CN109561110B - Cloud platform audit log protection method based on SGX - Google Patents

Cloud platform audit log protection method based on SGX Download PDF

Info

Publication number
CN109561110B
CN109561110B CN201910057918.2A CN201910057918A CN109561110B CN 109561110 B CN109561110 B CN 109561110B CN 201910057918 A CN201910057918 A CN 201910057918A CN 109561110 B CN109561110 B CN 109561110B
Authority
CN
China
Prior art keywords
audit log
cloud
party
node
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910057918.2A
Other languages
Chinese (zh)
Other versions
CN109561110A (en
Inventor
詹静
夏晓晴
赵勇
韩瑾
张茜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN201910057918.2A priority Critical patent/CN109561110B/en
Publication of CN109561110A publication Critical patent/CN109561110A/en
Application granted granted Critical
Publication of CN109561110B publication Critical patent/CN109561110B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Abstract

The invention discloses a cloud platform audit log protection method based on SGX, which guarantees the authenticity and effectiveness of a cloud platform audit log used by a third party on the basis of supposing that an original audit log generated by a cloud node is authentic and credible. Before the audit log is transmitted from the cloud node, identity verification and state credibility certification based on remote certification are carried out on the cloud node and a third party participating in audit log transmission, so that the identity and the state of the node participating in audit log transmission are guaranteed to be credible. The invention realizes the identity verification and the state certification between all cloud nodes generating logs and a third party performing log processing, thereby ensuring that the identities of all nodes participating in cloud audit log processing can not be pretended and the computing environment related to log processing is credible. The invention realizes the safe isolated execution of the key codes of the audit log processing program based on enclave, and can prevent the attack of privileged software such as an operating system, a VMM (virtual machine monitor), a BIOS (basic input output System) and the like.

Description

Cloud platform audit log protection method based on SGX
Technical Field
The invention relates to a protection method for cloud platform audit logs, in particular to a safe transmission and storage method for cloud platform audit logs based on a trusted third party, and belongs to the field of cloud computing.
Background
With the continuous expansion of network scale, people increasingly tend to use the network as a way for daily business processing. Cloud computing technology has been created in this context. Cloud computing technology is widely applied by virtue of universality and low use cost, and more enterprises and personal users choose to deploy own business systems to cloud platforms. The cloud user can access the cloud computing center through the cloud nodes to obtain services of different levels. However, the cloud computing platform is a large-scale distributed computing system, and has the characteristic of openness, and the security problem of the cloud platform is gradually exposed. Therefore, how to determine whether behaviors such as non-regulation or illegal crimes exist on the cloud platform by performing security audit on the cloud platform is becoming a focus of attention. In the cloud platform auditing process, the cloud platform auditing log tracks and records data change on the cloud platform and related behaviors of cloud users, and has important value for analyzing the security of the cloud platform.
Cloud platform auditing generally refers to monitoring and recording various behaviors occurring on a cloud platform, and meanwhile, submitting obtained audit logs to a corresponding third party for analysis and processing. However, the audit logs may be stolen and tampered with when transmitted between the cloud platform and a third party and stored by the third party, thereby causing the audit logs to lose credibility. In a complex cloud network topology structure, if a traditional encryption transmission mechanism of pairwise key agreement between two communication parties is still adopted to protect the transmission process of the audit log, a plurality of key agreement can be generated, so that the problems of key management and multiple encryption and decryption can be caused. Meanwhile, the safety of the audit log processing program in the cloud platform and in a third party is difficult to guarantee.
The invention can improve the transmission efficiency of the audit log under the condition of ensuring the confidentiality and the integrity of the audit log in the transmission and storage processes, simultaneously ensures the safety of the related processing program of the audit log, and effectively prevents the attack from privileged software in the platform.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a cloud platform audit log protection method based on SGX, and on the premise that an original audit log generated by a cloud node is real and credible, the cloud platform audit log used by a third party is guaranteed to be real and effective. Before the audit log is transmitted from the cloud node, identity verification and state credibility certification based on remote certification are carried out on the cloud node and a third party participating in audit log transmission, so that the identity and the state of the node participating in audit log transmission are guaranteed to be credible. Meanwhile, a Diffie-Hellman key exchange algorithm suitable for the secure communication of the two parties is improved into a multi-party key agreement algorithm suitable for the multi-party secure communication in the cloud environment, the number of required communication keys and the number of encryption and decryption operations are reduced, and therefore the confidentiality protection efficiency of an audit log in the communication process is improved. The invention realizes the confidentiality and integrity protection of the audit log based on the block in a third party based on the SGX monotonic counter and the seal function, and can prevent the log block replacement attack. Finally, the method provided by the invention is realized in the SGX (secure gateway) enclave, and can effectively prevent the attack of privileged software (such as an operating system, a VMM (virtual machine monitor), a BIOS (basic input output System) and the like). In conclusion, the invention can realize the protection of the confidentiality and the integrity of the cloud platform audit log.
In order to ensure the transmission security of the audit log and the storage security of the related key, a hardware environment supporting Intel SGX is deployed on each node of a third party and a cloud platform, and the hardware environment comprises four stages: the first phase is remote attestation between nodes. The first stage is mainly to carry out identity authentication and state credibility certification among nodes, and as long as communication is carried out among the nodes, remote certification is required; the second phase is key agreement between the communicating nodes. In order to solve the problems of multiple keys and low encryption and decryption efficiency in the traditional transmission scheme, a group key negotiation mode is adopted, and a symmetric audit log encryption/decryption key is negotiated among a cloud node, a cloud management node and a third party, so that the log encryption/decryption efficiency is improved; the third stage is the secure transmission of the audit log. And in the third stage, the key negotiated in the second stage is mainly used, and a unified encryption algorithm is called to perform secure transmission on the cloud platform audit log. The third stage comprises three parts, namely, firstly, the safe transmission of the audit log from the cloud node to the cloud management node, secondly, the encrypted transmission of the audit log from the cloud management node to a third party, and finally, the plaintext recovery of the received audit log ciphertext information by the third party; the fourth stage is the secure storage of the audit log at a third party. The fourth stage is mainly to realize the functions of encrypted storage, decryption and integrity verification of the audit log in a third party and the attack detection of the audit log block replacement. The method can not only ensure the confidentiality and the integrity of the audit log, but also ensure the safety of the processing program of the audit log.
The method is realized by adopting the following technical means:
step 1 remote attestation between nodes
Step 1.1 SGX-based node identity key secure storage
When a node applies for a certificate to a CA, a pair of public and private keys PK needs to be generatedcertAnd SKcert。PKcertFor applying for certificates, SK, to the CAcertThe signature key is used for representing the identity of the node and can be used as the signature key of the audit log in the transmission stage of the audit log. To prevent SKcertStolen, the method proposes to use the seal mechanism of SGX to SKcertAnd (5) sealing and protecting.
Intel SGX supports two seal schemes, one being seal based on enclave identity. The measurement value MRENCLAVE of enclave is used as the key by EGETKEY instruction of SGX. Any change that affects the enclave metric will result in a different key. This results in each enclave having a different key SealKey, which completely isolates different enclaves; the other is based on the seal identified by the seal, and the key at this time is generated by the EGETKEY instruction based on the MRSIGNER value and the enclave version. MRSIGNER reacts to the identity of the Sealing Authority that signed the enclave certificate. The advantage of this scheme is to allow the seal data to migrate between different versions of enclave. The Sealing Authority can sign a plurality of enclaves and allow the enclaves to acquire the same SealKey, and the enclaves can access the seal data of other enclaves.
The method adopts seal mechanism based on enclave identity to SKcertAnd sealing protection is carried out, so that the key can be ensured not to be attacked by other platforms or privileged software in the platform.
After the nodes and the third party in the cloud platform receive the public key certificate issued by the CA, the remote certification operation between the nodes can be carried out.
Step 1.2 remote attestation between nodes based on SGX
All the attestation programs are deployed in the SGX enclave to ensure the security of the attestation program itself. In the method, as long as communication is carried out between nodes, remote certification is firstly carried out. In the remote certification between the cloud node and the cloud management node: firstly, the cloud node and the cloud management node exchange public key certificates. And then the cloud node measures the application program enclave by calling a measurement mechanism of the SGX and requests the hardware to generate a REPORT. The REPORT is verified by a queuing envelope on the same platform, which is dedicated to the envelope of the remote attestation. After the verification is passed, the queuing envelope encapsulates the REPORT into a queue structure capable of representing the envelope and the platform state information, and finally calls a signature key EPID to sign the queue structure and send the signature to the cloud management node. The EPID key represents not only the trust of the platform but also the trust of the underlying hardware, and binds the version of the processor firmware, and when the Enclave system runs, only the queuing Enclave can access the EPID key. And after receiving the QUOTE, the cloud management node verifies the QUOTE and determines whether to trust the cloud node. The cloud node also authenticates the cloud management node by the method of step 1.2.
Step 2, negotiation of audit log transmission key
And negotiating a shared encryption/decryption key among the cloud node, the cloud management node and a third party by adopting a group key negotiation mode. And after receiving the audit log ciphertext information sent by the cloud node, the cloud management node does not decrypt the audit log ciphertext information, and relevant processing is carried out by a third party.
The method adopts a group key negotiation mode to complete key negotiation among the cloud nodes, the cloud management nodes and the third party in the audit log transmission process. A group with n group members negotiates a group key k by: all members select q and a in advance and then select a random number x respectivelyiAnd calculating the power value
Figure BDA0001953160600000041
The 1 st team member will gather
Figure BDA0001953160600000042
To the 2 nd team member. Generation of new by 2 nd Member
Figure BDA0001953160600000043
Figure BDA0001953160600000044
To the 3 rd panelist. By analogy, skTherein contains
Figure BDA0001953160600000045
To
Figure BDA0001953160600000046
Cumulative multiplication and slave of
Figure BDA0001953160600000047
To
Figure BDA0001953160600000048
Optionally, multiplication of k-1 power values. The nth, i.e. last member receives sn-1And calculate snThen s isnIn this way, all nodes can compute
Figure BDA0001953160600000049
Figure BDA00019531606000000410
Step 3, safe transmission of audit logs
Step 3.1 Audit log secure transmission from cloud node to cloud management node
After the remote certification and key agreement process in the step 2 is completed, the cloud node calls a symmetric encryption algorithm in enclave, the algorithm is determined by the cloud node, the cloud management node and a third party through negotiation in advance, the negotiated key k is used for encrypting the audit log, and then the cloud node private key SK is usedcertAnd signing the audit log ciphertext information and the node ID. The node ID is used for uniquely identifying the cloud node, so that a third party can conveniently confirm the source of the audit log. And finally, the cloud node sends the information to a cloud management node.
Step 3.2 Audit log secure transmission from cloud management node to third party
And 3.1, the cloud management node sends the audit log generated by the cloud management node to a third party, and the transmission process is the same as that in the step 3.1. Meanwhile, the third party also sends the received cloud node audit log to the third party, and the cloud management node plays a role in transferring.
Step 3.3 the third party recovers the plaintext information of the audit log
And after receiving the audit log message, the third party firstly verifies the signature by using the public key certificate of the cloud node/cloud management node. And after the verification is passed, decrypting the audit log by using the negotiation key k to obtain the plaintext information and the node ID of the audit log.
Step 4, safe storage of audit logs based on SGX
Step 4.1 SGX-based audit log encryption storage
And after the plaintext of the audit log is acquired, the third party encrypts the audit log in a grouping and blocking manner.
The method adopts a sealing scheme based on the SGX enclave identity, namely different enclaves have different sealing keys SealKey. And encrypting the audit logs in a grouping and blocking mode, wherein each group contains a fixed number of audit log blocks, and each block contains a fixed number of audit log strips. Each audit log block is identified by a unique identifier BID. The specific scheme for generating the encryption key of the audit log block is shown in the attached figure. And encrypting the block identifier BID, the hash value of the audit log, the cloud node ID and the audit log together. The method can ensure that the audit log stored in the third party can only be decrypted by the specific enclave in the third party platform, thereby ensuring the confidentiality of the audit log.
Step 4.2 SGX-based Audit log decryption and integrity verification
And the integrity verification and log block replacement attack detection operation is added in the decryption process. The third party can select two modes to decrypt the audit log block: the first is decryption by group, at this time, a third party needs to sequentially decrypt all audit log blocks in the group in sequence, and if the audit log block identifier BID is not monotonically increased, malicious log block replacement attack may exist. Stopping further operation and returning an error prompt; the second is decryption by block, that is, the third party only wants to decrypt a specific audit log block, and at this time, it needs to judge whether the decrypted audit log block identifier BID is equal to the BID input by the third party. If not, it indicates that there may be a malicious log block replacement attack. Stopping further operation and returning an error prompt. Regardless of the decryption mode, the third party needs to recalculate the hash value of the audit log and compare the hash value with the original hash value obtained by decryption. Therefore, whether the audit log is tampered and whether the integrity of the audit log is damaged or not is determined.
Compared with the prior art, the invention has the following technical effects.
1. The invention realizes the identity verification and the state certification between all cloud nodes generating logs and a third party performing log processing, thereby ensuring that the identities of all nodes participating in cloud audit log processing can not be pretended and the computing environment related to log processing is credible.
2. The invention negotiates a uniform audit log encryption and decryption key between the cloud and the third party, and improves the safe transmission efficiency of the audit log on the basis of ensuring the transmission confidentiality of the audit log. In the invention, the total number of n nodes including a third party is assumed, wherein the cloud platform comprises (n-2) common cloud nodes and 1 cloud management node, and the cloud platform comprises 1 third party node. The common cloud node is in many-to-one communication with the cloud management node, and the cloud management node is in one-to-one communication with the third party node outside the cloud. Through calculation, the communication key required by the scheme is only that of the traditional scheme
Figure BDA0001953160600000051
The number of communication encryption and decryption operations is only that of the conventional scheme
Figure BDA0001953160600000052
3. The invention realizes the safe storage and the integrity verification of the audit log based on the block based on the SGX, and can prevent the block replacement attack of the audit log.
4. The invention realizes the safe isolated execution of the key codes of the audit log processing program based on enclave, and can prevent the attack of privileged software such as an operating system, a VMM (virtual machine monitor), a BIOS (basic input output System) and the like.
Drawings
FIG. 1 is a view showing an overall structure of a liquid crystal display device
FIG. 2 cloud node functional block diagram
FIG. 3 is a third-party functional block diagram
FIG. 4 third party block key derivation diagram
Detailed Description
The invention is further described with reference to the following figures and detailed description.
The invention provides a cloud platform audit log protection method based on SGX, which mainly protects a remote certification stage, a key negotiation stage, an audit log safety transmission stage and an audit log safety storage stage between a cloud platform and a third party, and the overall architecture diagram is shown as the attached drawing 1. The cloud node and the cloud management node mainly comprise a remote certification module, a key negotiation module and a log encryption module. The third party comprises a remote certification module, a key negotiation module, a log decryption module and a safe storage module. The secure storage module comprises an SGX-based audit log encryption function, a decryption and integrity verification function and a log block replacement attack detection function.
Step 1 remote attestation between nodes
Step 1.1 SGX-based node identity key secure storage
The step 1.1 aims to realize the secure storage of the node identity key based on the SGX, and comprises the following specific implementation steps:
step 1.1.1 creates an enclave.
Step 1.1.2 Generation of a Key Pair PK within enclavecertAnd SKcert
Step 1.1.3 treatment of PKcertAnd other information is submitted to the CA for requesting a public key certificate.
Step 1.1.4 SKcertseal=sgx_seal_data(SKcertSeakey). For SKcertSealing protection is carried out, and the product is stored outside enclave.
Step 1.1.5 the node receives a certificate issued by the CA.
Step 1.2 remote attestation between nodes based on SGX
The purpose of step 1.2 is to implement the trustiness certification of the state between nodes of the whole network, here, the remote certification between a Cloud Node (CN) and a Cloud Management Node (CMN) is taken as an example. The specific implementation steps are as follows:
step 1.2.1CN- > CMN: req. The CN initiates a connection request req and sends it to the CMN.
Step 1.2.2CMN- > CN: MSG 1. MSG1 ═ certCMN. After receiving the connection request req of the CN, the CMN sends a public key certificate issued by the CA to the CMN.
Step 1.2.3CN- > CMN: MSG 2. MSG2 ═ certCN. CN uses CA public key pair certCMNAnd verifying, and after the verification is passed, the CN sends the public key certificate of the CN to the CMN.
Step 1.2.4CMN- > CN: MSG 3. MSG3 ═ EPID. The CMN calls an internal function SGX _ get _ Extended _ epid _ group _ id () of the Intel SGX envelope, acquires the Extended GID and sends the Extended GID to the CN.
Step 1.2.5CN- > CMN: and judging whether the EPID is equal to 0 or not by the Extended GID being equal to 0CN, and feeding back the result to the CMN. If EPID equals 0, then execute the next step; if the EPID is not equal to 0, remote attestation is interrupted.
Step 1.2.6CMN- > CN: MSG 4. MSG4 ═ PK 1. The CMN generates a public key PK1 for Diffie-Hellmannkey exchange (DHKE) and sends it to the CN.
Step 1.2.7CN- > CMN: MSG 5. MSG5 ═ PK2| | | quottype. The CN generates the public key PK2 for Diffie-Hellmann key exchange (DHKE) and the type of QUOTE it wants to verify and sends it to the CMN.
Step 1.2.8CMN- > CN: MSG 6. MSG6 ═ EN (quat | | | hash (quat)). CMN calls Intel SGX EGETKEY instruction, generates a QUOTE structure representing the identity and state of the enclave program, and calculates the shared key between the two parties according to PK1 and PK 2. Finally, the share key is used for encrypting the QUOTE and the hash thereof to generate the MSG6, and the MSG6 is sent to the CN.
Step 1.29CN- > CMN: MSG 7. MSG7 ═ OK. CN decrypts MSG6 to obtain QUOTE, then sends the QUOTE to an Attest Server for verification. After the verification is passed, the CN trusts the enclave program of the CMN and sends the verification result to the CMN.
Similarly, the certification process of the CMN to verify the CN is the same as the above steps. To simplify the description of the process, only the one-way remote attestation process is listed here. The actual remote attestation process is bidirectional.
Step 2, negotiation of audit log transmission key
And step 2, mainly carrying out negotiation of the encryption/decryption key of the cloud platform audit log unified over the whole network. The key agreement process considers the cloud node, the cloud management node and the third party as a unified node group. The node group is assumed to have n nodes, the cloud management node is the (n-1) th node, and the third party is the nth node. While default two elements q and a are shared between the nodes. The specific implementation steps are as follows:
step 2.1CN1- > CN 2: MSG 1. MSG1 ═ s1. A first cloud node in a cloud platform generates a random number x in enclave1And calculating the power value
Figure BDA0001953160600000081
At the moment, the cloud node can obtain the collecting platform
Figure BDA0001953160600000082
And will s1And sending the data to the second cloud node.
Step 2.2CN2- > CN 3: MSG 2. MSG2 ═ s2. The second cloud node receives s1Then, firstly, a random number x is generated in enclave2And is calculated to obtain
Figure BDA0001953160600000083
Then s is2And sending the data to a third cloud node.
By analogy, s obtained by computing the K-th cloud nodekTherein contains
Figure BDA0001953160600000084
To
Figure BDA0001953160600000085
Cumulative multiplication and slave of
Figure BDA0001953160600000086
To
Figure BDA0001953160600000087
Optionally, multiplication of k-1 power values.
Step 2.3CNn-1 (cloud management node) - > CNn (third party): MSGn. MSGn ═ sn. S calculated by the third party as the last nodenComprises a slave
Figure BDA0001953160600000088
To
Figure BDA0001953160600000089
Cumulative multiplication and slave of
Figure BDA00019531606000000810
To
Figure BDA00019531606000000811
Optionally, multiplication of n-1 power values.
Step 2.4CNn- > CNn-1: the third party will remove
Figure BDA00019531606000000812
S ofnThe n-1 elements in (a) are sent to the cloud management node.
Step 2.5CNn-1- > CN1, CN2 … CNn-2: the cloud management node receives the n-1 elements
Figure BDA00019531606000000813
And sending the data to the ith cloud node in sequence.
Step 2.6 finally each cloud node utilizes the received
Figure BDA00019531606000000814
Random number xiAnd sharing the elements q, a to calculate the final negotiation key
Figure BDA00019531606000000815
Step 3, safe transmission of audit logs
And 3, sending the audit logs generated by the cloud nodes and the cloud management nodes to a third party, and obtaining the plaintext information of the audit logs by the third party through decryption operation. After the key agreement in step 2, the cloud node, the cloud management node and the third party share the same encryption key. Therefore, the audit logs can be encrypted and decrypted by adopting a uniform symmetric encryption algorithm, and the method comprises the following specific steps:
step 3.1 Audit log secure transmission from cloud node to cloud management node
Step 3.1.1P ═ ENk(Log). And calling a symmetric encryption algorithm, and encrypting the plaintext of the audit log by using the negotiation key K to generate a ciphertext P.
Step 3.1.2SKcert=sgx_unseal_data(SKcertseal, SealKey). Recovering SKcert
Step 3.1.3M ═ SIG (P | | | CID). Using private key SK representing cloud node identitycertAnd signing the ciphertext P and the cloud node ID (CID) to generate the message M. And the cloud node sends the message M to the cloud management node.
Step 3.1.4SKcertseal=sgx_unseal_data(SKcertSeakey). Used SKcertAfter that, it is sealed and protected again.
Step 3.2 Audit log secure transmission from cloud management node to third party
And the cloud management node encrypts and sends the audit log generated by the cloud management node to a third party, and the step is the same as the step 3.1. Meanwhile, the cloud management node sends the received cloud node audit log to a third party, and the cloud management node plays a role in transferring.
Step 3.3 the third party recovers the plaintext information of the audit log
After receiving the ciphertext information of the audit log, the third party needs to process the ciphertext information to recover the plaintext form of the audit log. The method comprises the following specific steps:
step 3.3.1 VerifySign (M).
And the third party verifies the signature and extracts the audit log ciphertext P and the audit log source CID from the signature.
Step 3.3.2 Log ═ Dk(P)。
And calling a decryption algorithm by the third party, and decrypting the P by using the negotiation key K to obtain a plaintext form of the audit log.
Step 4, safe storage of audit logs based on SGX
And 4, the aim of the step 4 is to realize the safe storage of the SGX-based audit log in a third party. After obtaining the plaintext of the audit log, the third party needs to encrypt and store the audit log in a hardware disk. And when the audit log needs to be inquired, analyzed and the like, the audit log is decrypted. The method adds integrity verification and log block replacement attack detection operation in the decryption process. The confidentiality of the audit log is guaranteed, and the integrity of the audit log is guaranteed.
Step 4.1 SGX-based audit log encryption storage
The method comprises the steps of grouping, blocking, encrypting and storing the audit logs, wherein each group comprises a fixed number of audit log blocks, and each block comprises a fixed number of audit log strips. It is assumed here that each audit log group contains 1000 audit log blocks, each audit log block containing 1000 pieces of log information. The method comprises the following specific steps:
step 4.1.1 the third party creates an enclave.
And 4.1.2, calling an EGETKEY instruction of the Intel SGX by the third party to generate a key SealKey bound with the enclave.
Step 4.1.3 hash the initial key RK (only accessible inside enclave) within enclave to get k1 and put it into the set UK.
Step 4.1.4 UKseal sgx _ seal _ data (UK, SealKey).
And sealing the UK by using SealKey to obtain the UKseal.
Step 4.1.5 UK sgx _ unseal _ data (UKseal, SealKey).
When the audit log is encrypted, the UK is first decrypted by decrypting UKseal, and at this time, the UK only contains one element, i.e. k 1.
Step 4.1.6 k11=hash(k1,1)。
The hash of k1 and the block identifier BID (i.e. BID 1) of the first audit log block yields the encryption key k1 for that log block1. The block identifier BID is assigned by a monotonically increasing counter in enclave.
Step 4.1.7
Figure BDA0001953160600000101
And the third party encrypts the audit log block identifier BID, the hash value of the audit log and the cloud node ID (CID) together with the audit log so as to generate an encrypted audit log block.
Step 4.1.8 k12=hash(k11,2)。
Pair k11And the block identifier BID (namely BID 2) of the second audit log block to obtain the encryption key k1 of the log block2
Step 4.1.9
Figure BDA0001953160600000102
And the third party encrypts the audit log block identifier BID, the hash value of the audit log and the cloud node ID (CID) together with the audit log so as to generate an encrypted audit log block.
Step 4.1.10 and so on
Figure BDA0001953160600000103
And (4) repeating the steps from 4.1.3 to 4.1.10, and encrypting all audit logs according to groups. The ith block audit log ciphertext of group j may be represented as:
Figure BDA0001953160600000104
each set of corresponding root keys ki-hash (ki-1) may be represented as UK { k1, k2, k3... kn }, and the specific key generation scheme is shown in fig. 4.
Step 4.2 SGX-based Audit log decryption and integrity verification
The purpose of step 4.2 is to decrypt and verify the integrity of the audit log stored in the third party and to detect the attack of replacing the log block. The third party may decrypt the audit log in two different ways:
1. decrypt by group, perform step 4.2.1
2. Decrypt by block, perform step 4.2.2
Step 4.2.1 decrypt by group:
a) the third party inputs a positive integer u, namely the third party wants to decrypt the u < th > group of audit logs.
b) The UK is sgx _ unseal _ data (uksearch, SealKey), and the set UK is restored.
c) A key ku with an index equal to u is chosen from UK.
d)ku1Hash (ku). And hashing ku to obtain a decryption key of the first log block in the group.
e)
Figure BDA0001953160600000111
And calling a decryption algorithm to obtain the plaintext, the hash value, the CID and the BID of the block identifier of the audit log.
f)BID1000(u-1)+11000(u-1) + 1? And judging whether the BID obtained after decryption is the first block in the u-th group. If the two are equal, executing the next step; if not, the log block replacement attack may exist, and an error prompt is returned.
g)hashn==hashpIs there a And recalculating the hash value of the audit log, and judging whether the hash value is equal to the hash value obtained by decryption. If the audit logs are equal, the audit logs are not tampered; if the values are not equal, the audit log is possible to be tampered, and the integrity of the audit log is damaged.
h) By analogy, when the ith block is decrypted, the decryption key of the log block is as follows: kui=hash(kui-1)。
i)
Figure BDA0001953160600000112
And calling a decryption algorithm to obtain the plaintext, the hash value, the CID and the BID of the block identifier of the audit log.
j)BID1000(u-1)+i==BID1000(u-1)+i-1+ 1? When the ith block is decrypted, the BID of the block needs to be judged1000(u-1)+iWhether or not it is equal to BID of the previous block1000(u-1)+i-1+1. If the two are equal, executing the next step; if not, the log block replacement attack may exist, and an error prompt is returned.
k)hashn==hashpIs there a And recalculating the hash value of the audit log, and judging whether the hash value is equal to the hash value obtained by decryption. If the audit logs are equal, the audit logs are not tampered; if the values are not equal, the audit log is possible to be tampered, and the integrity of the audit log is damaged.
Step 4.2.2 block-wise decryption:
a) the third party enters the log block identifier BID that it wants to decrypt.
b) Computing
Figure BDA0001953160600000113
v-BID% 100. And judging which group the audit log block belongs to, and determining that the audit log block is the second encryption block of the audit log block group.
c) The UK is sgx _ unseal _ data (uksearch, SealKey), and the set UK is restored.
d) A key ku with an index equal to u is chosen from UK.
e)kuv=hashv(ku). Carrying out v times of hash on ku to obtain a decryption key of the encrypted log block
f)
Figure BDA0001953160600000121
And calling a decryption algorithm to decrypt the audit log block to obtain the clear text and the hash value of the audit log, the source node ID of the audit log and the identifier BID of the audit log block.
g)BIDn==BIDpIs there a Determining BID of current log block obtained by decryptionnBID with third party inputpWhether or not equal. If the two are equal, executing the next step; if not, the log block replacement attack may exist, and an error prompt is returned.
h)hashn==hashpIs there a Recalculating hash value of the audit log, judging whether the hash value is equal to the hash value obtained by decryption, and if so, determining whether the hash value is equal to the hash value obtained by decryptionIf the audit logs are equal, the audit logs are not tampered; if the values are not equal, the audit log is possible to be tampered, and the integrity of the audit log is damaged.

Claims (2)

1. A cloud platform audit log protection method based on SGX is characterized by comprising the following steps:
on the basis of assuming that the original audit log generated by the cloud node is authentic and credible, the cloud platform audit log used by a third party is ensured to be authentic and effective; before the audit log is transmitted from the cloud node, identity verification and state credibility certification based on remote certification are carried out on the cloud node and a third party participating in audit log transmission, so that the identity and the state of the node participating in audit log transmission are credible; meanwhile, a Diffie-Hellman key exchange algorithm suitable for the secure communication of the two parties is improved into a multi-party key agreement algorithm suitable for the multi-party secure communication in the cloud environment, so that the number of required communication keys and the number of encryption and decryption operations are reduced, and the confidentiality protection efficiency of an audit log in the communication process is improved; based on the SGX monotonic counter and the seal function, confidentiality and integrity protection of the block-based audit log is realized in a third party, and the log block replacement attack can be prevented; finally, the method is realized in the enclave of the SGX, so that the attack of privileged software can be effectively prevented; the method comprises the following concrete steps:
step 1 remote attestation between nodes
Step 1.1 SGX-based node identity key secure storage
When a node applies for a certificate to a CA, a pair of public and private keys PK needs to be generatedcertAnd SKcert;PKcertFor applying for certificates, SK, to the CAcertThe identity of the node is represented, and the identity can be used as a signature key of the audit log at the transmission stage of the audit log; to prevent SKcertStolen, the method proposes to use the seal mechanism of SGX to SKcertSealing and protecting;
the Intel SGX supports two seal schemes, one is seal based on enclave identity; at the moment, the measurement value MRENCLAVE of enclave is used as a key through an EGETKEY instruction of the SGX; any change affecting the enclave metric will result in a different key; this results in each enclave having a different key SealKey, which completely isolates different enclaves; the other is based on the seal identified by the seal, and the key at this time is generated by the EGETKEY instruction based on the MRSIGNER value and the enclave version; MRSIGNER reacts to the identity of the Sealing Authority that signed the enclave certificate; the scheme has the advantages that the seal data is allowed to be migrated among enclaves of different versions; the Sealing Authority can sign a plurality of enclaves and allow the enclaves to acquire the same sealKey, and the enclaves can access the seal data of other enclaves;
the method adopts seal mechanism based on enclave identity to SKcertSealing protection is carried out, and the secret key can be prevented from being attacked by other platforms or privileged software in the platform;
after the nodes and the third party in the cloud platform receive the public key certificate issued by the CA, the remote certification operation between the nodes can be carried out;
step 1.2 remote attestation between nodes based on SGX
All the certification programs are deployed in the enclave of the SGX to ensure the safety of the certification programs; in the method, as long as the communication is carried out between the nodes, the remote certification is firstly carried out; in the remote certification between the cloud node and the cloud management node: firstly, exchanging public key certificates by a cloud node and a cloud management node; then the cloud node measures the application program enclave by calling a measurement mechanism of the SGX and requests hardware to generate a REPORT; the REPORT is verified by a queuing envelope on the same platform, and the queuing envelope is specially used for the envelope of the remote certification; after the verification is passed, the queuing envelope encapsulates the REPORT into a queue structure capable of representing the envelope and the platform state information, and finally calls a signature key EPID to sign the queue structure and send the signature to the cloud management node; the EPID key not only represents the credibility of a platform but also represents the credibility of bottom hardware, and the version of processor firmware is bound, and when the Enclave system runs, only the queuing Enclave can access the EPID key; after receiving the QUOTE, the cloud management node verifies the QUOTE and determines whether to trust the cloud node; the cloud node also verifies the cloud management node through the method in the step 1.2;
step 2, negotiation of audit log transmission key
Negotiating a shared encryption/decryption key among the cloud node, the cloud management node and a third party by adopting a group key negotiation mode; after receiving the audit log ciphertext information sent by the cloud node, the cloud management node does not decrypt the audit log ciphertext information, and relevant processing is carried out by a third party;
the method adopts a group key negotiation mode to complete key negotiation among the cloud nodes, the cloud management nodes and the third party in the audit log transmission process; a group with n group members negotiates a group key k by: all members select q and a in advance and then select a random number x respectivelyiAnd calculating the power value
Figure FDA0002960942670000021
The 1 st team member will gather
Figure FDA0002960942670000022
To the 2 nd team member; generation of new by 2 nd Member
Figure FDA0002960942670000023
Figure FDA0002960942670000024
To the 3 rd team member; by analogy, skTherein contains
Figure FDA0002960942670000025
To
Figure FDA0002960942670000026
Cumulative multiplication and slave of
Figure FDA0002960942670000027
To
Figure FDA0002960942670000028
In which the multiplication of k-1 power values is optional(ii) a The nth, i.e. last member receives sn-1And calculate snThen s isnIn this way, all nodes compute
Figure FDA0002960942670000029
Figure FDA00029609426700000210
Step 3, safe transmission of audit logs
Step 3.1 Audit log secure transmission from cloud node to cloud management node
After the remote certification and key agreement process in the step 2 is completed, the cloud node calls a symmetric encryption algorithm in enclave, the algorithm is determined by the cloud node, the cloud management node and a third party through negotiation in advance, the negotiated key k is used for encrypting the audit log, and then the cloud node private key SK is usedcertSigning the audit log ciphertext information and the node ID; the node ID is used for uniquely identifying the cloud node, so that a third party can conveniently confirm the source of the audit log; finally, the cloud node sends the information to a cloud management node;
step 3.2 Audit log secure transmission from cloud management node to third party
The cloud management node sends the audit log generated by the cloud management node to a third party, and the transmission process is the same as the step 3.1; meanwhile, the third party also sends the received cloud node audit logs to the third party, and the cloud management node plays a role in transferring;
step 3.3 the third party recovers the plaintext information of the audit log
After receiving the audit log message, the third party firstly verifies the signature by using a public key certificate of the cloud node/cloud management node; after the verification is passed, decrypting the audit log by using the negotiation key k to obtain the plaintext information and the node ID of the audit log;
step 4, safe storage of audit logs based on SGX
Step 4.1 SGX-based audit log encryption storage
After the plaintext of the audit log is acquired, a third party encrypts the audit log in a grouping and blocking manner;
a sealing scheme based on the SGX enclave identity, namely different enclaves have different sealing keys SealKey; encrypting the audit logs in a grouping and blocking mode, wherein each group contains a fixed number of audit log blocks, and each block contains a fixed number of audit log strips; each audit log block is identified by a unique identifier BID; the specific scheme for generating the encryption key of the audit log block is shown in the attached drawing; encrypting the block identifier BID, the hash value of the audit log, the cloud node ID and the audit log; the method can ensure that the audit log stored in the third party can only be decrypted by the specific enclave in the third party platform, thereby ensuring the confidentiality of the audit log;
step 4.2 SGX-based Audit log decryption and integrity verification
Integrity verification and log block replacement attack detection operation are added in the decryption process; the third party selects two modes to decrypt the audit log block: the first is decryption according to a group, at the moment, a third party needs to sequentially decrypt all audit log blocks in the group, and if the BID (identifier) of the audit log blocks is not monotonically increased, malicious log block replacement attack is possible; stopping further operation and returning an error prompt; the second one is decryption by block, that is, the third party only wants to decrypt a specific audit log block, and at this time, whether the decrypted audit log block identifier BID is equal to the BID input by the third party or not needs to be judged; if not, the log block replacement attack is indicated to be possibly malicious; stopping further operation and returning an error prompt; regardless of the decryption mode, the third party needs to recalculate the hash value of the audit log and compare the hash value with the original hash value obtained by decryption; therefore, whether the audit log is tampered and whether the integrity of the audit log is damaged or not is determined.
2. The SGX-based cloud platform audit log protection method according to claim 1, wherein:
in order to ensure the transmission security of the audit log and the storage security of the related key, a hardware environment supporting Intel SGX is deployed on each node of a third party and a cloud platform, and the hardware environment comprises four stages: the first stage is remote attestation between nodes; the first stage is to carry out identity authentication and state credibility certification among nodes, and as long as communication is carried out among the nodes, remote certification is required; the second stage is key negotiation between communication nodes; a symmetric audit log encryption/decryption key is negotiated among the cloud node, the cloud management node and a third party by adopting a group key negotiation mode, so that the log encryption/decryption efficiency is improved; the third stage is the safe transmission of the audit log; the third stage is to use the key negotiated in the second stage and call a uniform encryption algorithm to perform secure transmission on the cloud platform audit log; the third stage comprises three parts, namely, firstly, the safe transmission of the audit log from the cloud node to the cloud management node, secondly, the encrypted transmission of the audit log from the cloud management node to a third party, and finally, the plaintext recovery of the received audit log ciphertext information by the third party; the fourth stage is the safe storage of the audit log in a third party; the fourth stage is to realize the functions of encrypted storage, decryption and integrity verification of the audit log in a third party and the attack detection of the audit log block replacement; the method can not only ensure the confidentiality and the integrity of the audit log, but also ensure the safety of the processing program of the audit log.
CN201910057918.2A 2019-01-19 2019-01-19 Cloud platform audit log protection method based on SGX Active CN109561110B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910057918.2A CN109561110B (en) 2019-01-19 2019-01-19 Cloud platform audit log protection method based on SGX

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910057918.2A CN109561110B (en) 2019-01-19 2019-01-19 Cloud platform audit log protection method based on SGX

Publications (2)

Publication Number Publication Date
CN109561110A CN109561110A (en) 2019-04-02
CN109561110B true CN109561110B (en) 2021-06-04

Family

ID=65873452

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910057918.2A Active CN109561110B (en) 2019-01-19 2019-01-19 Cloud platform audit log protection method based on SGX

Country Status (1)

Country Link
CN (1) CN109561110B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110138799B (en) * 2019-05-30 2020-07-17 东北大学 SGX-based secure cloud storage method
CN111988141B (en) * 2020-03-18 2022-08-02 支付宝(杭州)信息技术有限公司 Method and device for sharing cluster key
CN113556230A (en) * 2020-04-24 2021-10-26 华控清交信息科技(北京)有限公司 Data security transmission method, certificate correlation method, server, system and medium
CN111786779B (en) * 2020-06-18 2022-03-18 中国电子科技集团公司第三十研究所 Novel accountability security data sharing system and method
CN111859467B (en) * 2020-07-23 2024-03-26 中国工商银行股份有限公司 Cloud data integrity auditing method and device based on SGX
CN112364370B (en) * 2020-10-14 2023-04-07 天津大学 Privacy protection cloud auditing method based on block chain
CN112818396B (en) * 2021-02-02 2024-02-02 北京工业大学 BMC trusted audit log generation and management method
CN113193960B (en) * 2021-04-01 2022-11-29 西安电子科技大学 Accountability shared cloud data ownership transferring and auditing method and system
CN114189515B (en) * 2021-11-12 2023-08-04 苏州浪潮智能科技有限公司 SGX-based server cluster log acquisition method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107463838A (en) * 2017-08-14 2017-12-12 广州大学 Method for safety monitoring, device, system and storage medium based on SGX
CN107832606A (en) * 2017-09-28 2018-03-23 中国船舶重工集团公司第七0九研究所 Trust chain realization method and system based on SGX
US10031993B1 (en) * 2017-06-12 2018-07-24 Intel Corporation Application store model for dynamic reconfiguration of a field-programmable gate array (FPGA)
CN108322306A (en) * 2018-03-17 2018-07-24 北京工业大学 A kind of cloud platform reliable journal auditing method towards secret protection based on trusted third party

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10031993B1 (en) * 2017-06-12 2018-07-24 Intel Corporation Application store model for dynamic reconfiguration of a field-programmable gate array (FPGA)
CN107463838A (en) * 2017-08-14 2017-12-12 广州大学 Method for safety monitoring, device, system and storage medium based on SGX
CN107832606A (en) * 2017-09-28 2018-03-23 中国船舶重工集团公司第七0九研究所 Trust chain realization method and system based on SGX
CN108322306A (en) * 2018-03-17 2018-07-24 北京工业大学 A kind of cloud platform reliable journal auditing method towards secret protection based on trusted third party

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于SGX的证书可信性验证与软件安全签发系统;冯达,王强,赵译文,徐剑;《信息网络安全》;20180331;全文 *

Also Published As

Publication number Publication date
CN109561110A (en) 2019-04-02

Similar Documents

Publication Publication Date Title
CN109561110B (en) Cloud platform audit log protection method based on SGX
Yuan et al. Blockchain-based public auditing and secure deduplication with fair arbitration
Bera et al. Designing blockchain-based access control protocol in IoT-enabled smart-grid system
Fan et al. One secure data integrity verification scheme for cloud storage
Yang et al. Provable data possession of resource-constrained mobile devices in cloud computing
TWI701929B (en) Cryptographic calculation, method for creating working key, cryptographic service platform and equipment
Wang et al. Privacy-preserving public auditing for data storage security in cloud computing
Cui et al. SVkNN: Efficient secure and verifiable k-nearest neighbor query on the cloud platform
US10630478B1 (en) Sender optimal, breach-resilient, and post-quantum secure cryptographic methods and systems for digital auditing
WO2022199290A1 (en) Secure multi-party computation
GB2555961A (en) System of enclaves
CN110213231B (en) SGX-oriented lightweight outsourcing data access control method and control system
CN111989891A (en) Data processing method, related device and block chain system
TW201502844A (en) Systems, methods and apparatuses for remote attestation
WO2013010427A1 (en) Key generation, backup and migration method and system based on trusted computing
Yu et al. Verifiable outsourced computation over encrypted data
Nirmala et al. Data confidentiality and integrity verification using user authenticator scheme in cloud
Subha et al. Efficient privacy preserving integrity checking model for cloud data storage security
Hahn et al. Trustworthy delegation toward securing mobile healthcare cyber-physical systems
Dulin et al. An associated deletion scheme for multi-copy in cloud storage
US8954728B1 (en) Generation of exfiltration-resilient cryptographic keys
Lee et al. How to securely record logs based on ARM trustzone
Patel et al. Data storage security model for cloud computing
Mohammed et al. Secure third party auditor (tpa) for ensuring data integrity in fog computing
US11496287B2 (en) Privacy preserving fully homomorphic encryption with circuit verification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant