Cloud outsourcing computing security method based on SGX technology

Abstract

The invention discloses a cloud outsourcing computing security method based on an SGX technology, belongs to the field of cloud computing security, and solves the problems of opaque and unsafe operation environment of a cloud environment. According to the method, the credibility of the cloud computing node is ensured by utilizing the trusted execution environment Enclave provided by the Intel SGX, the cloud environment is configured and remotely authenticated through a unified security standard formulated by a third-party trusted mechanism in the registration stage, and the security and reliability of the software and hardware environment of the cloud are ensured. A public and private key pair is formed by using a cryptology library of Intel SGX, a public key generates a cluster certificate, and a private key is stored in a cloud end through a sealing mechanism, so that only an authenticated Enclave with the same configuration can obtain the certificate private key through unblocking. In a working stage, a user encrypts own private data through a public key in a cluster certificate and uploads the private data to a cloud environment, a cloud node starts Enclave to carry out remote authentication on a third-party trusted institution, a private key is obtained through a sealing mechanism, user data is decrypted and read, and calculation, encryption and output are carried out.

Description

technical field [0001] The invention belongs to the field of distributed big data computing security, and specifically designs a cloud outsourcing computing security method based on SGX technology. Background technique [0002] Intel SGX is a set of extended instruction sets embedded in Intel CPU, which can open up a protected area in the memory and provide users with a trusted execution environment of 64MB or 128MB—Enclave, free of any privileged software and malicious code Neither can access, steal, or tamper with the content protected within. SGX also provides a rich library of cryptography, including: encryption and decryption functions based on AES_GCM mode, SHA256 hash function, using RSA to generate asymmetric keys and other functions. Moreover, SGX also supports two authentication modes: local witness authentication and remote authentication, which can prove whether it is running correctly under the hardware environment of IntelSGX. When the enclave is closed, the ...

AI Technical Summary

Problems solved by technology

[0005] At present, there are some preliminary solutions for building a trusted cloud using Intel SGX technology, but most of them have the following problems: (1) The existing trusted cloud solutions basically build a trusted execution environment on the cloud itself from the perspective of the cloud service provider For the purpose, only the security of code execution is solved, and the confidentiality of data during transmission is not considered from the user's point of view

Using the key generated by the provider to encrypt data or directly transmit it in plain text, there is a problem of sensitive information leakage, and it is vulnerable to eavesdropping from inside the cloud

(2) The existing solutions are cloud service providers themselves to conduct remote certification, and the certification results given are easy to be forged

And most of the security protocols used are very unclear. For users, the cloud is still an opaque "black box", and it cannot be guaranteed that it runs correctly in a trusted environment.

(3) The existing solutions lack unified security standards and management, and cannot guarantee the credibility of cloud computing to users, making it difficult for users to trust cloud service providers

Images