ION:英特爾SGX和區塊鏈安全：iExec的端到端解決方案

點擊藍字關注我們

英特爾SGX和區塊鏈

iExec端到端解決方案

iExec很榮幸地宣布即將推出首個集成英特爾SGX的端到端解決方案，用于分布式計算的安全技術應用。在2018年10月30日布拉格Devcon4會議上，iExec和英特爾將宣布重大合作新聞。

張磊，iExec安全總監介紹了英特爾SGXEnclave技術，以及如何保證參與區塊鏈網絡的用戶和應用的安全問題，特別是基于區塊鏈的分布式云技術方面。

敬請關注！

正文相關鏈接

IntelSGX:https://software.intel.com/en-us/sgx

Thechallenge:Howcanweguaranteesecurityondecentralizedanddistributednetworks?

Blockchain-basedapplicationsandcomputingarenotownedorcontrolledbyonespecificentitybutratherpoweredbyadistributednetworkofmultiplemachinesor‘nodes’.Thedistributednatureofdecentralizedcloudcomputingnetworkspresentachallengetoguaranteesecurityasanyrootprivilegeusermayeasilyinspectthesensitivedataandtamperwiththeapplicationrunningonthedecentralizedhost.Fortraditionalcentralizedcloudcomputingproviders,itiseasiertoemployexistingsecuritymechanismsprotecttheinvolvedapplication.

Fordecentralizedblockchain-basedclouds,asilicon-basedsecuritysolution,called‘IntelSGX’,istheonlyefficientsolutiontoprotectusersandapplicationsinvolvedinBlockchain-baseddecentralizedcomputing.

IntelSGX(IntelSoftwareGuardExtensions),isasetofCPUinstructioncodesthatenabletheexecutionofselectpiecescodeanddatainprotectedareascalledenclaves.Basically,whileyouhaveanapplicationrunningonahostmachine,SGXenclavesessentiallyactasabubble,isolatingandprotectingtheapplicationfromthehostmachine,inthisway,eventherootprivilegeadministratorofthehostmachineisnotabletopenetratethisbubbletoaccessandtamperwiththeapplication.

礦機公司中科聲龍完成A輪融資，英特爾資本領投:據官方消息，Sunlune LTD.（簡稱中科聲龍，英文SUNLUNE）宣布順利完成A輪融資，本輪融資由英特爾資本（Intel Capital）獨家戰略投資，具體融資數額暫未披露，預計規模數千萬美元。

Sunlune LTD是一家注冊在開曼群島，總部設于新加坡，設計運營在中國的芯片設計公司。中科聲龍最早成立于2009年，長期致力于計算機系統結構的研究開發，于2018年實現升級轉型，專注于存算一體高通量算力芯片的研發。[2022/9/14 13:28:56]

AnintroductiontoIntelSGXEnclaves-iExecSecurityR&D,LeiZhang

“WhatmakesIntelSGXcompellingisthatitprovidesahardwaretrustedexecutionenvironment(TEE),allowingbetterprotectionsfordatain-use,at-restandin-transit,built-inCPUinstructionsandplatformenhancementsprovidecryptographicassertionsforthecodethatispermittedtoaccessthedata.Ifthecodeisalteredortampered,thenaccessisdeniedandtheenvironmentdisabled.”

—RickEchevarria,VicepresidentofIntel’sSoftwareandServicesGroup.

1.TheiExecE2ESGXsolution

iExecispioneeringthebuildingofablockchain-enableddecentralizedanddistributedcloudnetwork.Theyhavenowprovidedthefirsteverfullandend-to-endsolutionintegratingSGXfortheblockchain-basedcloud.SomeofourinitialworkwithintelSGXcanbereadinthisblogpostandiscoveredinthisvideopresentation.iExecpresentedthefirstphaseofworkonSGXinMarch2018attheIBMThinkConferenceinLasVegasandco-presentedalongsideIntelinMay2018atConsensusinNewYork..Thisfirstphasefocusedontheprotectionofthesecretsbuiltindecentralizedapplications:althoughtheapplicationsrunsondecentralizednodes,theinvolvedsensitivedatacannotbeinspectedoralteredwithbymaliciousattackersonthenetwork.Howeverthefirststageofworkwasbasedonsomesophisticated(raw)frameworksandthefunctionalityofthesolutionwaslimitedtoonlyprotectnativesecretsoftheapplication,furthermorethesolutioncouldbecomplicatedforappdevelopersandusers,especiallyforthosewhoarenotinthefieldofITandcomputing.

Argo Blockchain傾向于”使用英特爾芯片設計定制礦機:金色財經報道，比特幣礦企Argo Blockchain首席執行官彼得?沃爾在接受采訪時表示，該公司“傾向于”使用英特爾的芯片設計自己的機器，并與第三方制造商合作，讓它們變得有生命。英特爾的這一產品有望打破Bitmain和MicroBT壟斷礦用專用集成電路(asic)市場的局面。更重要的是，沃爾表示，他們可以讓礦工有機會設計自己的機器，而不是只能滿足于制造商提供的現成機器。（coindesk）[2022/5/12 3:09:06]

iExechastocontinuedtomakesignificantcontributions,workingdiligentlywithourpartners,topushforwardapowerfulanduser-friendlyend-to-endSGXsolution.Thissolutionisintendedtobeusedasanindustryreferencetoenhancetheoverallsecurityofdecentralizedcloudcomputing.ThisnewSGXsolution,combinedwithBlockchain,allowsforunmatchedleveloftrustforDecentralizedApplications(Dapps)andexecution/dataprocessingondecentralizednodes.TheiExecapproachspecificallyallowsBlockchaintoworkwithSGXinorderto:

ProtecttheDAppandprovidefulldataprotectionthatcannotbeaccessedbytheexecutionhost,especiallyforuser’sinputandoutputdata.

GuaranteetheintegrationoftheDapp/Data,makingsurethecorrectandexpectedDApporDataisrunningonthedecentralizednode.

Provideblockchain-basedvalidationforoff-chaincomputing,verifyingthattheDappiscorrectlyexecutedinanenclaveandisneithertamperednorinterruptedbythedecentralizednode.Asmart-contractsignatureissignedinsidethissecureenclavebeforetheverificationisdonebytheblockchainnetwork.

英特爾計劃在2月底發布一款比特幣挖礦ASIC芯片:2月11日消息，芯片巨頭英特爾透露，他們將在2022年2月底舉行的國際固態電路會議(ISSCC) 全球論壇上推出一款用于比特幣挖礦的專用集成電路 (ASIC)芯片，英特爾還表示比特幣挖礦工作符合可持續發展目標。據悉，比特幣挖礦上市公司GRIID已經與英特爾簽署了一項比特幣挖礦 ASIC 硬件購買協議。另據Marathon Digital Holdings首席執行官Fred Thiel透露，目前至少有三家美國公司正在進行相關ASIC芯片設計，但他沒有透露具體公司名稱。[2022/2/11 9:46:01]

MakesuretheexecutionandDAppresultisvalid,neithercopied,norfabricatedbymaliciousdecentralizednode.

Protecttheend-to-endprivacyofDAppresult,whichcanneverbeinspectedbyanyoneelsebuttheuser.

Afriendly-userinterface:significantsimplificationforuserstoencrypt/decrypttheinput/outputdataandtriggertheSGXapplicationexecution.

EasyusabilityisakeyelementofUserExperience;withthenewiExecE2ESGXsolution,useronlyneeds3simplestepstorunanE2ESGXapplicationandtoprovideafullprotectionofuser’sinputandoutputdata.

Let’sthinkaboutatypicalSGXapplication,sayforexampleaFinTechapplication.Theapplicationisfedbysomeuserinputdatawhichcontainssomeuser’spersonalandsensitivesecrets(e.g.bankaccountinformation,personalprivacy,etc…),theoutputresultsoftheapplicationalsocontainsomesensitivedataandareonlyintendedtouserwhotriggerstheapplication.Theinputdataandtheoutputresultsneedtobestrictlyprotectedduringthewholeprocedure.Thenon-encryptedsensitivedataneverleavesuserlocalscopeorhigh-securedtrustedexecutionenvironment:SXGenclave.Hereisagenericdescriptionofthe3simplestepsofiExec’sSGXsolution.

動態 | IBM、英特爾等助力UCSD建立區塊鏈研究中心:據ethnews報道，9月26日，加州大學圣地亞哥分校（UCSD）超級計算機中心的大型數據系統中心宣布推出區塊鏈研究中心BlockLAB。根據公告，幫助創建BlockLAB的一些主要合作伙伴包括戴爾，IBM和英特爾。這些技術巨頭的影響力和知識將助力BlockLAB的研究，以及為整個區塊鏈行業做出巨大貢獻。項目負責人James Short表示，這些公司提供了他們正在開發和/或試驗的區塊鏈技術的早期訪問權，還將允許他們訪問正在進行和已完成的研究，并就BlockLAB應進行何種研究提出建議。除了提供研究和技術支持外，戴爾，IBM和英特爾也在為該項目提供財務支持。[2018/10/3]

Step1:Useronlyneedstorunonesimplecommandwhichallowstoautomatically:

Encryptuser’sinputdata

Pushtheencrypteddatatoaremotefilesystem(i.e.theremotefilesystemcanbeanypublicfilesharingserviceandenduserisfreetochoosehis/herpreferredone,pleasenotethatthisserviceisnotprovidedbyiExec)

Updaterelatedsessiondata(i.e.eachuser’striggeringoftheapplicationisasession)toaSGXbasedsecretmanagementservice.Secretmanagementservicecanbedeployedinaflexibleway:itcanbeatuser’sside,orscheduler’sside(i.e.SGXworkpool).

Step2:UsertriggersthetargetapplicationviasimpleclicksfromtheiExecDappstoreandmarketplaceviaauser-friendlyUIinterface.

OncethetargetapplicationistriggeredatremoteSGXdecentralizednode,theapplicationwillfirstlyautomaticallypulltheencrypteduserinputdatafromremotefilesystem(i.e.pushedinstep1);retrievethesecretkeyviasecuredSGXprovisionchannel,whichisthenusedtodecrypttheuserinputdata,thedecryptionisdoneonlyinsidethehigh-securedtrustedenvironment—SGXenclave;thedecrypteddatacanthenbeusedtofeedtheapplicationexecution,assoonastheapplicationresultisavailable,asignatureisprecededbasedontheprivatekeyprotectedinsidetheSGXenclave,whichcannotbeinspectedbytheoutsideworld.TheapplicationresultisfinallyencryptedandthentheiExec’sverificationprocedure(i.e.ProofofContribution)istriggered.EverythingissecurelyhappenedinsidetheIntelSGXenclaveensuredbyIntelhardwareCPUandnosecretisabletorevealedtotheoutsideworld.

動態 | 英特爾技術主管將擔任Hyperledger技術指導委員會主席:據coindesk消息，英特爾技術主管Dan Middleton被選為Hyperledger技術指導委員會（TSC）主席，他將接替來自IBM的Christopher Ferris。[2018/9/7]

Thesignatureisfinallytransferredtoon-chainnetworkandverifiedbyon-chainsmartcontractviatheregisteredcorrespondingpublickey.Ifthesignatureverificationpassesandapplicationresult’strustlevelachievesagiventhreshold.Theuserwillbeinformedtodownloadtheencryptedresult.

Thewholeprocedureisdoneautomaticallyinahighsecureway,andthisprocedureistriggeredbyonlysomesimpleclicksfromuserviathefriendlyUIinterface.

Fig.1iExec’sE2ESGXworkflow

Step3:Usercandownloadtheencryptedresultpackage,andusercanjustrunonesimplecommandtodecrypttheresult.Pleasenotethatonlytheuserwhotriggersthetask(i.e.SGXapplication)isabletodownloadtheencryptedresult,andonlytheuserownsthekeytodecrypttheapplicationresult.

Pleasenotethattheprocedureisplatformindependent,andthereforeiscompatiblewithdifferentoperatingsystems:Windows,Linux,MacOS.

Inthenearfuture,wewillfurthersimplifyuser’sprocedure—allthethreestepswillbeintegratedintoonesimplestep,andcanbedonebyseveralsimpleclicksfromuserviauserfriendlyuserinterface—https://market.iex.ec/.

2.TheiExecSolutionisSGXVendorAgnostic

TheiExecplatformisopentodifferentSGXsolutionvendors.Specifically,iExechasbeencollaboratingwithSCONEandFortanixtointegratetheirSGXframeworksintoiExec’sE2ESGXsolution.WearealsointhephaseofevaluatingIntel’sPDOframework.Inthefuture,wewillalsoconsidertheSGXframeworkofGraphene/Graphene-ng.AllthemainstreamSGXsolutionswillbe100%compatiblewithiExec’splatform,andwewillleaveiExecDappdevelopersanduserstofreelychoosetheirpreferredSGXframeworks.OurobjectistopromotetheemergenceofanecosystemwhichprovidestrustedexecutionforBlockchainbasedcomputing,andthesetrustedservicecanbemonetizedviaiExec’smarketplace.

3.iExecContributionstowardsIndustryStandardization

iExecarepioneersinthefieldofblockchain-basedTrustComputing,andisveryactiveinleadingandpushingforwardtheindustrialstandardizationforinthiscontextforBlockchaintechnology.

Especially:

iExecisveryactiveinEEA(EnterpriseEthereumAlliance):iExecischairingtheTrustedComputeWorkGroup,andkeepscontributingandpushingforwardtheEEAspecifications,especiallytheOff-chainTrustedComputeSpecificationwhichistobepubliclyreleasedsoon.

iExecisactiveinIEEEaswell.iExecismemberofIEEEP2418,andisinvolvedinIEEEstandardprojectonDLT-basedFederatedIdentity,CredentialandTrustManagement.iExecleadsthestandardizationworkinseveralBlockchainbaseddomains,especiallythesecurityandTEE(TrustedExecutionEnvironment)

iExeciscollaboratingwithhardwaretrustedexecutionvendorstomoveforwardthishardwarebasedsecuritysolution(SGX)tobefullystandard-compliant,staytunedforthecomingupdatesduringDevcon4.

iExecisalsocollaboratingwithourpartnerstomoveforwardthestandardizationforBlockchainbasedFogComputinginthecontextofOpenFogconsortium.SomeresultofthefirststagecollaborationwithourpartnersonFogComputingwillbereleasedsoon,pleasestaytunedinthefollowingdays.

長按掃碼關注公眾號

點“閱讀原文”了解更多

Tags：THEIONANDICAThe Swedish TrustINUCEPTIONLANDWOLFethical和ethnic區別

中幣下載