*The challenge: How can we guarantee security on decentralized and distributed networks?
Blockchain-based applications and computing are not owned or controlled by one specific entity but rather powered by a distributed network of multiple machines or ‘nodes’. The distributed nature of decentralized cloud computing networks present a challenge to guarantee security as any root privilege user may easily inspect the sensitive data and tamper with the application running on the decentralized host. For traditional centralized cloud computing providers, it is easier to employ existing security mechanisms protect the involved application.
For decentralized blockchain-based clouds, a silicon-based security solution, called ‘Intel SGX’, is the only efficient solution to protect users and applications involved in Blockchain-based decentralized computing.
Intel SGX (Intel Software Guard Extensions), is a set of CPU instruction codes that enable the execution of select pieces code and data in protected areas called enclaves. Basically, while you have an application running on a host machine, SGX enclaves essentially act as a bubble, isolating and protecting the application from the host machine, in this way, even the root privilege administrator of the host machine is not able to penetrate this bubble to access and tamper with the application.
“What makes Intel SGX compelling is that it provides a hardware trusted execution environment (TEE), allowing better protections for data in-use, at-rest and in-transit, built-in CPU instructions and platform enhancements provide cryptographic assertions for the code that is permitted to access the data. If the code is altered or tampered, then access is denied and the environment disabled.”
— Rick Echevarria, Vice president of Intel’s Software and Services Group.
1. The iExec E2E SGX solution
iExec is pioneering the building of a blockchain-enabled decentralized and distributed cloud network. They have now provided the first ever full and end-to-end solution integrating SGX for the blockchain-based cloud. Some of our initial work with intel SGX can be read in this blogpost and is covered in this video presentation. iExec presented the first phase of work on SGX in March 2018 at the IBM Think Conference in Las Vegas and co-presented alongside Intel in May 2018 at Consensus in New York.. This first phase focused on the protection of the secrets built in decentralized applications: although the applications runs on decentralized nodes, the involved sensitive data cannot be inspected or altered with by malicious attackers on the network. However the first stage of work was based on some sophisticated (raw) frameworks and the functionality of the solution was limited to only protect native secrets of the application, furthermore the solution could be complicated for app developers and users, especially for those who are not in the field of IT and computing.
iExec has to continued to make significant contributions, working diligently with our partners, to push forward a powerful and user-friendly end-to-endSGX solution. This solution is intended to be used as an industry reference to enhance the overall security of decentralized cloud computing. This new SGX solution, combined with Blockchain, allows for unmatched level of trust for Decentralized Applications (Dapps) and execution/data processing on decentralized nodes. The iExec approach specifically allows Blockchain to work with SGX in order to:
Protect the DApp and provide full data protection that cannot be accessed by the execution host, especially for user’s input and output data.
Guarantee the integration of the Dapp/Data, making sure the correct and expected DApp or Data is running on the decentralized node.
Provide blockchain-based validation for off-chain computing, verifying that the Dapp is correctly executed in an enclave and is neither tampered nor interrupted by the decentralized node. A smart-contract signature is signed inside this secure enclave before the verification is done by the blockchain network.
Make sure the execution and DApp result is valid, neither copied, nor fabricated by malicious decentralized node.
Protect the end-to-end privacy of DApp result, which can never be inspected by anyone else but the user.
A friendly-user interface: significant simplification for users to encrypt/decrypt the input/output data and trigger the SGX application execution.
Easy usability is a key element of User Experience; with the new iExec E2E SGX solution, user only needs 3 simple steps to run an E2E SGX application and to provide a full protection of user’s input and output data.
Let’s think about a typical SGX application, say for example a FinTech application. The application is fed by some user input data which contains some user’s personal and sensitive secrets (e.g. bank account information, personal privacy, etc…), the output results of the application also contain some sensitive data and are only intended to user who triggers the application. The input data and the output results need to be strictly protected during the whole procedure. The non-encrypted sensitive data never leaves user local scope or high-secured trusted execution environment: SXG enclave. Here is a generic description of the 3 simple steps of iExec’s SGX solution.
Step 1: User only needs to run one simple command which allows to automatically:
Encrypt user’s input data
Push the encrypted data to a remote file system (i.e. the remote file system can be any public file sharing service and end user is free to choose his/her preferred one, please note that this service is not provided by iExec)
Update related session data (i.e. each user’s triggering of the application is a session) to a SGX based secret management service. Secret management service can be deployed in a flexible way: it can be at user’s side, or scheduler’s side (i.e. SGX workpool).
Step 2: User triggers the target application via simple clicks from the iExec Dapp store and marketplace via a user-friendly UI interface.
Once the target application is triggered at remote SGX decentralized node, the application will firstly automatically pull the encrypted user input data from remote file system (i.e. pushed in step 1); retrieve the secret key via secured SGX provision channel, which is then used to decrypt the user input data, the decryption is done only inside the high-secured trusted environment — SGX enclave; the decrypted data can then be used to feed the application execution, as soon as the application result is available, a signature is preceded based on the private key protected inside the SGX enclave, which cannot be inspected by the outside world. The application result is finally encrypted and then the iExec’s verification procedure (i.e. Proof of Contribution) is triggered. Everything is securely happened inside the Intel SGX enclave ensured by Intel hardware CPU and no secret is able to revealed to the outside world.
The signature is finally transferred to on-chain network and verified by on-chain smart contract via the registered corresponding public key. If the signature verification passes and application result’s trust level achieves a given threshold. The user will be informed to download the encrypted result.
The whole procedure is done automatically in a high secure way, and this procedure is triggered by only some simple clicks from user via the friendly UI interface.
Step 3: User can download the encrypted result package, and user can just run one simple command to decrypt the result. Please note that only the user who triggers the task (i.e. SGX application) is able to download the encrypted result, and only the user owns the key to decrypt the application result.
Please note that the procedure is platform independent, and therefore is compatible with different operating systems: Windows, Linux, Mac OS.
In the near future, we will further simplify user’s procedure — all the three steps will be integrated into one simple step, and can be done by several simple clicks from user via user friendly user interface — https://market.iex.ec/.
*2. The iExec Solution is SGX Vendor Agnostic
The iExec platform is open to different SGX solution vendors. Specifically, iExec has been collaborating with SCONE and Fortanix to integrate their SGX frameworks into iExec’s E2E SGX solution. We are also in the phase of evaluating Intel’s PDO framework. In the future, we will also consider the SGX framework of Graphene/Graphene-ng. All the mainstream SGX solutions will be 100% compatible with iExec’s platform, and we will leave iExec Dapp developers and users to freely choose their preferred SGX frameworks. Our object is to promote the emergence of an ecosystem which provides trusted execution for Blockchain based computing, and these trusted service can be monetized via iExec’s marketplace.
3. iExec Contributions towards Industry Standardization
iExec are pioneers in the field of blockchain-based Trust Computing, and is very active in leading and pushing forward the industrial standardization for in this context for Blockchain technology.
iExec is very active in EEA (Enterprise Ethereum Alliance): iExec is chairing the Trusted Compute Work Group, and keeps contributing and pushing forward the EEA specifications, especially the Off-chain Trusted Compute Specification which is to be publicly released soon.
iExec is active in IEEE as well. iExec is member of IEEE P2418, and is involved in IEEE standard project on DLT-based Federated Identity, Credential and Trust Management. iExec leads the standardization work in several Blockchain based domains, especially the security and TEE (Trusted Execution Environment)
iExec is collaborating with hardware trusted execution vendors to move forward this hardware based security solution (SGX) to be fully standard-compliant, stay tuned for the coming updates during Devcon4.
iExec is also collaborating with our partners to move forward the standardization for Blockchain based Fog Computing in the context of OpenFog consortium. Some result of the first stage collaboration with our partners on Fog Computing will be released soon, please stay tuned in the following days.