Summary of the invention
Present invention purpose to be achieved is just to provide a kind of new data trusted transmission method, and this method is based on credible hardPart, is related to the transmission of confidential information in smart grid, and the Implementation of File Transfer system of SGX technology equally focuses on file pointHair and is checked at access control, and security breaches are efficiently solved.
In order to achieve the above object, the present invention adopts the following technical scheme: a kind of data trusted transmission method, carries out dataThe client and server of transmission is authenticated by SGX, and client certificate module confirms its institute to corresponding server endPlatform and user legitimacy, client establishes the session between server after certification, client and clothesBeing engaged in, the progress of device end is disposable to supply agreement, and the confidential data of client application is sealed on the platform where application, whereinIt establishes individual exit passageway between server and client to be communicatively coupled, each channel and unique client pairIt answers, server is encrypted in transmission process to the data that client is sent;
After shielded file encrypts in enclave, according to the file request of client, sent to client specificFile, be then distributed to obtained certification and authorize check or execute other operations using person.
Further, the file that encryption is had received by the user of certification uses the enclave for operating in client platformIn secure file read component and carry out checking for file;Meanwhile whether the scope check component inspection user of client hasFile is checked or modified to permission, once file permission inspection fails, file decryption component is not necessarily to work.
Further, the SGX certification is that local authentication and remote authentication combine.
Further, the local authentication includes two enclave entities, and the two entities need verifying mutually,Two entities verifier and authenticatee each other, specific verification step are as follows:
1., after entity A establishes communication path with entity B, entity A obtains the value of the MRENCLAVE of entity B to step;
Step is 2.: entity A calls the EREPORT instruction of encapsulation, and label are generated using the value of the MRENCLAVE of entity BThe REPORT of name, to send back entity B;
Step is 3.: after entity B receives the REPORT of entity A transmission, calling EGETKEY instruction to obtain its ReportKey for recalculating the MAC of REPORT, and calculated result is compared with the MAC in REPORT;
If the two is consistent, entity B affirms the enclave that entity A is strictly and oneself operates in identical platform, when TCB'sFirmware and hardware component be examined it is errorless after, entity B can check the REPORT of entity A to verify the component software of TCB, includingReflection operates in the MRENCLAVE of the Software Mirroring content in enclave and reflects the MRSIGNER of encipherer's identity.
Further, the remote authentication includes: one citation Enclave of creation on the platform of client, is carried outLocal authentication between Quoting Enclave and client Enclave;After local authentication executes, it is cited EnclaveMAC in REPORT is replaced with a signature, the signature is completed using the unsymmetrical key specific to equipment, citationEnclave is preserved for the private cipher key of signature, and the signature is completed using RSA.
Further, the remote authentication the following steps are included:
Step is 1.: after server receives request, sending to client and queries statement, indicates that client needs to provide evidenceIt proves that oneself is operated in really to meet in the environment of safety standard, that is, in enclave, while client is also needed and proved certainlyOneself legitimacy.
Step is 2.: after client receives statement, being handed over to the target Enclave of oneself to handle, target Enclave rootCorresponding feedback operation is carried out according to the query statement received, while carrying out local authentication process with the citation Enclave of same platform.
Step is 3.: target Enclave sends the signing messages of the whole code texts of itself application to citation Enclave, drawsIt demonstrate,proves Enclave and generates the ciphertext of QUOTE and signing messages, and RSA public key is sent to target Enclave, targetEnclave is receiving QUOTE, and after the ciphertext and RSA public key of signing messages, they can be transmitted to server, serverOn the challenger REPORT that decrypts QUOTE according to public key both to obtain, with similar local authentication result treatmentMode completes the inspection of REPORT, at the same check application signature information whether in advance put on record sign it is consistent.
Further, the data that server is sent to client carry out encryption in transmission process
Client generates RSA key pair at random, and RSA key extracts inner public key, by socket by public keyIt is sent to server end;
After received server-side to public key, the key for being used for file encryption that random cipher generator is distributed is addedIt is close, and it is sent to client;
After client receives encrypted data, data are decrypted with the private key of RSA key centering, to be usedIn the key of encryption file.
Further, random cipher generator distribution for encryption key the following steps are included:
A. fixed character is stored in immutable sequence;
B. request NTP service, and using the time of acquisition as the seed of random number;
C. it is instructed using RRAND, according to above-mentioned seed, generates an integer index every time, and read from fixed sequence programIt removes and is marked on corresponding character in step a;
D. by character combination at the random cipher of 16 bytes.
Further, sending file in a manner of shunting from server end to client must pass from corresponding exit passagewayDefeated, communication is unidirectional and is all dominated by the enclave for sending request.
Further, encryption storage includes: that the application operated in Enclave requests key by instruction EGETKEY,After success obtains key, the data of caching are read out, for the 1024 caching bytes read, according to similar sliding windowThe method of mouth, and according to the encryption principle of AES, encryption is grouped to these bytes, every group is still 16 bytes, is utilizedThe Encryption Algorithm of AES is to each group of byte encryption.
After adopting the above technical scheme, the present invention has the advantage that the credible delivery system based on SGX covers hardwareWith the safety guarantee of software, so as to be transferred to classified papers in client from long-range server security, and realizeSafe handling and storage access.This system is about the safety of client, file permission control, document transmission process and fileThe design and realization for storing access, have generally reached the set goal, have realized the credibility of this Transmission system.Ensure clientThe integrality at end and the safety of place system, it is ensured that the running memory of the key code and data of client and server programPrivate ownership;Ensure the confidentiality of file transmission and the safety of file storage and encryption key uniqueness and independence.
Embodiment:
The present invention relates to a kind of data trusted transmission method, the client and server carried out data transmission passes through SGXAuthenticated, client certificate module confirm it to corresponding server end where platform and user legitimacy, clientAfter certification, the session between server is established, client and server carries out disposable supply agreement, visitorThe confidential data of family end application is sealed on the platform where application, wherein is established between server and client independentExit passageway be communicatively coupled, each channel is corresponding with unique client, and server exists to the data that client is sentIt is encrypted in transmission process;After shielded file encrypts in enclave, according to the file request of client, to visitorFamily end sends specific file, is then distributed to and has obtained certification and what is authorized check or execute other behaviour using personMake.
Specific be system framework schematic diagram as shown in Figure 1, and the believable part of client is that is, in trust to the protected of SGXEnclave in part, execute the file operation of need for confidentiality.Next this framework will be described in detail and whole system isHow to run to reach the demand for security under various file management scenes.
Firstly, client certificate module confirm it to corresponding server-side where platform and user legitimacy.It utilizesThe authentication function of SGX, this module generate a verifiable report about clients entities, that is, with where clientThe identity information of platform binding, this identity information is bound by CPU.Server-side survey report come determine at this time with oneselfThe machine of communication supports that the identity of SGX function and client is legal.Client is disposably supplied with server-sideAgreement can thus make the confidential data of application be sealed on the platform at application place.And this encrypted secret numberAccording to can only be used to decryption and operation.
In the framework of this system, the access right and encryption key of file are saved in the database of server.Database administrator can modify corresponding access right and be grouped to realize the management of permission for the user of client.Client establishes the session between server after certification, and server confirms client and its place at this timePlatform safety.And file if simply from server transport to client, then greatly reduce this systemSafety, while but also the encryption storage of client loses meaning.For this reason, it may be necessary to be built between server and clientIndividual exit passageway is found, each channel is corresponding with unique client.After shielded file encrypts in enclave,According to the file request of client, specific file is sent to client, is then distributed to the application for having obtained certification and having authorizedUser checks or executes other operations.
Once the user by certification has received the file of encryption, he, which can be used, operates in client platformSecure file in enclave reads component to carry out checking for file.And while this process, the permission of client is examinedIt looks into component and needs to check whether user has permission to check or modify file, once file permission inspection fails, fileDecryption component is also just not necessarily to work.
Server include it is several under several modules: certification and session management module, file transmission key generation module andStore the database composition of user's data associated with the file.Content of Communication between all servers and client is all encryption, and the safety guarantee such as integrality end to end and playback protection are provided in various scenes.Protect system not by withUnder several attacks threaten: file content or the key from stealing for encryption;Platform and application identity deception, that is, pretend to beThe rogue program or platform of valid application;It is tampered using constraint and activity log.
In the present embodiment, specific authentication function design, SGX hardware security support to be mainly that upper level applications provideThe running environment of safety can be application encryption to make incredible underlying operating system and hardware that can not steal using machineIt is close.Traditional SGX authentication mode is primarily upon verifying SGX running environment, that is, whether verifying application is safely operated in SGX ringIn border, the safety verification of itself is applied without paying close attention to.That is traditional SGX research is relied primarily on using inherently safeIt is assumed that and in true credible delivery application scenarios, the client application for the user that disguises oneself as equally be threaten one of.For thisProblem, is different from conventional operation, and this system uses the local and remote authentication mode for authenticating and combining.
The process of local authentication is as shown in Fig. 2, in the present system, local authentication includes two enclave entities, verifierWith authenticatee, and the two entities need verifying mutually, and the remote authentication after being prepares.For ease of description, withLower to represent authenticatee with A, B represents verifier.Firstly, 1. such as step, entity A is established socket with entity B and is connect.It is establishingAfter communication path, A obtains the value of the MRENCLAVE of B.It should be noted is that there is no encryption, reasons for the communication of this partIt is that this step is not related to the transmission of file, and the value transmitted can all cause to authenticate by any change or lossFailure.A calls the EREPORT instruction of encapsulation later, and the REPORT of signature is generated using the value of the MRENCLAVE of B, usesTo send back B, 2. such as step.REPORT is sent to B still through this incredible communication path by A.REPORT hereinStructure include the identity of the two described above enclave, attribute relevant to enclave, hardware TCB confidence level andOne MAC (Message Authentication Code, Message Authentication Code) label.
After entity B receives the REPORT of A transmission, EGETKEY instruction is called to obtain its Report Key, is used to againThe MAC of REPORT is calculated, and calculated result is compared with the MAC in REPORT.If the two is consistent, then BAffirm the enclave that A is strictly and oneself operates in identical platform.After the firmware and hardware component of TCB are examined errorless, BThe REPORT of A can be checked to verify the component software of TCB, including reflecting the Software Mirroring content operated in enclaveThe MRENCLAVE and MRSIGNER for reflecting encipherer's identity.So far B completes the verifying to A.What B was received before then usingThe value of MRENCLAVE in REPORT generates the REPORT of oneself in the same way, is then transferred to A, 3. such as step.FinallyA verifies B in the same way to ensure that A is believable.
The method that authentication mechanism for authenticating in platform has used symmetric key encryption, in this method onlyEnclave checking R EPORT structure and for generating REPORT EREPORT instruction have access authentication secret permission.HoweverIt is distributed on two different platforms due to the enclave of server from the enclave of client in remote authentication,We need to create a special enclave, referred to as Quoting Enclave (citation on the platform of clientEnclave) server is helped to complete verifying to client, and feedback validation information.Due to citation Enclave and clientThe performed Enclave in end is in identical platform, therefore utilizes above-described realization, we can complete QuotingLocal authentication between Enclave and client Enclave.After local authentication executes, Enclave is cited by REPORTIn MAC replaced with a signature, this signature completed using the unsymmetrical key specific to equipment, citation EnclaveIt is preserved for the private cipher key of signature.REPORT after replacement MAC is referred to as a QUOTE (citation).Above-mentioned signature usesRSA is completed.
For the process of server authenticating client as shown in figure 3, when starting, client wants will obtain the file of server,Therefore the communication between server is first established.1. step indicates that server receives request after, query is sent to clientIt is bright, indicate that client needs to provide evidence to prove oneself to operate in really in the environment for meeting safety standard, that is,In enclave, while client also needs and proves the legitimacy of oneself.After client receives statement, it is handed over to the mesh of oneselfEnclave (executing the Enclave of identifying procedure) is marked to handle.At this time target Enclave according to the query received state intoThe corresponding feedback operation of row, while local authentication process above is carried out with the citation Enclave of same platform, 2. such as step.After two enclave finish verifying, that is, indicate both in the enclave for meeting safety standard.Target at this timeEnclave sends the signing messages of the whole code texts of itself application to citation Enclave.Citation Enclave can generate QUOTEAnd the ciphertext of signing messages, and RSA public key is sent to target Enclave.Target Enclave is receiving QUOTE, labelAfter the ciphertext and RSA public key of name information, they can be transmitted to server, 3. such as step.Finally, on serverChallenger decrypts QUOTE according to public key to obtain the REPORT of the two, in a manner of similar local authentication result treatmentComplete the inspection of REPORT, at the same check application signature information whether in advance put on record sign it is consistent.If inspection passes through, wholeA remote authentication is announced successfully, otherwise fails and server can refuse other requests from client.
In the method announced in patent document CN201810190643, using the auth method of dynamic " two steps ", i.e.,It joined a SGX module (using Intel SGX technology) between user and certificate server, user is carrying out authenticationWhen first the identity information of oneself is sent in SGX module, SGX module uses the key pair identity information that is stored thereinThe information of encryption is transmitted to certificate server again later and carries out second step certification by encryption.User terminal in the authentication mode is realOn border in untrusted environment, i.e. the not protection of SGX.Therefore there are risks such as man-in-the-middle attacks, malicious attacker can be held under the armUser is held, user is obtained by means such as packet capturings and is sent to the verifying summary info of SGX to reset and obtain certification.
In the method that patent document CN201710621204 is announced, using the traditional auth method of SGX, the authenticationMethod lacks the verifying to application itself, and there are the risks of client's spoof attack.
Specifically, in the present embodiment, design and realization for exit passageway are as follows:
Exit passageway is established in communication connection of the present invention between each client and server, so that server is to visitorThe data that family end is sent all are encryption in transmission process.Therefore, even if attacker has stolen the data of transmission, also to itIt has no way of doing it, needless to say manufactures certain attacks using data.
The realization of this module needs to be implemented two important processes, first is that server generates random cipher, second is that with secretThe secure transfer process of code.In order to cooperate file encryption and meanwhile enhance encryption file safety, password generator use IntelThe RRAND instruction that framework provides is used for the generation of true random number.
A. fixed character is stored in immutable sequence;
B. request NTP (Network Time Protocol, Network Time Protocol) service, and using the time of acquisition asThe seed of random number;
C. it is instructed using RRAND, according to above-mentioned seed, generates an integer index every time, and read from fixed sequence programRemove mark corresponding character in step 1;
D. by character combination at the random cipher of 16 bytes.
Above step is performed, it is close that random cipher generator can distribute disposable file encryption for each password requestKey.
Although, even if having grabbed key, due to the continuity of data packet, being difficult to learn that for attackerDivide the key being only for encrypting file.However in view of the possibility of Key Exposure in extreme circumstances, this system is by keyEncryption has been done in transmission.The basic principle of this part is that key above is encrypted and decrypted using RSA.It utilizesRsa encryption may insure that key can only transmit between server and client, and decryption person can only be client.SpecificallyIt is as shown in Figure 4 to transmit implementation process:
Client generates RSA key pair at random, then extracts RSA key to inner public key, will by socketPublic key is sent to server end.After received server-side to public key, file encryption is used for by what random cipher generator distributedKey is encrypted, and is sent to client.After client receives encrypted data, with the private key pair of RSA key centeringData are decrypted, to obtain the key for encrypting file.One is just established when there are data to send from server endThe channel of safety, can be encrypted using the data of this channel transfer, to guarantee the safety of file transmission.
Specifically, in the present embodiment, for the design and realization of file security transmission are as follows:
File transmission is mainly server according to the file request received, from server end to client in a manner of shuntingFile is sent, the data in whole process must be transmitted from corresponding exit passageway.
Since data send and receive from enclave, it can make attacker is organic can using traditional Socket communication modeMultiply, it is possible to leak the interface of enclave outside cruelly.Although it is total that enclave can legally access the host outside enclaveMemory is enjoyed, this mode still there are some problems, because the host of malice or operating system may be modified in non-enclaveIt deposits.Therefore, in order to avoid such case, present system provides a stringenter communication protocol form, i.e. utilization is sharedCode and data field, are divided into Trampoline and Stub.This region defines the stringent interface interacted with enclave, thusKeep relevant security attribute easily controllable.
Communication is unidirectional and is all dominated by the enclave for sending request.As shown in figure 5, this system needs firstTwo region of memory are reserved in host common memory, and both ends memory address is registered in enclave, madeThe region Stub and Trampoline.When Enclave will request the socket example for network, setting is corresponding first in StubParameter (fcode is such as assigned a value of FSCOKET), then call predefined processing routine, that is, Trampoline, in order toTrampoline code is called, system needs to run EEXIT instruction and exits enclave mode.When mainframe program or operation systemAfter system has handled enclave request and Trampoline code, result or return value can be stored in Stub region of memory,Trampoline code instructs finally, ERESUME can be re-executed to restore the operation of enclave.By the control of programAfter being restored to the position executed before enclave, enclave can read the value in Stub, pass through the in_arg0 in StubObtain socket example.Enclave can carry out believable transmission using this channel socket.
At this time according to upper section code key part the step of, after client obtains unique file encryption key, asThe creator in channel, server need to be encrypted using file transmitted by this key pair.Here with Encryption Algorithm beAes algorithm.
Specifically in the present embodiment, design and realization for document sealing module are as follows:
Encryption, which stores, to be a reading process cache contents and is output to the process in file new on hard disk by byte, such asShown in Fig. 6.The application operated in Enclave first requests key by instruction EGETKEY, right after successfully obtaining keyThe data of caching are read out.For the 1024 caching bytes read, according to the method for similar sliding window, and according toThe encryption principle of AES is grouped encryption to these bytes, and every group is still 16 bytes.The Encryption Algorithm of AES is utilized laterTo each group of byte encryption.Since encrypted byte is difficult to meet the coding of system, one may be brought in decryptionFixed obstacle.It would therefore be desirable to certain processing be done to encrypted character, here with circulation each byte conversionAt the form of 16 systems, and it is output in specified file.After the completion of all data encryptions, sealed storage module is just completedTask.
Credible delivery system based on SGX covers the safety guarantee of hardware and software, so as to make classified papers fromLong-range server security is transferred in client, and realizes safe handling and storage access.This system is about clientSafety, file permission control, document transmission process and file storage access design and realization, generally reached expectionTarget, realize the credibility of this Transmission system.Ensure the integrality of client and the safety of place system, it is ensured that clientWith the private ownership of the running memory of the key code and data of server program;The confidentiality and file for ensuring file transmission are depositedThe safety of storage and encryption key uniqueness and independence.
In addition to above preferred embodiment, there are other embodiments of the invention, and those skilled in the art can be according to thisInvention makes various changes and modifications, and as long as it does not depart from the spirit of the invention, should belong to appended claims of the present invention and determinesThe range of justice.