SGX-based Certificate Credibility Verification and Secure Software Issuance System

doi:10.3969/j.issn.1671-1122.2018.03.008

Abstract

Abstract:

The software system has become increasingly complex, and the security risks brought by software are becoming more and more obvious. Software security involves almost all users of application information system. If software security is not effectively guaranteed, a series of security problems such as privacy leakage, remote control, secret monitoring will pose a great threat to people. Therefore, whether the software is safe, whether the software is really what the user wants, whether the software itself has the back door, and whether the software certificate is authentic become urgent problems to be solved at present. In view of the above problems, this paper constructs a certificate credibility verification method based on SGX technology, and develops a secure software issuance system. Firstly, a secure architecture including audit server, CA, software developers and users is designed. Then, a secure software issuance system and a certificate acquisition system based on SGX are designed and implemented by integrating SGX technology with digital signature and encryption technology. The test verifies the feasibility of the system.

Key words: SGX, signature, audit server, certificate verification, secure issuance

CLC Number:

TP309

Da FENG, Qiang WANG, Yiwen ZHAO, Jian XU. SGX-based Certificate Credibility Verification and Secure Software Issuance System[J]. Netinfo Security, 2018, 18(3): 63-69.

Figures/Tables 13

References 15

[1]	张娴. 基于可信计算的软件安全下载设计与实现[D].西安:西安电子科技大学, 2010.
[2]	范冠男,董攀.基于TrustZone的可信执行环境构建技术研究[J].信息网络安全,2016(3):21-27.
[3]	马荣.Chrome发现法国CA发行商伪造证书行为[EB/OL]. , 2013-12-10/2017-11-1.
[4]	韩水玲,马敏,王涛,等.数字证书应用系统的设计与实现[J].信息网络安全,2012(9):43-45.
[5]	JOHN M, BENJAMIN O. Intel® Software Guard Extensions Tutorial Series: Part 1. Intel® SGX Foundation[EB/OL]., 2016-11-10.
[6]	JOHN M. Intel Software Guard Extensions Tutorial Series: Part II, Application Design[EB/OL].,2016-11-21/2017-11-10.
[7]	JOHN M, ISAYAH R. Intel Software Guard Extensions Tutorial Series: Part III, Intel® SGX Design[EB/OL]., 2016-11-27/2017-11-10.
[8]	JOHN M. Intel Software Guard Extensions Tutorial Series: Part Fourth, Security Design[EB/OL]., 2016-11-27/2017-11-10.
[9]	JOHN M. Intel Software Guard Series of Extensions: the Fifth Part, the Safe Area Development[EB/OL].,2016-11-27/2017-11-10.
[10]	COSTAN V, DEVADAS S. Intel SGX Explained[EB/OL]. ,2017-11-10.
[11]	MCKEEN F, ALEXANDROVICH I, BERENZON A, et al.Innovative Instructions and Software Model for Isolated Execution[C]//ACM. the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy,June 23 - 24, 2013,Tel-Aviv, Israel. New York:ACM,2013:1-8.
[12]	HUSAK M, CERMAK M, JIRSIK T J, et al.Network-based HTTPS Client Identification Using SSL/TLS Fingerprinting[C]//IEEE. the 10th International Conference on Availability, Reliability and Security, August 24 - 27, 2015, Toulouse, France.NJ:IEEE, 2015: 389-396.
[13]	郭涛,李之棠,彭建喜.数字签名技术[J].信息网络安全,2002(08):34-36
[14]	BEEKMAN J,MANFERDELLI J, WAGNER D. Attestation Transparency: Building Secure Internet Services for Legacy Clients[EB/OL]. ,2016-3-15.
[15]	RIVEST RL, SHAMIR A, ADLEMAN L.A Method for Obtaining Digital Signatures and Public-Key Cryptosystems[J]. Communications of the ACM. 1978,21(2): 120-126.