Rapid authentication method and system for trusted execution environment

Abstract

The invention provides a rapid authentication method and system for a trusted execution environment, which are reasonable in design, fast in enclave authentication speed, small in calculation overhead and capable of rapidly establishing a trusted communication channel. The method comprises the following steps: when a trusted execution environment is initialized, an agent enclave receives an authentication request of a service provider, and pre-generates and obtains an own authentication report; the subordinate enclaves managed by the agent enclave sequentially initiate authentication requests, verification authentication is carried out according to a preset authentication program, if all the subordinate enclaves pass authentication, a safe communication channel between the agent enclave and the subordinate enclaves managed by the agent enclave is established, and otherwise, initialization is stopped; after initialization is completed, a user service request is received, and a pre-generated proxy enclave authentication report corresponding to the service request is sent to the user; and after interactive authentication with the user, the communication content is encrypted, a trusted communication channel between the user and the agent enclave and the slave enclave managed by the agent enclave is established, and rapid authentication of the trusted execution environment is completed.

Description

technical field [0001] The invention relates to an authentication method in an Internet environment, in particular to a fast authentication method and system in a trusted execution environment. Background technique [0002] With the rapid development of the Internet industry and computers, our lives are inseparable from computers. Computer security and data privacy have always been hot topics in academia and industry. Especially in the Internet environment, there are major security problems in network services. On the one hand, the data provider is worried that the service provider will collect its own private data, and on the other hand, it is worried that the service provider's platform will be controlled by attackers. [0003] The SGX technology proposed by Intel in 2013 is a technology designed to solve the above-mentioned secure remote computing problems through remote trusted hardware. Based on processor hardware, SGX provides attestation, isolated execution and sea...

AI Technical Summary

Problems solved by technology

[0010] However, the existing remote authentication mainly has two bottlenecks: one is that the enclave cannot be reused well, and frequent authentication is required to establish trust, which is not conducive to the application to process multiple user requests at the same time, and does not meet the high requirements of cloud services. Throughput requirements

2. The one-time authentication process itself is a very time-consuming work, the process is complicated, and the overhead is relatively large, which may even exceed the actual calculation overhead.

Brutally authenticating every enclave an application contains would impose a huge overhead on the user

Images