CN113688394B - Block chain-based outsourcing computing system and method in safe and trusted execution environment - Google Patents

Block chain-based outsourcing computing system and method in safe and trusted execution environment Download PDF

Info

Publication number
CN113688394B
CN113688394B CN202110630295.0A CN202110630295A CN113688394B CN 113688394 B CN113688394 B CN 113688394B CN 202110630295 A CN202110630295 A CN 202110630295A CN 113688394 B CN113688394 B CN 113688394B
Authority
CN
China
Prior art keywords
task
module
outsourcing
information
processed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110630295.0A
Other languages
Chinese (zh)
Other versions
CN113688394A (en
Inventor
胡春强
刘泽伟
蒲誉文
熊庆宇
向涛
廖晓峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University
Original Assignee
Chongqing University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University filed Critical Chongqing University
Priority to CN202110630295.0A priority Critical patent/CN113688394B/en
Publication of CN113688394A publication Critical patent/CN113688394A/en
Application granted granted Critical
Publication of CN113688394B publication Critical patent/CN113688394B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an outsourcing computing system and method based on a blockchain in a safe and trusted execution environment. The system comprises a data processing requiring party, a plurality of cloud service providers and a blockchain platform; the invention takes the semi-trusted CSP as the task processing node on the blockchain platform, realizes the data outsourcing function and reduces the calculation cost of users. In order to fully automate the outsourcing process, intelligent contracts are introduced into the outsourcing scheme, so that manual intervention is effectively reduced, and the reliability of data is improved.

Description

Block chain-based outsourcing computing system and method in safe and trusted execution environment
Technical Field
The invention relates to the field of cloud computing, in particular to an outsourcing computing system and method based on a blockchain in a safe and trusted execution environment.
Background
Currently, cloud computing is used as a new computing model, and can provide users with appropriate on-demand allocation resources. Due to the rapid increase in the amount of local data, resource-constrained individuals or businesses cannot or are reluctant to bear a heavy computational burden. Thus, in this case, outsourced computing models in cloud computing are particularly attractive. With the powerful computing power and storage functions of cloud computing, users can outsource computing that consumes a large amount of resources to cloud service providers (Cloud service provider, CSP), and then pay on demand and enjoy unlimited computing and storage services. Today, cloud computing has been applied to many practical situations, such as internet of things, medical treatment, education, and the like. Some well-known internet companies, such as microsoft, ***, etc., have provided their own public cloud services.
Although cloud service providers have greatly reduced the computational effort of end users, there are some unavoidable obstacles in practical applications, such as privacy and security of source data. Generally, source data is often of value to a particular population. Thus, when users upload data to the cloud, they have no way or method to know whether the data is being processed normally, i.e., the use of the data side cannot be controlled by the data provider. In fact, a cloud service provider is an honest but curious entity, meaning that it can accomplish what users require them to do, but for curiosity or other purposes it will attempt to infer the privacy of the user from the user's data. In this case, the privacy of the user is severely threatened, which becomes one of the unavoidable problems. In addition, since cloud service providers are semi-honest, the correctness of the processed data cannot be guaranteed. In other words, it may maliciously modify the processed results, thereby causing incorrect results, misleading the user. Therefore, it is also worth exploring how to maintain the correctness of the data processing.
So far, many viable techniques for protecting privacy preserving outsourced computing have been proposed to address these issues. Among other things, secure multi-party computing and homomorphic encryption can provide efficient algorithms for secure outsourcing, and have high security performance in many applications. However, the aforementioned outsourcing approach requires a large amount of computational resources, and thus its application is limited in some respects.
Disclosure of Invention
The invention aims to provide a blockchain-based outsourcing computing system in a safe and trusted execution environment, which comprises a data processing demander, a plurality of cloud service providers and a blockchain platform.
And the data processing requirement transmits encrypted key information of the outsourcing task to be processed to the blockchain platform.
The data processing demand direction receives IP addresses sent by a plurality of cloud service providers, and selects a trusted cloud service provider from the cloud service providers.
And the data processing demand party establishes a communication channel with the trusted cloud service provider, and sends the encrypted detailed information of the to-be-processed outsourcing task to the trusted cloud service provider through the communication channel.
And the data processing demand side receives the processed outsourcing task information fed back by the block chain platform and decrypts the processed outsourcing task information.
The data processing requester registers with the blockchain platform and obtains a public key and a private key distributed by the blockchain platform. The public key and the private key are used for encrypting key information of the outsourcing task to be processed and detailed information of the outsourcing task to be processed.
The cloud service provider is a blockchain consensus node.
The cloud service provider includes a host thread and an enclave.
The host thread is used for communicating with a data processing demander and a task broadcasting module.
And the host thread receives the key information of the task to be processed, which is broadcast by the task broadcasting module, and transmits the key information to the data sealing and unsealing module of the enclave.
And the host thread receives the detailed information of the outsourcing task to be processed, which is sent by the data processing demand party, and transmits the detailed information to the data sealing and unsealing module of the enclave.
The host thread sends the encrypted processed outsourced task information to a blockchain platform.
The host thread is also used to initialize the enclave.
And the host thread judges whether the conditions for executing the outsourcing task are met according to the key outsourcing task unpacking information, and if yes, the host thread sends the IP address to the data processing requiring party.
The enclave comprises an EVM module, an encryption and decryption operation module, a data sealing and unsealing module and a data signature module.
And the data sealing and unsealing module unseals the key information of the outsourcing task to be processed to obtain the key unsealing information of the outsourcing task.
And the data sealing and unsealing module unseals the detailed information of the outsourcing task to be processed to obtain the detailed unsealing information of the outsourcing task, and transmits the detailed unsealing information of the outsourcing task to the password operation module.
And the password operation module decrypts the outsourcing task detailed unpacking information to obtain outsourcing task detailed decryption information and transmits the outsourcing task detailed decryption information to the EVM module.
The cryptographic operation module receives and encrypts the processed outsourcing task information and transmits the encrypted processed outsourcing task information to the host thread.
And the password operation module encrypts the processed outsourcing task information and sends the encrypted outsourcing task information to the data signature module.
And the EVM module executes the outsourcing task according to the outsourcing task detailed decryption information, obtains processed outsourcing task information, and transmits the processed outsourcing task information to the password operation module.
The data signature module generates a signature sig= (PK (Res task ),H(PK(Res task ) And) transmitting the encrypted outsourced task information to the blockchain platform.
The enclave also includes an SGX remote authentication module.
The SGX remote authentication module is used for verifying a data processing requiring party and establishing a communication channel with the data processing requiring party with successful verification.
The blockchain platform comprises a BSC module and an OMC module.
The BSC module comprises a task broadcasting module.
The BSC module also comprises a service preset module.
The service preset module is used for charging a fee to a data processing requiring party of an outsourcing task to be processed so as to prevent DoS attack.
And the task broadcasting module receives the key information of the outsourcing task to be processed and broadcasts the key information to all the consensus nodes.
The OMC module comprises an information recording module and a result analysis module.
The OMC module also comprises a pre-storage and distribution module.
The OMC module pre-fetches the fees to the data demander and sends the fees to the trusted cloud service provider after the blockchain platform sends the processed outsourced task information to the data processing demander.
The OMC module further comprises a service query module.
The service inquiry module is used for checking whether the data processing demand party prepays fees and whether the trusted cloud service provider receives the fees.
The information recording module receives and stores the processed outsourcing task information.
The information recording module stores the IP address of the trusted cloud service provider selected by the data processing requiring party.
And the result analysis module judges whether the processed outsourcing task information is from a trusted cloud service provider selected by the data processing demand party or not, judges whether the outsourcing task information is tampered or not, and if the processed outsourcing task information is from the trusted cloud service provider and is not tampered, sends the processed outsourcing task information to the data processing demand party.
The method comprises the following steps of using the outsourcing computing system based on the blockchain in the safe and trusted execution environment:
1) And the data processing requirement transmits key information of the outsourcing task to be processed to the blockchain platform.
2) And broadcasting the key information of the outsourcing task to be processed to all cloud service providers by the BSC module.
3) And the cloud service provider decides whether to execute the task, and if so, sends the IP address of the cloud service provider to the data processing requiring party.
4) The data processing demander selects a trusted cloud service provider. And the data processing requiring party and the trusted cloud service provider perform remote authentication and establish a communication channel.
5) The data processing demand party transmits the encrypted detailed information of the outsourcing task to be processed, the transaction serial number No, the secret key PK and the intelligent contract deployment address P through a communication channel Contract And sending the data to an enclave of a trusted cloud service provider for storage.
The data processing requiring party sets a transaction serial number No, an IP address of a trusted cloud service provider and a task contract deployment address P Contract And sending the message to an OMC module.
6) Enclave decapsulation to obtain information set < No, IP, PK, P Contreact >。
7) And decrypting and processing the detailed information of the outsourcing task to be processed by the enclave to obtain the processed outsourcing task information.
The enclave encrypts the processed outsourced task information.
The data signing module uses Pri encalve Signature sig= (PK (Res) task ),H(PK(Res task ) And) transmitting the encrypted outsourced task information to the blockchain platform.
8) The result analysis module of the OMC module determines whether the received processed outsourced task information is from a trusted cloud service provider and whether the processed outsourced task information is tampered. The result analysis module obtains final processed outsourcing task information PK (Res) by processing through a consensus algorithm task )。
9) The OMC module packages the final processed outsourced task information PK (Res task ) To the data processing requester.
The technical effect of the invention is undoubtedly that the invention provides a block chain-based outsourcing computing system in a safe and trusted execution environment. According to the method, on the blockchain platform, the semi-trusted CSP is used as a task processing node, so that the data outsourcing function is realized, and the calculation cost of a user is reduced. In order to fully automate the outsourcing process, intelligent contracts are introduced into the outsourcing scheme, so that manual intervention is effectively reduced, and the reliability of data is improved.
First, since CSP nodes are honest and curious, they will attempt to infer raw data that is used in performing a user's outsourcing tasks. In addition, the CSP node has the risk of falsifying the calculation result, and the authenticity of the whole outsourcing process is reduced. Thus, the original data is encrypted using a key prior to uploading, and is transferred in ciphertext form during transmission to the enclave of the designated CSP node. After the user and the enclave are authenticated, a secure channel is established, and secure transmission of the secret key is ensured. Both decryption and computation of data are performed in the enclave, so that malicious nodes have no opportunity to obtain the plaintext of the data.
Secondly, crosstalk may occur between CSP nodes, thereby affecting negotiation results. The blockchain platform is employed to agree on the results. From the perspective of PoW and other consensus mechanisms, 51% of computing power is required to complete control of the entire network. Thus, collusion becomes more difficult as the number of participating nodes increases. In reality, the cost of collusion is far higher than the profit cost, so that few nodes can select collusion, and the opportunity of the nodes to participate in collusion in outsourcing is greatly reduced.
Then, in the task processing stage, a method of replacing one server by a plurality of servers can ensure that the user source data is not destroyed. Because the source data of the data processing requester is directly transferred to the protected enclave area, i.e. hardware-based protection. When a single CSP node is attacked, the data of the enclave is effectively protected, meaning that the outside world cannot enter the enclave. After the outsourcing task is completed, the enclave automatically deletes all relevant data, including input source data and data generated in the middle, and the whole outsourcing process is not in a paralyzed link.
Finally, in order to ensure the inquireability of the outsourcing task and minimize human participation, the whole outsourcing process is transparent and fully automatic in a manner of combining with the intelligent contract in the outsourcing process, so that the transaction reliability and stability are improved, the operation is simplified, and the transaction efficiency is improved.
Drawings
FIG. 1 is a schematic diagram of a blockchain-based outsourcing computing method architecture in a secure execution environment;
FIG. 2 is a schematic diagram of the interior of a cloud server node;
FIG. 3 is a schematic diagram of an outsourcing method smart contract function;
FIG. 4 is a schematic diagram of an outsourcing task assignment flow for an outsourcing method;
FIG. 5 is a schematic diagram of an outsourcing task execution flow for an outsourcing method.
Detailed Description
The present invention is further described below with reference to examples, but it should not be construed that the scope of the above subject matter of the present invention is limited to the following examples. Various substitutions and alterations are made according to the ordinary skill and familiar means of the art without departing from the technical spirit of the invention, and all such substitutions and alterations are intended to be included in the scope of the invention.
Example 1:
referring to fig. 1-5, a blockchain-based outsourced computing system in a secure trusted execution environment includes a data processing requestor, a number of cloud service providers, and a blockchain platform.
And the data processing requirement transmits encrypted key information of the outsourcing task to be processed to the blockchain platform.
The data processing demand direction receives IP addresses sent by a plurality of cloud service providers, and selects a trusted cloud service provider from the cloud service providers.
And the data processing demand party establishes a communication channel with the trusted cloud service provider, and sends the encrypted detailed information of the to-be-processed outsourcing task to the trusted cloud service provider through the communication channel. The detailed information of the outsourcing task to be processed comprises an intelligent contract deployment address P Contract
And the data processing demand side receives the processed outsourcing task information fed back by the block chain platform and decrypts the processed outsourcing task information.
The data processing requester registers with the blockchain platform and obtains a public key and a private key distributed by the blockchain platform. The public key and the private key are used for encrypting key information of the outsourcing task to be processed and detailed information of the outsourcing task to be processed.
The cloud service provider is a blockchain consensus node.
The cloud service provider includes a host thread and an enclave.
The host thread is used for communicating with a data processing demander and a task broadcasting module.
And the host thread receives the key information of the task to be processed, which is broadcast by the task broadcasting module, and transmits the key information to the data sealing and unsealing module of the enclave.
And the host thread receives the detailed information of the outsourcing task to be processed, which is sent by the data processing demand party, and transmits the detailed information to the data sealing and unsealing module of the enclave.
The host thread sends the encrypted processed outsourced task information to a blockchain platform.
The host thread is also used to initialize the enclave.
And the host thread judges whether the conditions for executing the outsourcing task are met according to the key outsourcing task unpacking information, and if yes, the host thread sends the IP address to the data processing requiring party.
The enclave comprises an EVM module, an encryption and decryption operation module, a data sealing and unsealing module and a data signature module.
And the data sealing and unsealing module unseals the key information of the outsourcing task to be processed to obtain the key unsealing information of the outsourcing task.
And the data sealing and unsealing module unseals the detailed information of the outsourcing task to be processed to obtain the detailed unsealing information of the outsourcing task, and transmits the detailed unsealing information of the outsourcing task to the password operation module.
And the password operation module decrypts the outsourcing task detailed unpacking information to obtain outsourcing task detailed decryption information and transmits the outsourcing task detailed decryption information to the EVM module.
The cryptographic operation module receives and encrypts the processed outsourcing task information and transmits the encrypted processed outsourcing task information to the host thread.
And the password operation module encrypts the processed outsourcing task information and sends the encrypted outsourcing task information to the data signature module.
And the EVM module executes the outsourcing task according to the outsourcing task detailed decryption information, obtains processed outsourcing task information, and transmits the processed outsourcing task information to the password operation module.
The EVM module invokes the smart contract to process the data according to the received smart contract address.
The data signature module generates a signature sig= (PK (Res task ),H(PK(Res task ) And) transmitting the encrypted outsourced task information to the blockchain platform.
The enclave also includes an SGX remote authentication module.
The SGX remote authentication module is used for verifying a data processing requiring party and establishing a communication channel with the data processing requiring party with successful verification.
Blockchains are a decentralized, distributed ledger that consists of immutable data packets, also called "blocks". Each block is linked together to form a "blockchain". It is a technical solution to co-maintain a reliable database in a decentralised and untrusted way. It is most characterized by non-channeling modifications and traceability. That is, changes made to the database by one node or even multiple nodes in the blockchain do not affect the databases of other nodes. Each transaction in the blockchain is connected to two adjacent blocks in an encrypted manner, so that all records of each transaction can be traced back, thereby playing an effective role in protecting data maintenance. The intelligent contracts in the blockchain enable the transaction to be automatically carried out after the initial conditions are met, supervision of a third-party entity is not needed, safety and convenience of business activities are promoted, and the efficiency of processing the transaction by the blockchain is improved.
The blockchain platform comprises a BSC module and an OMC module.
The BSC module comprises a task broadcasting module.
The BSC module also comprises a service preset module.
The service preset module is used for charging a fee to a data processing requiring party of an outsourcing task to be processed so as to prevent DoS attack.
And the task broadcasting module receives the key information of the outsourcing task to be processed and broadcasts the key information to all the consensus nodes.
The OMC module comprises an information recording module and a result analysis module.
The OMC module also comprises a pre-storage and distribution module.
The OMC module pre-fetches the fees to the data demander and sends the fees to the trusted cloud service provider after the blockchain platform sends the processed outsourced task information to the data processing demander.
The OMC module further comprises a service query module.
The service inquiry module is used for checking whether the data processing demand party prepays fees and whether the trusted cloud service provider receives the fees.
The information recording module receives and stores the processed outsourcing task information.
The information recording module stores the IP address of the trusted cloud service provider selected by the data processing requiring party.
And the result analysis module judges whether the processed outsourcing task information is from a trusted cloud service provider selected by the data processing demand party or not, judges whether the outsourcing task information is tampered or not, and if the processed outsourcing task information is from the trusted cloud service provider and is not tampered, sends the processed outsourcing task information to the data processing demand party.
Example 2:
the method comprises the following steps of using the outsourcing computing system based on the blockchain in the safe and trusted execution environment:
1) And the data processing requirement transmits key information of the outsourcing task to be processed to the blockchain platform.
2) And broadcasting the key information of the outsourcing task to be processed to all cloud service providers by the BSC module.
3) And the cloud service provider decides whether to execute the task, and if so, sends the IP address of the cloud service provider to the data processing requiring party.
4) The data processing demander selects a trusted cloud service provider. And the data processing requiring party and the trusted cloud service provider perform remote authentication and establish a communication channel.
5) The data processing demand party transmits the encrypted detailed information of the outsourcing task to be processed, the transaction serial number No, the secret key PK and the intelligent contract deployment address P through a communication channel Contract And sending the data to an enclave of a trusted cloud service provider for storage. The intelligent contract is a program running on a blockchain, the program is directly deployed on the chain after being uplinked, when the intelligent contract is needed, the address of the intelligent contract is called, and the EVM module in the enclave is used for processing data, namely the intelligent contract is called according to the intelligent contract address.
The data processing requiring party sets the transaction serial number No, the IP address of the trusted cloud service provider and the task contract deployment addressP Contract And sending the message to an OMC module.
6) Enclave decapsulation to obtain information set < No, IP, PK, P Contreact >。
7) And decrypting and processing the detailed information of the outsourcing task to be processed by the enclave to obtain the processed outsourcing task information.
The enclave encrypts the processed outsourced task information.
The data signing module uses Pri encalve Signature sig= (PK (Res) task ),H(PK(Res task ) And) transmitting the encrypted outsourced task information to the blockchain platform. PK (Res) task ) Outsourcing task information for the processed. H (PK (Res) task )). H is a hash function.
8) The result analysis module of the OMC module determines whether the received processed outsourced task information is from a trusted cloud service provider and whether the processed outsourced task information is tampered. The result analysis module obtains final processed outsourcing task information PK (Res) by processing through a consensus algorithm task )。
9) The OMC module packages the final processed outsourced task information PK (Res task ) To the data processing requester.
Example 3:
a blockchain-based outsourcing computing system in a secure trusted execution environment comprises a data processing demander, a plurality of cloud service providers and a blockchain platform.
And the data processing requirement transmits encrypted key information of the outsourcing task to be processed to the blockchain platform.
The data processing demand direction receives IP addresses sent by a plurality of cloud service providers, and selects a trusted cloud service provider from the cloud service providers.
And the data processing demand party establishes a communication channel with the trusted cloud service provider, and sends the encrypted detailed information of the to-be-processed outsourcing task to the trusted cloud service provider through the communication channel.
And the data processing demand side receives the processed outsourcing task information fed back by the block chain platform and decrypts the processed outsourcing task information.
The data processing requester registers with the blockchain platform and obtains a public key and a private key distributed by the blockchain platform. The public key and the private key are used for encrypting key information of the outsourcing task to be processed and detailed information of the outsourcing task to be processed.
The cloud service provider is a blockchain consensus node.
The cloud service provider includes a host thread and an enclave.
The host thread is used for communicating with a data processing demander and a task broadcasting module.
And the host thread receives the key information of the task to be processed, which is broadcast by the task broadcasting module, and transmits the key information to the data sealing and unsealing module of the enclave.
And the host thread receives the detailed information of the outsourcing task to be processed, which is sent by the data processing demand party, and transmits the detailed information to the data sealing and unsealing module of the enclave.
The host thread sends the encrypted processed outsourced task information to a blockchain platform.
The host thread is also used to initialize the enclave.
And the host thread judges whether the conditions for executing the outsourcing task are met according to the key outsourcing task unpacking information, and if yes, the host thread sends the IP address to the data processing requiring party.
The enclave comprises an EVM module, an encryption and decryption operation module, a data sealing and unsealing module and a data signature module.
And the data sealing and unsealing module unseals the key information of the outsourcing task to be processed to obtain the key unsealing information of the outsourcing task.
And the data sealing and unsealing module unseals the detailed information of the outsourcing task to be processed to obtain the detailed unsealing information of the outsourcing task, and transmits the detailed unsealing information of the outsourcing task to the password operation module.
And the password operation module decrypts the outsourcing task detailed unpacking information to obtain outsourcing task detailed decryption information and transmits the outsourcing task detailed decryption information to the EVM module.
The cryptographic operation module receives and encrypts the processed outsourcing task information and transmits the encrypted processed outsourcing task information to the host thread.
And the password operation module encrypts the processed outsourcing task information and sends the encrypted outsourcing task information to the data signature module.
And the EVM module executes the outsourcing task according to the outsourcing task detailed decryption information, obtains processed outsourcing task information, and transmits the processed outsourcing task information to the password operation module.
The data signature module generates a signature sig= (PK (Res task ),H(PK(Res task ) And) transmitting the encrypted outsourced task information to the blockchain platform.
The enclave also includes an SGX remote authentication module.
The SGX remote authentication module is used for verifying a data processing requiring party and establishing a communication channel with the data processing requiring party with successful verification.
The blockchain platform comprises a BSC module and an OMC module.
The BSC module comprises a task broadcasting module.
The BSC module also comprises a service preset module.
The service preset module is used for charging a fee to a data processing requiring party of an outsourcing task to be processed so as to prevent DoS attack.
And the task broadcasting module receives the key information of the outsourcing task to be processed and broadcasts the key information to all the consensus nodes.
The OMC module comprises an information recording module and a result analysis module.
The OMC module also comprises a pre-storage and distribution module.
The OMC module pre-fetches the fees to the data demander and sends the fees to the trusted cloud service provider after the blockchain platform sends the processed outsourced task information to the data processing demander.
The OMC module further comprises a service query module.
The service inquiry module is used for checking whether the data processing demand party prepays fees and whether the trusted cloud service provider receives the fees.
The information recording module receives and stores the processed outsourcing task information.
The information recording module stores the credibility selected by the data processing requirement party
And the result analysis module judges whether the processed outsourcing task information is from a trusted cloud service provider selected by the data processing demand party or not, judges whether the outsourcing task information is tampered or not, and if the processed outsourcing task information is from the trusted cloud service provider and is not tampered, sends the processed outsourcing task information to the data processing demand party.
The method comprises the following steps of using the outsourcing computing system based on the blockchain in the safe and trusted execution environment:
1) And the data processing requirement transmits key information of the outsourcing task to be processed to the blockchain platform.
2) And broadcasting the key information of the outsourcing task to be processed to all cloud service providers by the BSC module.
3) And the cloud service provider decides whether to execute the task, and if so, sends the IP address of the cloud service provider to the data processing requiring party.
4) The data processing demander selects a trusted cloud service provider. And the data processing requiring party and the trusted cloud service provider perform remote authentication and establish a communication channel.
5) The data processing demand party transmits the encrypted detailed information of the outsourcing task to be processed, the transaction serial number No, the secret key PK and the intelligent contract deployment address P through a communication channel Contract And sending the data to an enclave of a trusted cloud service provider for storage.
The data processing requiring party sets a transaction serial number No, an IP address of a trusted cloud service provider and a task contract deployment address P Contract And sending the message to an OMC module.
6) Enclave decapsulation to obtain information set < No, IP, PK, P Contreact >。
7) And decrypting and processing the detailed information of the outsourcing task to be processed by the enclave to obtain the processed outsourcing task information.
The enclave encrypts the processed outsourced task information.
The data signing module uses Pri encalve Signature sig= (PK (Res) task ),H(PK(Res task ) And) transmitting the encrypted outsourced task information to the blockchain platform.
8) The result analysis module of the OMC module determines whether the received processed outsourced task information is from a trusted cloud service provider and whether the processed outsourced task information is tampered. The result analysis module obtains final processed outsourcing task information PK (Res) by processing through a consensus algorithm task )。
9) The OMC module packages the final processed outsourced task information PK (Res task ) To the data processing requester.
Example 4:
a block chain-based outsourcing computing system in a secure trusted execution environment comprises a data processing demander, a cloud service provider and a block chain platform. The data processing demander is an individual or company with a computing demand. They will provide the cloud with the source data to be processed and the corresponding processing tasks. In addition, it is assumed that the data provided by the data owner is indeed reliable. In practice, this assumption is also reasonable. After all, the user himself also pays some costs, such as some fees, for the whole outsourcing process. Cloud service providers provide cloud platforms and storage and computing capabilities. It acts as a consensus node in the blockchain, also known in the traditional sense as a mineworker. Because cloud service providers are curious, it has been proposed to combine with Intel's SGX to protect the secure operation of source data and handlers. The internal structure of the CSP is shown in FIG. 2. It can be seen that the CSP node is made up of two parts. One part is the host thread whose role is to initialize the entire enclave and communicate with the nodes on the chain, which is not trusted. The other part is composed of the enclave. It can be subdivided into five parts. And the SGX remote authentication module performs identity verification on the remote party and establishes a secure channel. The EVM module is used for running intelligent contract tasks of the processing program. The cryptographic operation module is used for decrypting source data from a data processing requester. At the same time, it encrypts the data result. The data sealing and unsealing module may securely store confidential data or externally read sealed data into the enclave. The cloud service provider forms a blockchain consensus node, and the data processing demander has a blockchain account number but does not participate in consensus and storage. Intelligent contracts on the blockchain help manage data outsourcing transactions, making the whole process fully automated and efficient.
Aiming at the problems, the data outsourcing calculation method based on the blockchain in the safe and feasible execution environment can be used for efficiently completing each data outsourcing processing under the premise of privacy protection, and transaction behaviors can be inquired. The method includes four important functional requirements, namely contract registration, outsourcing distribution, financial management and trusted environments, which are represented by a Broadcast Service Contract (BSC) and an Outsourcing Management Contract (OMC), respectively. Here, the design of these functional modules is shown in fig. 3.
The BSC, task broadcast module, receives and broadcasts task keyword keywords that convey the data consumers to CSP nodes, which enable the nodes to know what the data processing consumers want to outsource. The service preset module in the BSC is mainly used for charging a certain fee to the purchaser so as to prevent the DoS attack.
OMC, information recording module records information of CSP node selected by data processing demander. The pre-store and distribution module requires the data demander to prepay some fees to the CSP node after execution and to send the fees to the associated address (including the CSP node) based on the end result. The service query module checks its rewards for CSP nodes. The result analysis module analyzes the execution result, and the most obtained ticket is used as a final result.
Before the method is used, the process initialization is needed to be completed, and the method comprises the following steps:
at step 101, entities involved in transactions, including data demand cloud service providers, must register on the blockchain platform.
The trusted third party is also responsible for the authentication of the registered user and the distribution of the associated public and private keys, step 102.
Step 103, task contract deployment of data processing demander, and deployed contract address is P Contract
As shown in fig. 4, a flow chart of the present invention implementing a rational outsourcing distribution. At this stage, the CSP node needs to find the appropriate outsourcing tasks through the platform. In addition, the data processing demander needs to select CSP nodes to execute the data outsourcing task intelligence contract. We define this process as outsourcing allocation and figure 4 gives a more detailed description.
In step 201, the data processing requester expresses the outsourcing task in the form of a keyword and transmits the outsourcing task to the BSC in the form of a transaction. Meanwhile, in order to avoid that the data processing demander does not take the next action after sending the outsourcing keyword, a certain fee needs to be paid to the BSC.
Step 202, the outsource key is broadcast to all registered CSP nodes in the blockchain by the BSC.
And 203, the CSP node receiving the outsourcing key word decides whether to accept the outsourcing task according to the self condition. If so, the own IP address is sent to the data processing requester. The first n CSP nodes to complete step 203 will be selected by the data processing requester and perform steps 204 and 205.
Step 204, the data processing requester and the selected cloud service provider remotely authenticate and establish a secure communication channel for subsequent data transfer.
Step 205, the data processing requester passes No, PK, P through the secure channel Contract Into the enclave of the selected node, and the enclave securely uses the SGX seal method to handle < No, IP, PK, P Contract > stored outside the enclave.
Step 206, the data demander will No, IP address of selected CSP node, P Contract And some fees to send OMCs. Meanwhile, the pre-stored expense is divided into two parts: execution C task A CSP node reward, and a miners reward. The rewards are transferred to the corresponding addresses based on the final calculation.
As shown in fig. 5, is a flow chart of the contract execution of the present invention. After the preparation phase is completed, the CSP node can execute data processingP of the demander Contract . The method comprises the following steps:
in step 301, the data processing requester sends the encrypted raw data and the transaction sequence number No directly to the enclave via a secure channel. The enclave would then use the decapsulation method to obtain < No, IP, PK, P Contract >, use No to select corresponding PK and P Contract
In step 302, the encrypted original data is read into the enclave, decrypted by the PK, and then the EVM may process the original data using the task processing contract.
Step 303, pub encalve And the method is used for verifying whether the information sent by the CSP node is generated in the enclave and preventing the CSP node from forging the result information to obtain rewards. Enclave use Pri encalve Signature sig= (PK (Res task ),H(PK(Res task ) And then PK (Res) task ),H(PK(Res task ) And Sig to OMC.
The result analysis module in the omc determines whether the accepted information is from the selected node and tampered with, step 304. A consensus algorithm is then employed to determine the final result.
In step 305, the OMC will agree on the final PK (Res task ) To the data processing requester. The data processing requester uses its own private key mk to obtain Res task . At the same time, the corresponding rewards are delivered to the corresponding CSP nodes and miners.
Step 306, the packet information is less than No, IP Do ,IP Node ,P Contract > records are used on the blockchain for the necessary queries.

Claims (8)

1. The outsourcing computing system based on the blockchain in the safe and trusted execution environment is characterized in that: the system comprises a data processing requiring party, a plurality of cloud service providers and a blockchain platform;
the data processing requirement sends encrypted key information of the outsourcing task to be processed to a blockchain platform;
the data processing demand direction receives IP addresses sent by a plurality of cloud service providers, and selects a trusted cloud service provider from the cloud service providers;
the data processing demand side establishes a communication channel with the trusted cloud service provider, and sends the encrypted detailed information of the outsourcing task to be processed to the trusted cloud service provider through the communication channel;
the data processing demand side receives the processed outsourcing task information fed back by the block chain platform and decrypts the processed outsourcing task information;
the cloud service provider is a blockchain consensus node;
the cloud service provider comprises a host thread and an enclave;
the host thread is used for communicating with a data processing requiring party and a task broadcasting module;
the host thread receives the key information of the to-be-processed outsourced task broadcasted by the task broadcasting module and transmits the key information to the data sealing and unsealing module of the enclave;
the host thread receives the detailed information of the outsourcing task to be processed, which is sent by the data processing demand side, and transmits the detailed information to the data sealing and unsealing module of the enclave;
the host thread sends the encrypted processed outsourcing task information to a blockchain platform;
the host thread judges whether the conditions for executing the outsourcing task are met according to the key outsourcing task unpacking information, and if yes, the host thread sends an IP address to a data processing requiring party;
the enclave comprises an EVM module, an encryption and decryption operation module, a data sealing and unsealing module and a data signature module;
the data sealing and unsealing module unseals the key information of the outsourcing task to be processed to obtain the key unsealing information of the outsourcing task;
the data sealing and unsealing module unseals the detailed information of the outsourcing task to be processed to obtain the detailed unsealing information of the outsourcing task, and transmits the detailed unsealing information of the outsourcing task to the password operation module;
the password operation module decrypts the outsourcing task detailed unpacking information to obtain outsourcing task detailed decryption information and transmits the outsourcing task detailed decryption information to the EVM module;
the password operation module receives and encrypts the processed outsourcing task information and transmits the encrypted processed outsourcing task information to a host thread;
the password operation module encrypts the processed outsourcing task information and sends the encrypted task information to the data signature module;
the EVM module executes the outsourcing task according to the outsourcing task detailed decryption information to obtain processed outsourcing task information, and the processed outsourcing task information is transmitted to the password operation module;
the data signature module generates a signature sig= (PK (Res task ),H(PK(Res task ) And transmitting the encrypted outsourced task information to the blockchain platform;
the block chain platform comprises a BSC module and an OMC module;
the BSC module comprises a task broadcasting module;
the task broadcasting module receives the key information of the outsourcing task to be processed and broadcasts the key information to all the consensus nodes;
the OMC module comprises an information recording module and a result analysis module;
the information recording module receives and stores the processed outsourcing task information;
the information recording module stores the IP address of the trusted cloud service provider selected by the data processing requiring party;
and the result analysis module judges whether the processed outsourcing task information is from a trusted cloud service provider selected by the data processing demand party or not, judges whether the outsourcing task information is tampered or not, and if the processed outsourcing task information is from the trusted cloud service provider and is not tampered, sends the processed outsourcing task information to the data processing demand party.
2. The blockchain-based outsourcing computing system in a secure trusted execution environment of claim 1, wherein: the host thread is also used to initialize the enclave.
3. The blockchain-based outsourcing computing system in a secure trusted execution environment of claim 1, wherein: the data processing requiring party registers in the blockchain platform and obtains a public key and a private key distributed by the blockchain platform; the public key and the private key are used for encrypting key information of the outsourcing task to be processed and detailed information of the outsourcing task to be processed.
4. The blockchain-based outsourcing computing system in a secure trusted execution environment of claim 1, wherein: the enclave further comprises an SGX remote authentication module;
the SGX remote authentication module is used for verifying a data processing requiring party and establishing a communication channel with the data processing requiring party with successful verification.
5. The blockchain-based outsourcing computing system in a secure trusted execution environment of claim 1, wherein: the BSC module further comprises a service preset module;
the service preset module is used for charging a fee to a data processing requiring party of an outsourcing task to be processed so as to prevent DoS attack.
6. The blockchain-based outsourcing computing system in a secure trusted execution environment of claim 5, wherein: the OMC module also comprises a pre-storage and distribution module;
the OMC module pre-fetches the fees to the data demander and sends the fees to the trusted cloud service provider after the blockchain platform sends the processed outsourced task information to the data processing demander.
7. The blockchain-based outsourcing computing system in a secure trusted execution environment of claim 1, wherein: the OMC module also comprises a service inquiry module;
the service inquiry module is used for checking whether the data processing demand party prepays fees and whether the trusted cloud service provider receives the fees.
8. A method of using a blockchain-based outsourced computing system in a secure trusted execution environment as claimed in any one of claims 1 to 7, comprising the steps of:
1) The data processing requirement sends key information of an outsourcing task to be processed to a blockchain platform;
2) The BSC module broadcasts the key information of the outsourcing task to be processed to all cloud service providers;
3) The cloud service provider decides whether to execute a task, if yes, the cloud service provider sends an IP address of the cloud service provider to a data processing requiring party;
4) The data processing requiring party selects a trusted cloud service provider; the data processing demand side and the trusted cloud service provider perform remote authentication and establish a communication channel;
5) The data processing demand party transmits the encrypted detailed information of the outsourcing task to be processed, the transaction serial number No, the secret key PK and the intelligent contract deployment address P through a communication channel Contract Transmitting the data to an enclave of a trusted cloud service provider for storage;
the data processing requiring party sets a transaction serial number No, an IP address of a trusted cloud service provider and a task contract deployment address P Contract Sending to an OMC module;
6) Enclave decapsulation to obtain information set < No, IP, PK, P Contreact >;
7) Decrypting and processing the detailed information of the outsourcing task to be processed by the enclave to obtain processed outsourcing task information;
the enclave encrypts the processed outsourcing task information;
the data signing module uses Pri encalve Signature sig= (PK (Res) task ),H(PK(Res task ) And transmitting the encrypted outsourced task information to the blockchain platform;
8) The result analysis module of the OMC module determines whether the received processed outsourcing task information is from a trusted cloud service provider and whether the processed outsourcing task information is tampered; the result analysis module obtains final processed outsourcing task information PK (Res) by processing through a consensus algorithm task );
9) The OMC module packages the final processed outsourced task information PK (Res task ) To the data processing requester.
CN202110630295.0A 2021-06-07 2021-06-07 Block chain-based outsourcing computing system and method in safe and trusted execution environment Active CN113688394B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110630295.0A CN113688394B (en) 2021-06-07 2021-06-07 Block chain-based outsourcing computing system and method in safe and trusted execution environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110630295.0A CN113688394B (en) 2021-06-07 2021-06-07 Block chain-based outsourcing computing system and method in safe and trusted execution environment

Publications (2)

Publication Number Publication Date
CN113688394A CN113688394A (en) 2021-11-23
CN113688394B true CN113688394B (en) 2023-08-25

Family

ID=78576509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110630295.0A Active CN113688394B (en) 2021-06-07 2021-06-07 Block chain-based outsourcing computing system and method in safe and trusted execution environment

Country Status (1)

Country Link
CN (1) CN113688394B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109559124A (en) * 2018-12-17 2019-04-02 重庆大学 A kind of cloud data safety sharing method based on block chain
CN111047450A (en) * 2020-03-18 2020-04-21 支付宝(杭州)信息技术有限公司 Method and device for calculating down-link privacy of on-link data
CN111095256A (en) * 2019-04-26 2020-05-01 阿里巴巴集团控股有限公司 Securely executing intelligent contract operations in a trusted execution environment
CN111095899A (en) * 2019-04-26 2020-05-01 阿里巴巴集团控股有限公司 Distributed key management for trusted execution environments
CN111541785A (en) * 2020-07-08 2020-08-14 支付宝(杭州)信息技术有限公司 Block chain data processing method and device based on cloud computing
CN111932249A (en) * 2020-06-05 2020-11-13 成都链向科技有限公司 Data transaction ecosystem based on block chain

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10635471B2 (en) * 2015-05-15 2020-04-28 Joshua Paul Davis System and method for an autonomous entity

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109559124A (en) * 2018-12-17 2019-04-02 重庆大学 A kind of cloud data safety sharing method based on block chain
CN111095256A (en) * 2019-04-26 2020-05-01 阿里巴巴集团控股有限公司 Securely executing intelligent contract operations in a trusted execution environment
CN111095899A (en) * 2019-04-26 2020-05-01 阿里巴巴集团控股有限公司 Distributed key management for trusted execution environments
CN111047450A (en) * 2020-03-18 2020-04-21 支付宝(杭州)信息技术有限公司 Method and device for calculating down-link privacy of on-link data
CN111932249A (en) * 2020-06-05 2020-11-13 成都链向科技有限公司 Data transaction ecosystem based on block chain
CN111541785A (en) * 2020-07-08 2020-08-14 支付宝(杭州)信息技术有限公司 Block chain data processing method and device based on cloud computing

Also Published As

Publication number Publication date
CN113688394A (en) 2021-11-23

Similar Documents

Publication Publication Date Title
Da Xu et al. Embedding blockchain technology into IoT for security: A survey
EP4120114A1 (en) Data processing method and apparatus, smart device and storage medium
Li et al. EduRSS: A blockchain-based educational records secure storage and sharing scheme
Maroufi et al. On the convergence of blockchain and internet of things (iot) technologies
EP3811560B1 (en) Systems and methods for permissioned blockchain infrastructure with fine-grained access control and confidentiality-preserving publish/subscribe messaging
US20220182415A1 (en) Enforcing security parameters specified by an owner on a blockchain platform
US20190036895A1 (en) Data distribution over nodal elements
Kalapaaking et al. Blockchain-based federated learning with secure aggregation in trusted execution environment for internet-of-things
EP3070630A2 (en) Data system and method
CN112380578A (en) Edge computing framework based on block chain and trusted execution environment
CN109245894B (en) Distributed cloud storage system based on intelligent contracts
CN110096894B (en) Data anonymous sharing system and method based on block chain
CN113393225B (en) Digital currency encryption payment method and system
Wang et al. Decentralized data outsourcing auditing protocol based on blockchain
Recabarren et al. Tithonus: A bitcoin based censorship resilient system
Esther et al. Trustworthy cloud storage data protection based on blockchain technology
Liu et al. A privacy-preserving outsourcing computing scheme based on secure trusted environment
EP4036744A1 (en) Arrangement of blockchains with restricted transaction
Yang et al. Protecting personal sensitive data security in the cloud with blockchain
CN113688394B (en) Block chain-based outsourcing computing system and method in safe and trusted execution environment
KR20020083551A (en) Development and Operation Method of Multiagent Based Multipass User Authentication Systems
Wu et al. Verified CSAC-based CP-ABE access control of cloud storage in SWIM
CN112822152B (en) Directional information display processing method and related equipment
Jakhotia et al. Novel architecture for enabling proof of retrievability using AES algorithm
Li et al. BSA: Enhancing Attribute-Based Encryption in Cloud Computing with Decentralized Specification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant