Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

SGX: Improving Privacy, Security, and Trust Across Blockchain Networks

569 Aufrufe

Veröffentlicht am

These slides explain how to use Intel Software Garden Extensions (SGX) to improve privacy, security, trust, and transparency across blockchain networks that store sensitive data.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

SGX: Improving Privacy, Security, and Trust Across Blockchain Networks

  1. 1. SGX: Improving Privacy, Security, and Trust Across Blockchain Networks Dmitry Lavrenov Senior Blockchain R&D Engineer ALTOROS @altoros
  2. 2. PRODUCT DEVELOPMENT TRAINING CONSULTING Altoros is a professional services company that helped 50+ Global 2000 organizations to obtain sustainable competitive advantage through adoption of innovative technologies. We offer methodology, training, technology building blocks, and deep industry knowledge for cloud automation, microservices, blockchain, and AI. ABOUT ALTOROS @altoros
  3. 3. AGENDA Digital data What is Intel SGX ? Blockchain and sensitive data Blockchain and Intel SGX Solution Industries. Use cases 01 02 03 04 05 @altoros
  4. 4. Data in Motion: data crossing over networks from local to cloud storage or from central mainframe to a remote terminal Data at Rest: inactive data stored physically Data in Use: data processed by one or more applications DATA IN MOTION DATA IN USE DATA AT REST DIGITAL DATA @altoros
  5. 5. How to prevent data access by Adversary? Data encryption. DATA AT REST @altoros
  6. 6. Innocent End User Remote server Leak! Leak! Leak! DATA IN MOTION Http @altoros
  7. 7. Safe! DATA IN MOTION Leak! Data in Use by the Server Note: Users must trust the Remote Server Https Innocent End User Remote server @altoros
  8. 8. DATA IN USE @altoros
  9. 9. DATA IN USE @altoros
  10. 10. DATA IN USE @altoros
  11. 11. DATA IN USE @altoros
  12. 12. ● A Trusted Execution Environment from Intel for applications ● Isolates a portion of physical memory to protect select code and data from view or modification ● In Intel SGX, these isolated portions of memory are called “enclaves” WHAT IS INTEL SGX? @altoros
  13. 13. WHAT IS INTEL SGX? Usual applications ● Apps must trust - OS/VMM - BIOS, SMM ● Trust relies on software Applications w/ SGX ● Apps must trust - SGX hardware ● Trust excludes OS/VMM/BIOS/SMM @altoros
  14. 14. Safe! DATA IN MOTION Leak! Data in Use by the Server Note: Users must trust the Remote Server Https Innocent End User Remote server @altoros
  15. 15. WHAT IS INTEL SGX? @altoros
  16. 16. DATA IN MOTION DATA IN USE DATA AT REST DIGITAL DATA WITH SGX Encrypted @altoros
  17. 17. DATA IN MOTION DATA IN USE DATA AT REST THE BLOCKCHAIN NETWORK MODEL @altoros
  18. 18. ● Blockchain-based applications and computing are controlled by a distributed network of multiple machines or ‘nodes’. ● Each ‘node’ that takes part in validating transactions gets access to the data in clear text. ● Any root privilege user of the ‘node’ may easily inspect/control/transfer the sensitive data BLOCKCHAIN AND SENSITIVE DATA @altoros
  19. 19. Secure Transaction Execution (STE) ● transaction execution and validation in “enclave” ● remote attestation BLOCKCHAIN AND INTEL SGX SOLUTION @altoros
  20. 20. ● Privacy. Keep transaction information isolated from other participants in the network. ● Security. Secure key management help secure and obfuscate keys from malware. ● Trust. Remote attestation help authorize off-chain participants like oracles and sensors. BLOCKCHAIN AND INTEL SGX SOLUTION @altoros
  21. 21. Healthcare INDUSTRIES Banking Politics (voting) Real Estate Security (storage, computing) @altoros
  22. 22. USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Peggy Owner: Victor Public Data Secret DataVictor Peggy @altoros
  23. 23. ● Supplier choose to disclose the existence of C and some of the details to a specific collection of participants, “factors”. ● Only factors chosen by supplier know the information about C. ● Factors must be able to verify that C exists and that Victor is the supplier and Peggy is the buyer. USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Peggy Owner: Victor Public Data ********************* Victor Factor 1 Factor 2 Factor N Contract proof with selective disclosure @altoros
  24. 24. ● Each Factor may create a Bid Bi for the contract ● Details of the bid may be known only to Fi and supplier, however Fi must commit to the bid USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Peggy Owner: Victor Public Data ********************* ********************* Victor Contract proof with selective disclosure Factor 1 Factor 2 Factor N Bid 1 Bid 2 Bid N @altoros
  25. 25. ● Supplier may choose one bid and execute a transfer of ownership of the contract to the winning participant USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Factor 2 Owner: Victor Public Data ********************* ********************* Victor Contract proof with selective disclosure Factor 1 Factor 2 Factor N Bid 2
  26. 26. ● The winning participant may see all information about the contract ● After handoff supplier may no longer see changes to the contract or make modifications to it USE CASES. SUPPLY CHAIN Contract Supplier: Victor Buyer: Factor 2 Owner: Victor Public Data Secret DataVictor Contract Factor 2 @altoros
  27. 27. ● During the bidding process, all information about the identities of the factors must be hidden from the buyer and the other factors. ● Details of a bid must be kept confidential to the seller.. ● The identity of the winning factor must be kept confidential from the other factors. ● Factors have the right to view the only specific details of the contract C that are exposed by the supplier. ● The winning factor gains visibility to all details of the contract C when ownership is transferred. USE CASES. SUPPLY CHAIN. REQUIREMENTS @altoros
  28. 28. ● A registrar creates a new voting pool and provides voters their ballots USE CASES. E-VOTING Ballot Cand.1…… Cand.2….. Registrar Voter 2 Voter 3 Voter NVoter 1 @altoros
  29. 29. ● Voters can cast their vote, which is anonymized and stored in an electronic ballot box USE CASES. E-VOTING Ballot box Voter 2 Voter 3 Voter NVoter 1 X X X X @altoros
  30. 30. ● After voting period ends, a voting committee counts and verifies the ballots and announces the result USE CASES. E-VOTING @altoros
  31. 31. ● Voters require unique identifier. Voters impersonation must be prevented. Voters can cast ballot only once. ● Cast ballots must be integrity and confidentiality protected at rest and in motion. ● Cast ballots can only be revealed by an authorized entity (committee / validator) that counts ballots ● Voters must be able to verify that their ballot has been considered (counted) during the validation ● Validating system must be resistant to misbehaving committee members to ensure that no party can corrupt the voting process and forge the result. USE CASES. E-VOTING. REQUIREMENTS @altoros
  32. 32. THANK YOU! @altoros website blog

×