CN108595950A - A kind of safe Enhancement Methods of SGX of combination remote authentication - Google Patents

A kind of safe Enhancement Methods of SGX of combination remote authentication Download PDF

Info

Publication number
CN108595950A
CN108595950A CN201810346206.8A CN201810346206A CN108595950A CN 108595950 A CN108595950 A CN 108595950A CN 201810346206 A CN201810346206 A CN 201810346206A CN 108595950 A CN108595950 A CN 108595950A
Authority
CN
China
Prior art keywords
sgx
enclave
application programs
remote authentication
application program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810346206.8A
Other languages
Chinese (zh)
Inventor
王国军
舒扬
周雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Central South University
Original Assignee
Central South University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Central South University filed Critical Central South University
Priority to CN201810346206.8A priority Critical patent/CN108595950A/en
Publication of CN108595950A publication Critical patent/CN108595950A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of safe Enhancement Methods of SGX of combination remote authentication.The strong security of the area of isolation Enclave of SGX can be guaranteed at the confidentiality and integrality of data and code in Enclave.Also just because of the confidentiality of Enclave so that safety detection tool cannot check the Enclave of SGX application programs, this characteristic is by malicious attacker using can implement attack in Enclave and being capable of hiding attack behavior.Method proposed by the present invention is to increase remote authentication module in SGX source-code levels, and by remote authentication before the operation of SGX application programs, this application program of remote server face carries out credible certification.It so just can ensure that the SGX application programs only Jing Guo safety certification can be run in custom system, prevent the possibility that malice SGX application programs enter user platform.

Description

A kind of safe Enhancement Methods of SGX of combination remote authentication
Technical field
The invention belongs to Computer Science and Technology field, more particularly to the SGX of a kind of combination remote authentication enhances safely Method.
Background technology
It is become increasingly popular real-life with the iteration and networking of computer technology, various computer equipments are such as a People's computer, mobile phone, tablet etc. are increasingly becoming " necessity " of people's life.However, coming various along with networking process Except facility, it is also various by improper method to obtain the network attack to attacker's advantageous information.Go out to fight layer User equipment and data safety are protected in not poor attack, occur largely software view, hardware view to computer equipment into The method of row protection.Such as trust computing, ARM TrustZone, Intel Software Guard Extensions (SGX) Technology.
The trust computing and code of isolation execute special from other malice for protecting sensitive data information and workflow Attack one of the method that is particularly important, and nowadays mainly using of power or non-privileged software.Intel Company is in credible execution In technical foundation, it is Intel Skylake systems that a set of new CPU architecture SGX, SGX software protecting extension was proposed in 2013 One group of security extension being firstly introduced in row CPU architecture, is the extension of Intel instruction set architectures (ISA), by introducing new finger Collection and memory Accessing Mechanism are enabled, provides the credible execution used for application program using software as foundation for security guarantee to the user Environment TEE (Trusted Execution Environment).SGX allows application program to seal sensitive data and key operation It is referred to as in the isolation environment of Enclave mounted in one.This segregate Enclave is divided in program process space One piece of safety zone out, this region can ensure wherein data and the integrality and confidentiality of code, even existing In the case of franchise Malware (OS, Hypervisor).For SGX, trusted computing base TCB only includes CPU and credible execution Environment Enclave, SGX can comprehensively protect application program in the case where possessing minimum TCB.SGX is substantially former Reason is as shown in Fig. 1.
The strong security protection of SGX provides a kind of comprehensive and firm safety guarantee means to security study personnel, but It is that malicious attack personnel are similarly found that " advantage " of SGX.In SGX Enclave contents due to be encrypted after be stored in into In journey space, therefore, implement attack in Enclave with very high concealment.It cannot be attacked and examine by safety detection It measures and, and malicious attack behavior can be hidden very well.Cause the SGX application software of malice at runtime can be barbaric Implement the attack of oneself, does not have to worry by killing.Since at runtime hardly it can be found that malice SGX application programs, The operation of malice SGX application programs can be so prevented by certain security mechanism.Method proposed by the present invention is by remote The mode of journey certification carries out security verification to the SGX application programs that will be run on platform, prevents safety unknown Operation of the SGX application programs in custom system, to be damaged to custom system.
Invention content
The present invention provides a kind of safe Enhancement Methods of SGX of combination remote authentication, this method creates Enclave in SGX And carry out in initialization procedure, by increasing remote authentication module, the SHA1 values of the executable file of this SGX application program are made For authentication information, it is sent to the remote server progress credibility for saving trusted application executable file SHA1 values in advance Verification.Judge whether the source of this SGX application program is reliable with verification result, it so just can be to the peace of SGX application programs Full attribute is screened, and prevents malice SGX application programs from entering custom system.
A kind of safe Enhancement Methods of SGX of combination remote authentication, include the following steps:
Step 1:Initialization operation
Step 1.1:Start the machine for supporting SGX and enters basic input-output system BIOS (Basic Input Output System), it is Disable that Security Boot is arranged under the Security lists of BIOS;
Step 1.2:It downloads and SGX Driver is installed;
Step 1.3:It is back to step 1.1 and Security Boot under Security lists is re-set as original The Enable come;
Step 1.4:Download the SGX Software Development Kit (SDK) and Intel SGX that official increases income Platform Software(PSW);
Step 2:It builds and runs remote server.This server is for receiving and handling the company from SGX application programs Request is connect, the data sended over to SGX application programs are verified, and verification result is returned to SGX application programs.
Step 3:To the function in the source file enclave.cpp under catalogue linux-sgx-master/psw/urts CEnclave::Initialize () carries out the transformation such as step 4, step 5, step 6, step 7 and step 7, and increase is remotely recognized Demonstrate,prove module.And increase the member variable for indicating remote authentication state in the header file enclave.h being defined to Enclave flag_authenticate。
The linux-sgx-master is the SGX linux versions of increasing income downloaded from official Github.
Step 4:The remote authentication shape of this SGX application program is judged according to the value of member variable flag_authenticate State.
Step 5:Obtain the path of this SGX application program executable files.It calls readlink () function to obtain and applies journey The absolute path of sequence executable file, and executable file name is extracted by absolute path.Then step 6 is executed.
Step 6:Calculate the SHA1 values of application program executable file.
Step 7:Executable file name and executable file SHA1 values are sent to remote server.
Step 8:Step 8 or step 9 are executed according to the verification result Result selections of remote server.
Step 9:Accept original function CEnclave::Initialize () code is run.This function will be to wound under normal circumstances The Enclave built is initialized, and is initialized and is successfully returned to SGX_SUCCESS, and corresponding error code is otherwise returned.
Step 10:Calling process terminates function abort ().
Advantageous effect
The present invention provides a kind of safe Enhancement Methods of SGX of combination remote authentication.The area of isolation Enclave's of SGX is strong Safety can be guaranteed at the confidentiality and integrality of data and code in Enclave.Also just because of the secrecy of Enclave Property so that safety detection tool cannot check the Enclave of SGX application programs this characteristic is by malicious attacker profit With attack can be implemented in Enclave and being capable of hiding attack behavior.Method proposed by the present invention is in SGX source code grades Not Zeng Jia remote authentication module, by remote authentication SGX application programs operation before, this application program of remote server face into Row credibility certification, as shown in Fig. 2.It just can so ensure that SGX application programs only Jing Guo safety certification can be It is run in custom system, has prevented the possibility that malice SGX application programs enter user platform.
Description of the drawings
Attached drawing 1 is SGX overall architecture schematic diagrames;
Attached drawing 2 is configuration diagram of the present invention;
Attached drawing 3 is function CEnlave in the present invention::Initialize () reconstruction flow figure.
Specific implementation mode
With reference to specific example and Figure of description, the invention will be further described.As shown in Fig. 3.
In the present embodiment, experiment porch is configuration Inter (R) Core (TM) i5-6300HQ central processing unit, The Lenovo notebooks of 8GB memories, operating system are 64 Ubuntu 16.04.3LTS.
Step 1:Initialization operation
Step 1.1:Start the machine for supporting SGX and enters basic input-output system BIOS (Basic Input Output System), it is Disable that Security Boot is arranged under Security lists;It is enterprising in Lenovo machines The mode for entering BIOS is to press F2 keys in start-up phase.Can be selected with directionkeys after into the interfaces BIOS, be arranged successfully it It is preserved afterwards by F10 and is arranged and exits.
Step 1.2:It downloads and SGX Driver is installed;
The SGX Driver download address increased income under Linux platform is:https://github.com/01org/linux- sgx。
Step 1.3:It is back to step 1.1 and Security Boot under Security lists is re-set as original The Enable come;
Step 1.4:Download the SGX Software Development Kit (SDK) and Intel SGX that official increases income Platform Software(PSW);Open Source Code download address on Github is:https://github.com/01org/ linux-sgx。
It is described that the machine of SGX is supported to refer to the calculating for being equipped with 6 generations of Intel and modern central series processor (CPU) Machine;
The Software Development Kit (SDK) are the developing instrument set for establishing SGX application programs;
The Intel SGX Platform Software (PSW) contain the branch stake tool and debugging work of SGX operations Tool etc..
Step 2:It builds and runs remote server.This server is for receiving and handling the company from SGX application programs Request is connect, the data sended over to SGX application programs are verified, and verification result is put back to and gives SGX application programs.
Multithreading may be used in the remote server, in conjunction with MySQL database.It will allow user on platform first The SGX application informations of operation are preserved into MySQL database, this SGX application information can be in MySQL database Exist in the form of the database table of entitled SGX_App_table, this table includes two attributes, respectively executable file name Claim SGX_App_Name and executable file SHA1 values SGX_App_SHA1.
The database table SGX_App_table will provide foundation during remote server verification in step 6.
It is to detect certification by platform safety to be preserved in the SGX_App_table, and the SGX that user executes is allowed to apply Program.If platform user operation is that there is no the application program in this table or the unmatched SGX of SGX_App_SHA1 values Application program, will be considered that this SGX application programs source is unreliable, this SGX application program itself is likely to be rogue program, because This, refuses the execution of this application program on the subscriber terminal.
During remote server is authenticated, the matching of SGX_App_Name is carried out first, and successful match then continues Carry out SGX_App_SHA1 matching, otherwise to SGX application programs return indicate verification not by value FAILED;GX_App_ The matching of SHA1 values also by when, returned to SGX application programs and indicate the value SUCCESS that is verified, otherwise, returned FAILED。
Step 3:Enclave.cpp is found in catalogue linux-sgx-master/psw/urts, then by step 4, Step 5, step 6, step 7 are to function CEnclave therein::Initialize () is transformed, and increases remote authentication mould Block.
The linux-sgx-master is the SGX linux versions of increasing income downloaded from official Github.
While being transformed to enclave.cpp, it is also necessary to increase a member variable in enclave.h. Static int flag_authenticate=0.This variable indicates whether this SGX application program passes through remote authentication, acquiescence Value indicates for 0 without remote authentication.Since a SGX application program can create multiple Enclave, this variable Another act as:It, hereafter can when creating Enclave when the Enclave quantity that SGX application programs create is more than 1 According to this variable to determine whether needing to carry out remote authentication, if when flag_authenticate=1, indicating that this SGX is applied Program has already passed through remote authentication, and authentication result is SUCCESS.If when flag_authenticate=-1, indicating this SGX application programs have already passed through remote authentication, and authentication result is FAILED.
Step 4:The remote authentication shape of this SGX application program is judged according to the value of member variable flag_authenticate State.
The remote authentication state of SGX application programs is indicated by member variable flag_authenticate, specific to indicate as walked Described in rapid 3.When flag_authenticate is 0,5 are entered step;When flag_authenticate is 1, enter step 9;When flag_authenticate is -1,10 are entered step.
Step:5:Obtain the path of this SGX application program executable files.It calls readlink () function to obtain and applies journey The absolute path of sequence executable file, and executable file name is extracted by absolute path.Then step 6 is executed.
The method of calling of the readlink () function is:Readlink ("/proc/self/exe ", path, 1024), It just can will so change the character array path for understanding file path and being stored in length as 1024 bytes of SGX application programs In.
Step 6:Calculate the SHA1 values of application program executable file.
The executable file path path obtained by step 5, so that it may to utilize the hash function sgx_sha256_ in SGX Get_hash () calculates the SHA1 values of application program executable file.It, can be in addition, from executable file path path It is truncated to executable file name name.
Step 7:Executable file name and executable file SHA1 values are sent to remote server.
The executable file name name and executable file SHA1 values can be obtained from step 6.Then it will can perform File name and SHA1 value is packaged into a certification message structure body msg_authenticate, passes through interface for network programming Socket is sent to remote server.
Remote server receives certification message structure body, and after being parsed according to specific format, carries out such as the step Rapid 2 the step of, carries out inquiry MySQL table information process certifications.After the completion of certification, authentication result Result is returned to SGX applications Program.
Step 8:Step 8 or step 9 are executed according to the verification result Result selections of remote server
After SGX application programs receive the authentication result from remote server, according to the authentication result of return, carry out Following operation:If the authentication result returned is SUCCESS, flag_authenticate is assigned a value of 1, and continue step 9 Execution;If the authentication result returned is FAILED, flag_authenticate is assigned a value of -1, and continue step 10 Execution.
Step 9:Accept original function CEnclave::Initialize () code is run.This function will be to wound under normal circumstances The Enclave built is initialized, and is initialized and is successfully returned to SGX_SUCCESS, and corresponding error code is otherwise returned.
Step 10:Calling process terminates function abort ().
The calling of function abort () will directly terminate this process.Into this step illustrate, this SGX application program it is long-range Authentication result not over.Indicate this SGX application program be do not obtain platform safety certification it is unreliable come source application, If this application program is performed it is possible to that user is caused potentially to threaten.In order to be preventive from possible trouble, select this potential prestige The side of body is strangled in cradle.

Claims (1)

1. a kind of safe Enhancement Methods of SGX of combination remote authentication, which is characterized in that include the following steps:
Step 1:Initialization operation
Step 1.1:Start the machine for supporting SGX and enters basic input-output system BIOS (Basic Input Output System), it is Disable that Security Boot is arranged under the Security lists of BIOS;
Step 1.2:It downloads and SGX Driver is installed;
Step 1.3:It is back to step 1.1 and is re-set as Security Boot under Security lists original Enable;
Step 1.4:Download the SGX Software Development Kit (SDK) and Intel SGX that official increases income Platform Software(PSW);
Step 2:It builds and runs remote server.This server is for receiving and handling to ask from the connection of SGX application programs It asks, the data sended over to SGX application programs are verified, and verification result is returned to SGX application programs.
Step 3:To the function in the source file enclave.cpp under catalogue linux-sgx-master/psw/urts CEnclave::Initialize () carries out the transformation such as step 4, step 5, step 6, step 7 and step 7, and increase is remotely recognized Demonstrate,prove module.And increase the member variable for indicating remote authentication state in the header file enclave.h being defined to Enclave flag_authenticate。
The linux-sgx-master is the SGX linux versions of increasing income downloaded from official Github.
Step 4:The remote authentication state of this SGX application program is judged according to the value of member variable flag_authenticate.
Step 5:Obtain the path of this SGX application program executable files.Calling readlink () function to obtain application program can The absolute path of file is executed, and executable file name is extracted by absolute path.Then step 6 is executed.
Step 6:Calculate the SHA1 values of application program executable file.
Step 7:Executable file name and executable file SHA1 values are sent to remote server.
Step 8:Step 8 or step 9 are executed according to the verification result Result selections of remote server.
Step 9:Accept original function CEnclave::Initialize () code is run.This function will be to establishment under normal circumstances Enclave is initialized, and is initialized and is successfully returned to SGX_SUCCESS, and corresponding error code is otherwise returned.
Step 10:Calling process terminates function abort ().
CN201810346206.8A 2018-04-18 2018-04-18 A kind of safe Enhancement Methods of SGX of combination remote authentication Pending CN108595950A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810346206.8A CN108595950A (en) 2018-04-18 2018-04-18 A kind of safe Enhancement Methods of SGX of combination remote authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810346206.8A CN108595950A (en) 2018-04-18 2018-04-18 A kind of safe Enhancement Methods of SGX of combination remote authentication

Publications (1)

Publication Number Publication Date
CN108595950A true CN108595950A (en) 2018-09-28

Family

ID=63613584

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810346206.8A Pending CN108595950A (en) 2018-04-18 2018-04-18 A kind of safe Enhancement Methods of SGX of combination remote authentication

Country Status (1)

Country Link
CN (1) CN108595950A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109726588A (en) * 2018-12-21 2019-05-07 上海邑游网络科技有限公司 Method for secret protection and system based on Information hiding
CN111382445A (en) * 2020-03-03 2020-07-07 首都师范大学 Method for providing trusted service by using trusted execution environment system
CN112182560A (en) * 2020-09-17 2021-01-05 上海交通大学 Efficient isolation method, system and medium for Intel SGX interior
CN113302893A (en) * 2019-01-08 2021-08-24 华为技术有限公司 Method and device for trust verification
CN113721919A (en) * 2021-08-09 2021-11-30 上海交通大学 Intel SGX trusted execution environment-based online compiling and obfuscating implementation method
CN113810382A (en) * 2021-08-24 2021-12-17 东北大学秦皇岛分校 Cipher text loading method for resisting SGX side channel attack

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109726588A (en) * 2018-12-21 2019-05-07 上海邑游网络科技有限公司 Method for secret protection and system based on Information hiding
CN113302893A (en) * 2019-01-08 2021-08-24 华为技术有限公司 Method and device for trust verification
CN113302893B (en) * 2019-01-08 2022-11-18 华为云计算技术有限公司 Method and device for trust verification
CN111382445A (en) * 2020-03-03 2020-07-07 首都师范大学 Method for providing trusted service by using trusted execution environment system
CN111382445B (en) * 2020-03-03 2023-04-07 首都师范大学 Method for providing trusted service by using trusted execution environment system
CN112182560A (en) * 2020-09-17 2021-01-05 上海交通大学 Efficient isolation method, system and medium for Intel SGX interior
CN112182560B (en) * 2020-09-17 2022-04-26 上海交通大学 Efficient isolation method, system and medium for Intel SGX interior
CN113721919A (en) * 2021-08-09 2021-11-30 上海交通大学 Intel SGX trusted execution environment-based online compiling and obfuscating implementation method
CN113721919B (en) * 2021-08-09 2024-03-12 上海交通大学 Online compiling confusion implementation method based on Intel SGX trusted execution environment
CN113810382A (en) * 2021-08-24 2021-12-17 东北大学秦皇岛分校 Cipher text loading method for resisting SGX side channel attack

Similar Documents

Publication Publication Date Title
JP6888011B2 (en) Mobile device with a reliable execution environment
CN106778103B (en) Reinforcement method, system and decryption method for preventing reverse cracking of android application program
CN108595950A (en) A kind of safe Enhancement Methods of SGX of combination remote authentication
EP3674954B1 (en) Security control method and computer system
Parno et al. Bootstrapping trust in modern computers
Miller et al. iOS Hacker's Handbook
JP6227772B2 (en) Method and apparatus for protecting a dynamic library
US10659237B2 (en) System and method for verifying integrity of an electronic device
US20160203087A1 (en) Method for providing security for common intermediate language-based program
JP2008537224A (en) Safe starting method and system
Liu et al. On manually reverse engineering communication protocols of linux-based iot systems
CN107430650B (en) Securing computer programs against reverse engineering
CN112749088B (en) Application program detection method and device, electronic equipment and storage medium
Ibrahim et al. SafetyNOT: on the usage of the SafetyNet attestation API in Android
Lim et al. Structural analysis of packing schemes for extracting hidden codes in mobile malware
CN112134905B (en) Android system based signature method, device and equipment
Aldoseri et al. Symbolic modelling of remote attestation protocols for device and app integrity on Android
CN108563953B (en) Safe and extensible trusted application development method
CN112861137A (en) Secure firmware
Egners et al. Hackers in your pocket: A survey of smartphone security across platforms
KR20190128534A (en) Method for combining trusted execution environments for functional extension and method for applying fido u2f for supporting business process
Msgna et al. Secure application execution in mobile devices
CN115048630A (en) Integrity verification method and device of application program, storage medium and electronic equipment
DONG et al. Sesoa: Security enhancement system with online authentication for android apk
Zhang et al. Design and implementation of trustzone-based blockchain chip wallet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180928

WD01 Invention patent application deemed withdrawn after publication