于分布式计算的安全技术应用。在2018年10月30日布拉格Devcon4会议上,iExec和英特尔将宣布重大合作新闻。

张磊,iExec安全总监介绍了英特尔SGXEnclave技术,以及如何保证参与区块链网络的用户和应用的安全问题,特别是基于区块链的分布式云技术方面。

敬请关注!

正文相关链接

IntelSGX:https://software.intel.com/en-us/sgx

Thechallenge:Howcanweguaranteesecurityondecentralizedanddistributednetworks?

Blockchain-basedapplicationsandcomputingarenotownedorcontrolledbyonespecificentitybutratherpoweredbyadistributednetworkofmultiplemachinesor‘nodes’.Thedistributednatureofdecentralizedcloudcomputingnetworkspresentachallengetoguaranteesecurityasanyrootprivilegeusermayeasilyinspectthesensitivedataandtamperwiththeapplicationrunningonthedecentralizedhost.Fortraditionalcentralizedcloudcomputingproviders,itiseasiertoemployexistingsecuritymechanismsprotecttheinvolvedapplication.

Fordecentralizedblockchain-basedclouds,asilicon-basedsecuritysolution,called‘IntelSGX’,istheonlyefficientsolutiontoprotectusersandapplicationsinvolvedinBlockchain-baseddecentralizedcomputing.

IntelSGX(IntelSoftwareGuardExtensions),isasetofCPUinstructioncodesthatenabletheexecutionofselectpiecescodeanddatainprotectedareascalledenclaves.Basically,whileyouhaveanapplicationrunningonahostmachine,SGXenclavesessentiallyactasabubble,isolatingandprotectingtheapplicationfromthehostmachine,inthisway,eventherootprivilegeadministratorofthehostmachineisnotabletopenetratethisbubbletoaccessandtamperwiththeapplication.

KuCoin以100亿美元估值完成1.5亿美元融资,Jump Crypto领投:5月10日消息,加密货币交易所KuCoin以100亿美元估值完成1.5亿美元融资,Jump Crypto领投,Circle Ventures、IDG Capital和Matrix Partners等参投。KuCoin将利用这笔资金扩大其产品线,如加密钱包、DeFi和NFT平台。(CoinDesk)[2022/5/10 3:04:22]

AnintroductiontoIntelSGXEnclaves-iExecSecurityR&D,LeiZhang

“WhatmakesIntelSGXcompellingisthatitprovidesahardwaretrustedexecutionenvironment(TEE),allowingbetterprotectionsfordatain-use,at-restandin-transit,built-inCPUinstructionsandplatformenhancementsprovidecryptographicassertionsforthecodethatispermittedtoaccessthedata.Ifthecodeisalteredortampered,thenaccessisdeniedandtheenvironmentdisabled.”

—RickEchevarria,VicepresidentofIntel’sSoftwareandServicesGroup.

1.TheiExecE2ESGXsolution

iExecispioneeringthebuildingofablockchain-enableddecentralizedanddistributedcloudnetwork.Theyhavenowprovidedthefirsteverfullandend-to-endsolutionintegratingSGXfortheblockchain-basedcloud.SomeofourinitialworkwithintelSGXcanbereadinthisblogpostandiscoveredinthisvideopresentation.iExecpresentedthefirstphaseofworkonSGXinMarch2018attheIBMThinkConferenceinLasVegasandco-presentedalongsideIntelinMay2018atConsensusinNewYork..Thisfirstphasefocusedontheprotectionofthesecretsbuiltindecentralizedapplications:althoughtheapplicationsrunsondecentralizednodes,theinvolvedsensitivedatacannotbeinspectedoralteredwithbymaliciousattackersonthenetwork.Howeverthefirststageofworkwasbasedonsomesophisticated(raw)frameworksandthefunctionalityofthesolutionwaslimitedtoonlyprotectnativesecretsoftheapplication,furthermorethesolutioncouldbecomplicatedforappdevelopersandusers,especiallyforthosewhoarenotinthefieldofITandcomputing.

加密金融服务公司Blofin完成5000万美元B轮融资,KuCoin领投:3月2日消息,加密金融服务公司 Blofin 完成 5000 万美元 B 轮融资,KuCoin 领投,SIG 和经纬创投参投。通过新一轮融资,Blofin 将招募更多的交易、技术、产品、运营、营销和合规人才。当前 Blofin 的全球管理资产(AUM)已达 3 亿美元。2021 年,Blofin 的交易量达到了超过 1000 亿美元。公司将专注于改善交易基础设施,创造新的融资产品和服务,开发和推出其移动应用程序,在多个国家扩张,并在全球获得更多牌照。(newsfilecorp)[2022/3/2 13:31:46]

iExechastocontinuedtomakesignificantcontributions,workingdiligentlywithourpartners,topushforwardapowerfulanduser-friendlyend-to-endSGXsolution.Thissolutionisintendedtobeusedasanindustryreferencetoenhancetheoverallsecurityofdecentralizedcloudcomputing.ThisnewSGXsolution,combinedwithBlockchain,allowsforunmatchedleveloftrustforDecentralizedApplications(Dapps)andexecution/dataprocessingondecentralizednodes.TheiExecapproachspecificallyallowsBlockchaintoworkwithSGXinorderto:

ProtecttheDAppandprovidefulldataprotectionthatcannotbeaccessedbytheexecutionhost,especiallyforuser’sinputandoutputdata.

GuaranteetheintegrationoftheDapp/Data,makingsurethecorrectandexpectedDApporDataisrunningonthedecentralizednode.

Provideblockchain-basedvalidationforoff-chaincomputing,verifyingthattheDappiscorrectlyexecutedinanenclaveandisneithertamperednorinterruptedbythedecentralizednode.Asmart-contractsignatureissignedinsidethissecureenclavebeforetheverificationisdonebytheblockchainnetwork.

KuCoin(库币)宣布支持Kusama平行链插槽竞拍:据KuCoin(库币)消息,为全面支持波卡生态及社区发展,KuCoin(库币)平台将同步支持Kusama平行链插槽竞拍,凡持有KSM的用户可通过KuCoin平台为心仪的波卡生态项目助力拍得插槽。

KuCoin(库币)旨在发掘优质区块链项目,为来自207个国家的800万用户提供现货、杠杆、合约、Staking 、借贷等一站式服务。[2021/6/4 23:12:32]

MakesuretheexecutionandDAppresultisvalid,neithercopied,norfabricatedbymaliciousdecentralizednode.

Protecttheend-to-endprivacyofDAppresult,whichcanneverbeinspectedbyanyoneelsebuttheuser.

Afriendly-userinterface:significantsimplificationforuserstoencrypt/decrypttheinput/outputdataandtriggertheSGXapplicationexecution.

EasyusabilityisakeyelementofUserExperience;withthenewiExecE2ESGXsolution,useronlyneeds3simplestepstorunanE2ESGXapplicationandtoprovideafullprotectionofuser’sinputandoutputdata.

Let’sthinkaboutatypicalSGXapplication,sayforexampleaFinTechapplication.Theapplicationisfedbysomeuserinputdatawhichcontainssomeuser’spersonalandsensitivesecrets(e.g.bankaccountinformation,personalprivacy,etc…),theoutputresultsoftheapplicationalsocontainsomesensitivedataandareonlyintendedtouserwhotriggerstheapplication.Theinputdataandtheoutputresultsneedtobestrictlyprotectedduringthewholeprocedure.Thenon-encryptedsensitivedataneverleavesuserlocalscopeorhigh-securedtrustedexecutionenvironment:SXGenclave.Hereisagenericdescriptionofthe3simplestepsofiExec’sSGXsolution.

英特尔加入蚂蚁区块链生态:5月27日,英特尔加入蚂蚁区块链生态,正式宣布战略合作。加入蚂蚁区块链生态后,以英特尔为源头的硬件租赁供应链体系,将实现整体区块链化,租赁厂商、保险公司、资金机构全部上链,流转过程中所有信息均真实不可改。(36氪)[2020/5/27]

Step1:Useronlyneedstorunonesimplecommandwhichallowstoautomatically:

Encryptuser’sinputdata

Pushtheencrypteddatatoaremotefilesystem(i.e.theremotefilesystemcanbeanypublicfilesharingserviceandenduserisfreetochoosehis/herpreferredone,pleasenotethatthisserviceisnotprovidedbyiExec)

Updaterelatedsessiondata(i.e.eachuser’striggeringoftheapplicationisasession)toaSGXbasedsecretmanagementservice.Secretmanagementservicecanbedeployedinaflexibleway:itcanbeatuser’sside,orscheduler’sside(i.e.SGXworkpool).

Step2:UsertriggersthetargetapplicationviasimpleclicksfromtheiExecDappstoreandmarketplaceviaauser-friendlyUIinterface.

OncethetargetapplicationistriggeredatremoteSGXdecentralizednode,theapplicationwillfirstlyautomaticallypulltheencrypteduserinputdatafromremotefilesystem(i.e.pushedinstep1);retrievethesecretkeyviasecuredSGXprovisionchannel,whichisthenusedtodecrypttheuserinputdata,thedecryptionisdoneonlyinsidethehigh-securedtrustedenvironment—SGXenclave;thedecrypteddatacanthenbeusedtofeedtheapplicationexecution,assoonastheapplicationresultisavailable,asignatureisprecededbasedontheprivatekeyprotectedinsidetheSGXenclave,whichcannotbeinspectedbytheoutsideworld.TheapplicationresultisfinallyencryptedandthentheiExec’sverificationprocedure(i.e.ProofofContribution)istriggered.EverythingissecurelyhappenedinsidetheIntelSGXenclaveensuredbyIntelhardwareCPUandnosecretisabletorevealedtotheoutsideworld.

受累于英特尔Bug Bittrex钱包被强制下线:在星期三,科技界爆出“计算机芯片漏洞导致关键数据暴露”事宜,引发业内震动。本次新发现的主要影响Intel芯片的Bug被命名为“ Meltdown”和“Spectre”。就安全角度而言,这个问题涉及到所有使用英特尔技术支持设备连接到互联网的人。而实际上,这个bug也已经被人真实的感受到:Bittrex交易所在服务器修补期间迫使钱包下线。[2018/1/5]

Thesignatureisfinallytransferredtoon-chainnetworkandverifiedbyon-chainsmartcontractviatheregisteredcorrespondingpublickey.Ifthesignatureverificationpassesandapplicationresult’strustlevelachievesagiventhreshold.Theuserwillbeinformedtodownloadtheencryptedresult.

Thewholeprocedureisdoneautomaticallyinahighsecureway,andthisprocedureistriggeredbyonlysomesimpleclicksfromuserviathefriendlyUIinterface.

Fig.1iExec’sE2ESGXworkflow

Step3:Usercandownloadtheencryptedresultpackage,andusercanjustrunonesimplecommandtodecrypttheresult.Pleasenotethatonlytheuserwhotriggersthetask(i.e.SGXapplication)isabletodownloadtheencryptedresult,andonlytheuserownsthekeytodecrypttheapplicationresult.

Pleasenotethattheprocedureisplatformindependent,andthereforeiscompatiblewithdifferentoperatingsystems:Windows,Linux,MacOS.

Inthenearfuture,wewillfurthersimplifyuser’sprocedure—allthethreestepswillbeintegratedintoonesimplestep,andcanbedonebyseveralsimpleclicksfromuserviauserfriendlyuserinterface—https://market.iex.ec/.

2.TheiExecSolutionisSGXVendorAgnostic

TheiExecplatformisopentodifferentSGXsolutionvendors.Specifically,iExechasbeencollaboratingwithSCONEandFortanixtointegratetheirSGXframeworksintoiExec’sE2ESGXsolution.WearealsointhephaseofevaluatingIntel’sPDOframework.Inthefuture,wewillalsoconsidertheSGXframeworkofGraphene/Graphene-ng.AllthemainstreamSGXsolutionswillbe100%compatiblewithiExec’splatform,andwewillleaveiExecDappdevelopersanduserstofreelychoosetheirpreferredSGXframeworks.OurobjectistopromotetheemergenceofanecosystemwhichprovidestrustedexecutionforBlockchainbasedcomputing,andthesetrustedservicecanbemonetizedviaiExec’smarketplace.

3.iExecContributionstowardsIndustryStandardization

iExecarepioneersinthefieldofblockchain-basedTrustComputing,andisveryactiveinleadingandpushingforwardtheindustrialstandardizationforinthiscontextforBlockchaintechnology.

Especially:

iExecisveryactiveinEEA(EnterpriseEthereumAlliance):iExecischairingtheTrustedComputeWorkGroup,andkeepscontributingandpushingforwardtheEEAspecifications,especiallytheOff-chainTrustedComputeSpecificationwhichistobepubliclyreleasedsoon.

iExecisactiveinIEEEaswell.iExecismemberofIEEEP2418,andisinvolvedinIEEEstandardprojectonDLT-basedFederatedIdentity,CredentialandTrustManagement.iExecleadsthestandardizationworkinseveralBlockchainbaseddomains,especiallythesecurityandTEE(TrustedExecutionEnvironment)

iExeciscollaboratingwithhardwaretrustedexecutionvendorstomoveforwardthishardwarebasedsecuritysolution(SGX)tobefullystandard-compliant,staytunedforthecomingupdatesduringDevcon4.

iExecisalsocollaboratingwithourpartnerstomoveforwardthestandardizationforBlockchainbasedFogComputinginthecontextofOpenFogconsortium.SomeresultofthefirststagecollaborationwithourpartnersonFogComputingwillbereleasedsoon,pleasestaytunedinthefollowingdays.

长按扫码关注公众号

点“阅读原文”了解更多

郑重声明: 本文版权归原作者所有, 转载文章仅为传播更多信息之目的, 如作者信息标记有误, 请第一时间联系我们修改或删除, 多谢。

金宝趣谈

比特币价格实时行情十一结束 开始工作_FIN:DFT

当前浏览器不支持播放音乐或语音,请在微信或其他浏览器中播放我的爱许巍-我的爱 十一七天假结束 开始工作的你 怎一个“困“”字了得 哈气连篇 萎靡不振 注意力涣散 那么就让IPC来给你提提神 IP.

[0:0ms0-3:976ms