SGX: Improving Privacy, Security, and Trust Across Blockchain Networks
•Download as PPTX, PDF•
1 like•2,182 views
These slides explain how to use Intel Software Garden Extensions (SGX) to improve privacy, security, trust, and transparency across blockchain networks that store sensitive data.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to SGX: Improving Privacy, Security, and Trust Across Blockchain Networks
Similar to SGX: Improving Privacy, Security, and Trust Across Blockchain Networks (20)
More from Altoros
More from Altoros (20)
Recently uploaded
Recently uploaded (20)
SGX: Improving Privacy, Security, and Trust Across Blockchain Networks
- 1. SGX: Improving Privacy, Security, and Trust Across Blockchain Networks Dmitry Lavrenov Senior Blockchain R&D Engineer ALTOROS @altoros
- 2. PRODUCT DEVELOPMENT TRAINING CONSULTING Altoros is a professional services company that helped 50+ Global 2000 organizations to obtain sustainable competitive advantage through adoption of innovative technologies. We offer methodology, training, technology building blocks, and deep industry knowledge for cloud automation, microservices, blockchain, and AI. ABOUT ALTOROS @altoros
- 3. AGENDA Digital data What is Intel SGX ? Blockchain and sensitive data Blockchain and Intel SGX Solution Industries. Use cases 01 02 03 04 05 @altoros
- 4. Data in Motion: data crossing over networks from local to cloud storage or from central mainframe to a remote terminal Data at Rest: inactive data stored physically Data in Use: data processed by one or more applications DATA IN MOTION DATA IN USE DATA AT REST DIGITAL DATA @altoros
- 5. How to prevent data access by Adversary? Data encryption. DATA AT REST @altoros
- 6. Innocent End User Remote server Leak! Leak! Leak! DATA IN MOTION Http @altoros
- 7. Safe! DATA IN MOTION Leak! Data in Use by the Server Note: Users must trust the Remote Server Https Innocent End User Remote server @altoros
- 12. ● A Trusted Execution Environment from Intel for applications ● Isolates a portion of physical memory to protect select code and data from view or modification ● In Intel SGX, these isolated portions of memory are called “enclaves” WHAT IS INTEL SGX? @altoros
- 13. WHAT IS INTEL SGX? Usual applications ● Apps must trust - OS/VMM - BIOS, SMM ● Trust relies on software Applications w/ SGX ● Apps must trust - SGX hardware ● Trust excludes OS/VMM/BIOS/SMM @altoros
- 14. Safe! DATA IN MOTION Leak! Data in Use by the Server Note: Users must trust the Remote Server Https Innocent End User Remote server @altoros
- 15. WHAT IS INTEL SGX? @altoros
- 16. DATA IN MOTION DATA IN USE DATA AT REST DIGITAL DATA WITH SGX Encrypted @altoros
- 17. DATA IN MOTION DATA IN USE DATA AT REST THE BLOCKCHAIN NETWORK MODEL @altoros
- 18. ● Blockchain-based applications and computing are controlled by a distributed network of multiple machines or ‘nodes’. ● Each ‘node’ that takes part in validating transactions gets access to the data in clear text. ● Any root privilege user of the ‘node’ may easily inspect/control/transfer the sensitive data BLOCKCHAIN AND SENSITIVE DATA @altoros
- 19. Secure Transaction Execution (STE) ● transaction execution and validation in “enclave” ● remote attestation BLOCKCHAIN AND INTEL SGX SOLUTION @altoros
- 20. ● Privacy. Keep transaction information isolated from other participants in the network. ● Security. Secure key management help secure and obfuscate keys from malware. ● Trust. Remote attestation help authorize off-chain participants like oracles and sensors. BLOCKCHAIN AND INTEL SGX SOLUTION @altoros
- 21. Healthcare INDUSTRIES Banking Politics (voting) Real Estate Security (storage, computing) @altoros
- 22. USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Peggy Owner: Victor Public Data Secret DataVictor Peggy @altoros
- 23. ● Supplier choose to disclose the existence of C and some of the details to a specific collection of participants, “factors”. ● Only factors chosen by supplier know the information about C. ● Factors must be able to verify that C exists and that Victor is the supplier and Peggy is the buyer. USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Peggy Owner: Victor Public Data ********************* Victor Factor 1 Factor 2 Factor N Contract proof with selective disclosure @altoros
- 24. ● Each Factor may create a Bid Bi for the contract ● Details of the bid may be known only to Fi and supplier, however Fi must commit to the bid USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Peggy Owner: Victor Public Data ********************* ********************* Victor Contract proof with selective disclosure Factor 1 Factor 2 Factor N Bid 1 Bid 2 Bid N @altoros
- 25. ● Supplier may choose one bid and execute a transfer of ownership of the contract to the winning participant USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Factor 2 Owner: Victor Public Data ********************* ********************* Victor Contract proof with selective disclosure Factor 1 Factor 2 Factor N Bid 2
- 26. ● The winning participant may see all information about the contract ● After handoff supplier may no longer see changes to the contract or make modifications to it USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Factor 2 Owner: Victor Public Data Secret DataVictor Contract Factor 2 @altoros
- 27. ● During the bidding process, all information about the identities of the factors must be hidden from the buyer and the other factors. ● Details of a bid must be kept confidential to the seller.. ● The identity of the winning factor must be kept confidential from the other factors. ● Factors have the right to view the only specific details of the contract C that are exposed by the supplier. ● The winning factor gains visibility to all details of the contract C when ownership is transferred. USE CASES. SUPPLY CHAIN. REQUIREMENTS @altoros
- 28. ● A registrar creates a new voting pool and provides voters their ballots USE CASES. E-VOTING Ballot Cand.1…… Cand.2….. Registrar Voter 2 Voter 3 Voter NVoter 1 @altoros
- 29. ● Voters can cast their vote, which is anonymized and stored in an electronic ballot box USE CASES. E-VOTING Ballot box Voter 2 Voter 3 Voter NVoter 1 X X X X @altoros
- 30. ● After voting period ends, a voting committee counts and verifies the ballots and announces the result USE CASES. E-VOTING @altoros
- 31. ● Voters require unique identifier. Voters impersonation must be prevented. Voters can cast ballot only once. ● Cast ballots must be integrity and confidentiality protected at rest and in motion. ● Cast ballots can only be revealed by an authorized entity (committee / validator) that counts ballots ● Voters must be able to verify that their ballot has been considered (counted) during the validation ● Validating system must be resistant to misbehaving committee members to ensure that no party can corrupt the voting process and forge the result. USE CASES. E-VOTING. REQUIREMENTS @altoros
- 32. THANK YOU! @altoros website blog
Editor's Notes
- Hello everyone, My name is Dmitry Lavrenov. I’m a senior blokchain R&D engineer at Altoros. I’m from Minsk I would like to talk about a technology that allows executing applications in a trusted environment to protect sensitive data and its potential within blockchain. I will cover the concepts of SGX in general, consider the main points and demonstrate some use cases where SGX can be applied to improve blockchain-based applications from privacy, security and trust sides.
- Altoros is a software development and consultancy company with development offices in USA, Belarus, Argentina. We have 2 core teams that are focus on Blockchain technology. The first one is focus on Ethereum-based decentralized applications development. The second one is focus on Enterprise Blockchain solutions. Being a general member and training partner of the Hyperledger community we develop solutions using major Hyperledger Frameworks such as Fabric, Sawtooth, Indy for different industries.
- As you can see from the agenda, we’ll be talking about the following. Firstly, I’ll describe the main states of Digital Data: data in use, data in motion, data at rest. Then we’ll consider data states from privacy, security and trust sides and introduce SGX. After that I’ll describe the main Blockchain components. Then we’ll consider potential blockchain solution with SGX for operating sensitive data. And finally, we’ll consider several business use cases.
- Let’s start with Digital data. There are 3 basic states of digital data: data at rest, data in motion, and data in use. Data at rest is a term that refers to data stored on a device or backup in any form. It’s inactive data that is not currently being transmitted across a network or actively being read or processed. Data at Rest is typically in a stable state. Data in Motion is data that is currently travelling across a network from local to cloud storage or from central mainframe to a remote terminal. The last one is Data in Use. It’s data that is being processed by one or more applications. This is data currently in the process of being generated, updated, appended, or erased.
- So, we have the following question. How can we protect digital data from unauthorized access ? The question is important for us, because usually users or different applications store and operate sensitive data. It could be credit cards, intellectual property, personal information, healthcare information, financial information, and so on. In case Data at Rest, the answer is simple. Encryption plays a major role in data protection. It’s a popular mechanism for securing data at rest.
- The next case is Data in Motion. As we remember, HTTP is the first widespread transport protocol that allows to transfer data from one host to the another one. Usually it’s a communication channel between browsers and servers. The main problem of HTTP protocol from privacy side is that data are transmitted as a plain text. Any intermediate node that the packets pass through can intercept, read or modify the packets. This is called a man-in-the-middle attack, and it allows an attacker to impersonate websites and sniff on traffic. Furthermore there is no control over how the data is used by the server. This means that as soon as the data leaves the end user’s device it’s completely visible and modifiable all the way through. Not good.
- In order to fix the previous problem of HTTP protocol we have a safer version of HTTP called HTTPS. HTTPS protocol establishes an encrypted communication between hosts using SSL or TLS protocols. TLS is the new version of SSL. SSL is the security technology for establishing communication between 2 systems. Basically, SSL ensures that the data transfer between two hosts remains encrypted and private. The issue is that the encrypted traffic must be decrypted by the server, and the decrypted data is the exposed to all programs running on the server machine. This is completely beyond the control of the client.
- The next case is Data in Use. As we remember, it means that the data is being processed by one or more applications. Assume that we use our laptop for operating sensitive data. In case that the laptop is compromised we can have the following situation.
- The fact that the laptop is compromised means that we can have a malicious process in our operating system. This process can get a higher privilege levels using a vulnerability of the operating system.
- After that the malicious process can, for example, compromise anti malware software and create the backdoor channel to the Adversary.
- Finally, the operating system and all applications are available to the Adversary. It means that the Adversary can easily inspect, control and transfer the sensitive data. To avoid the sensitive data disclosure in case that the machine is compromised Intel SGX can help us.
- So, What is Intel SGX ? First of all, Intel SGX or is a set of security-related instruction code that are built into some modern Intel central processing units. They allow user-level as well as operating system code to define private regions of memory, called enclaves, whose contents are protected and unable to be either read or saved by any process outside the enclave itself, including processes running at higher privilege levels. In other words, Intel SGX is a trusted execution environment from Intel for applications that isolates a portion of physical memory called “enclave” to protect code and data from unauthorized access or modifications. SGX involves encryption by the CPU of a portion memory. The enclave is decrypted on the fly only within the CPU itself.
- Here we can see the main differences between applications without SGX and SGX-based applications. Usual applications must trust operating system, virtual machine, BIOS, system management mode. Trust relies on software. It means that if your application operates sensitive data and your software is compromised then the data could be easily accessible to the Adversary. In SGX case, applications must trust only SGX hardware. Trust excludes OS/VMM/BIOS/SMM. The code and data in the enclave utilise a threat model in which the enclave is trusted but no process outside it can be trusted and these are all treated as potentially hostile.
- Also SGX has the following important feature. Let’s remember the slide about data in motion. As we can see, we need a way to identify and check the code that’s running remotely.
- SGX gives us this way called remote attestation. Using the Remote Attestation, an enclave can attest to a remote entity that it is trusted, and establish an authenticated communication channel with that entity. As part of attestation, the enclave proves the following: its identity, that it has not been tampered with, that it’s running on a genuine platform with Intel SGX enabled.
- In this way, we can use the following options for sensitive data to prevent unauthorized access or modifications. 1. Encryption for data at rest 2. TLS/SSL security layer for data in motion 3. Intel SGX technology for data in use.
- Let’s consider an usual blockchain network model. We have a peer-to-peer network between nodes. Nodes stores, updates and broadcasts a full copy of the ledger that contains transactions blocks. Transactions are submitted by users. After that nodes get a transaction proposal and validate it. If validation is successful then transaction will be added to the ledger. As we can see, the ledger stores all transactions. In this case, we have data at rest. Nodes broadcasts blocks in the network. In this case we have data in motion. Nodes execute and validate transactions. In this case we have data in use.
- What about transactions that contain sensitive data ? So, we have the following main points. 1. Blockchain-based applications and computing are controlled by a distributed network of multiple machines or ‘nodes’. 2. Each ‘node’ that takes part in validating transactions get access to the data in clear text. 3. Any root privilege user of the ‘node’ may easily inspect, control and transfer the sensitive data. In this case, we need to trust all nodes that operate with our sensitive data. But it’s difficult to avoid that the nodes in the network wouldn’t be compromised.
- Here we can see a potential blockchain solution with SGX for operating sensitive data. Each node can has a Secure Transaction Execution module. It’s the SGX-based module. Transactions will be executed and validated in the enclave. Also, the enclave can attest the another remote entity that the node is trusted.
- In this way, we have the following points from privacy, security and trust sides. SGX allows to keep transaction information isolated from other participants in the network. Secure key management help secure and obfuscate keys from malware Remote attestation help authorize off-chain participants like oracles and sensors.
- Today it’s not easy to implement different blockchain solutions for the industries like Healthcare, Banking, Voting, Real Estate, Security because Data confidentiality is the main point. For example, Healthcare. The patient health records must be processed by secure environment. Any leak of the records that are stored in the ledger or processed by nodes is unacceptable. In this way, Blockchain with Intel SGX technology can give more secure blockchain solutions that are able to operate sensitive data.
- Now let’s consider 2 use cases that will show why trusted execution environment is required for processing sensitive data. The first one is Supply chain. There is a contract C between participants Victor(Supplier) and Peggy(buyer) that reflects a commitment for future payment (in practice this may include details of the exchange of good, purchase order, and shipping information). Details of the contract are available exclusively to Victor and Peggy initially, however the existence of the contract must be recorded for use by the interested parties).
- At some point, Victor may choose to disclose the existence of C and some of the details to a specific collection of participants F1, …, Fn(factors). Only those participants chosen by Victor may know the information about the Contract. Factors must be able to verify that the contract exists and that Victor is the supplier in the contract and Peggy is the buyer.
- Each participant Fi may create a bid Bi for the contract. Details of the bid may be known only to Fi and Victor, however Fi must commit to the bid.
- Victor may choose one bid and execute a transfer of ownership of the contract to the participant that generated the bid that was selected.
- At this point the winning participant may see all information about the contract. After handoff Victor may no longer see changes to the contract or make modifications to it.
- This usage helps to identify several functional requirements related to managing access to information about the transaction and participating parties. For example, consider the following During the bidding process, all information about the identities of the factors must be hidden from the buyer and the other factors. Details of a bid must be kept confidential to the seller. The identity of the winning factor must be kept confidential from the other factors. Factors have the right to view the only specific details of the contract C that are exposed by the supplier. The winning factor gains visibility to all details of the contract C when ownership is transferred.
- The another use case is E-voting. E-voting is the the process to participate electronically online in an election, for instance, National Council elections or federal elections. At the beginning, the registrar creates a new voting pool.
- Voters can cast their vote, which is anonymized and stored in an electronic ballot box. A ballot may contain one more questions with simple yes/no answer or multiple choice answers.
- After voting period ends, a voting committee counts and verifies the ballots and announces the tally. E-Voting comes with strong requirements associated with security, integrity, privacy, transparent.
- In this case, we have the following requirements. Voters require unique identifier. Voters impersonation must be prevented. Voters can cast ballot only once. Cast ballots must be integrity and confidentiality protected at rest and in motion. Cast ballots can only be revealed by an authorized entity (committee / validator) that counts ballots Voters must be able to verify that their ballot has been considered (counted) during the validation Validating system must be resistant to misbehaving committee members to ensure that no party can corrupt the voting process and forge the result.
- That’s all I wanted to say. Thank you for your attention. Any questions ?