信息网络安全 ›› 2023, Vol. 23 ›› Issue (6): 55-65.doi: 10.3969/j.issn.1671-1122.2023.06.006

• 技术研究 • 上一篇    下一篇

一种基于Intel SGX的信息中心网络隐私保护方案

唐雨1, 张驰2()   

  1. 1.中国科学技术大学先进技术研究院,合肥 230031
    2.中国科学技术大学网络空间安全学院,合肥 230022
  • 收稿日期:2023-03-30 出版日期:2023-06-10 发布日期:2023-06-20
  • 通讯作者: 张驰 chizhang@ustc.edu.cn
  • 作者简介:唐雨(1998—),男,辽宁,硕士研究生,主要研究方向为可信硬件、计算机技术|张驰(1977—),男,湖北,副教授,博士,主要研究方向为无线网络、网络安全、区块链技术
  • 基金资助:
    国家自然科学基金重点项目(U19B2023);国家重点研发计划(2018YFB0804201)

A Privacy Protection Scheme for Information-Centric Networking Based on Intel SGX

TANG Yu1, ZHANG Chi2()   

  1. 1. Institute of Advanced Technology, University of Science and Technology of China, Hefei 230031, China
    2. School of Cyber Science and Technology, University of Science and Technology of China, Hefei 230022, China
  • Received:2023-03-30 Online:2023-06-10 Published:2023-06-20

摘要:

信息中心网络作为一种新型的网络架构,能够最大化利用网络带宽,实现快速、可靠、可扩展的内容交互服务。但是,由于信息中心网络的路由节点需要承担包括数据存储、名称检索等功能,其软硬件架构相对于传统网络而言也更复杂,这导致网络基础设施的安全性更加脆弱。文章提出一种基于可信执行环境的信息中心网络隐私保护方案,使用跳表实现网络主要内存数据的存储,并利用Intel SGX提供的可信执行环境保证存储在不可信内存数据的机密性和完整性,之后在此基础上提出一种保护网络内容包名称隐私的转发方案。实验结果表明,该方案在提供更高安全性的同时,其网络平均接收时延仅比NDN基本方案高10%左右。

关键词: 信息中心网络, 可信执行环境, Intel SGX, 隐私保护

Abstract:

As a novel network architecture, Information-Centric Networking (ICN) maximizes the utilization of network bandwidth and provides fast, reliable, and scalable content exchange services. However, the routing nodes in ICN are required to perform additional functions, such as data storage and name retrieval, making their software and hardware architecture more complex than traditional networks. This complexity can lead to increased vulnerabilities in the network infrastructure. Therefore, this paper proposed a privacy protection scheme for ICN based on a trusted execution environment. The scheme used skip lists to store the primary memory data within the network and leveraged the trusted execution environment provided by Intel SGX to ensure the confidentiality and integrity of data stored in untrusted memory. Furthermore, a forwarding scheme was proposed to protect the privacy of network content packet names. The experimental results demonstrate that the proposed approach can provide enhanced security, with only a slight increase of approximately 10% in average network-level latency compared to the NDN baseline solution.

Key words: information-centric networking, trusted execution environment, Intel SGX, privacy protection

中图分类号: