CN112395631B - Secure database system, method and medium based on SGX technology - Google Patents

Abstract

The invention provides a security database system, a method and a medium based on an SGX technology, comprising the following steps: step M1: based on the SGX technology, a server side verifies that a client side is a credible remote entity through a remote authentication server, an authenticated communication channel is established between the server side and the client side, and the client side can safely transmit data to the server side; step M2: when the server does not accept the connection request or needs to close maintenance, the data of the client is migrated in a sealed mode through the SGX technology, and the database file is stored in a ciphertext mode. The invention can ensure the confidentiality of data storage, and the content in the data storage cannot be decrypted even if the database is stolen by a third party.

Description

Security database system, method and medium based on SGX technology

technical field

The present invention relates to the technical field of secure databases, in particular to a secure database system, method and medium based on SGX technology.

Background technique

When a request is sent to the database, after decrypting the content in the database, there is a period of high risk of being attacked. Therefore, a research direction is devoted to seeking operations such as querying without decrypting the contents of the database. The Cryptdb database is the product of this idea. The main difficulty faced by this idea is that the process of homomorphic encryption consumes more resources, thus limiting the application of some complex operations. MONOMI divides the query into two parts, which are executed by the client and the server. This idea is able to support 19 of the 22 TPC-H queries, while CryptDB can only handle 4, taking it one step further in this direction. Seabed proposed an additive symmetric homomorphic encryption scheme and a random encryption scheme to improve the efficiency of large-scale aggregation and prevent frequent attacks, and made improvements in security.

Another research direction is to preserve the process of decrypting data to resist attacks by exploiting the security of hardware. TDB, GantDB, GhostDB, TrustedDB and Cipherbase are all databases based on this idea. TDB utilizes a trusted processing environment to ensure security. However, its requirements for a trusted environment are too high, which makes it difficult to achieve satisfactory security. GantDB and GhostDB embed a small database into a secure smart card, with very limited memory footprint and weak processing units. The disadvantage is that the application scope is limited and can only be used in embedded environments. TrustedDB and Cipherbase use IBM Secure Coprocessor (SCPU) and trusted FPGA hardware as trusted execution environments, respectively. When encrypted data is involved in queries, the performance of TrustedDB and Cipherbase is limited by the capabilities of trusted hardware and the cost of communication when communicating with each other.

SGX is a hardware-level security technology developed by Intel. Its essence is to design a set of CPU instructions and use hardware to create a trusted security zone. The relevant data and instructions run in the security zone and are completely invisible to users at the operating system level. , any code placed in the enclave is enabled through dedicated instructions, and is built and loaded as a Windows Dynamic Link Library (DLL) file. This area is isolated from the operating system, virtual machine, and even lower-level components such as bios and privileged system code, thus preventing many hidden dangers; as shown in Figure 1.

SGX is a set of x86-64 ISA extensions that can set up a protected execution environment (called an enclave) without trusting the processor and anything the user places in its enclave, the enclave is protected by the processor , that is, the processor directly controls access to the memory of the secure area. Any instruction that attempts to read from or write to the memory of the running enclave from outside the enclave will fail. Enclave cache lines are encrypted and integrity protected before being written to RAM. This effectively prevents a large number of hardware-level attacks and restricts the hardware TCB to processor-only mode. A software TCB is just code that the user decides to run in its enclave, and can call code in the enclave from code in an untrusted zone through a mechanism similar to callgate, which transfers control to a custom entry point in the enclave; as shown in picture 2.

Intel SGX can provide protections in the following areas:

(1) The memory of the security area cannot be read or written from outside the security area, no matter what level of the current permission is, and what mode the CPU is in.

(2) The product security area cannot be debugged by software or hardware debugger

(3) The security zone environment cannot be entered through traditional function calls, transfers, registration operations or stack operations.

(4) The memory of the safe area is encrypted by the industry standard encryption algorithm with playback protection function. Accessing memory to connect a DRAM module to another system only results in encrypted data.

(5) The memory encryption key changes randomly with the power cycle. This key is stored in the CPU and not accessible.

In terms of multi-enclave communication, SGX technology enables one enclave locally to prove to another that it has a specific digest and is running on the same processor as each other. This mechanism can be used to establish an authenticated shared secret between local zones. In addition, SGX technology supports authenticated remote enclaves, which enables remote systems to cryptographically verify that specific software has been loaded in the enclave, and establish a shared key that allows each other to use an enclave-guided end-to-end encrypted channel .

With the help of Intel's SGX technology, through the hardware mode switching of the CPU, the system puts some resources into the trusted mode for execution, and only uses the necessary hardware to form a completely isolated privileged mode. After completing the identity authentication, the Enclave area is constructed. The specific implementation scheme is as follows :

(1) Load the virtual machine image to be run into the disk.

(2) Generate key credentials for encrypting application code and data. SGX technology provides a more advanced key encryption method. Key A brand new key generated under the key generation algorithm, which is used to encrypt the code and data of the application that needs to be loaded.

(3) First load the code and data of the application or image to be loaded into the SGX Loader to prepare for loading it into the Enclave.

(4) Dynamically apply to build an Enclave in Intel SGX trusted mode.

(5) Decrypt the program and data to be loaded in the form of EPC (Enclave Page Cache) through the key certificate first.

(6) Prove that the decrypted program and data are credible through the SGX instruction, load it into the Enclave, and then copy each EPC content loaded into the Enclave.

(7) Due to the use of hardware isolation, the confidentiality and integrity of the Enclave are further guaranteed, and it is ensured that there will be no conflict between different Enclaves and will not allow them to access each other.

(8) Start the Enclave initialization program, prohibit continuing to load and verify the EPC, generate the Enclave identity certificate, encrypt the certificate, and store it in the TCS of the Enclave as the Enclave mark to restore and verify its identity.

(9) The isolation of SGX is completed, and the mirror program in the hardware-isolated Enclave starts to execute, and the construction of hardware isolation based on SGX technology is completed.

Patent document CN109150517A (application number: 201811029803.4) discloses a key security management system and method based on SGX, including a client and a key management server, and based on SGX technology, the two-way authentication between the client and the key management server is performed to ensure Both parties store and process keys under the conditions of safe and reliable operating environment and data, and key storage, management, encryption and decryption processing are all carried out in the enclave memory area, which can effectively resist memory attacks and ensure the key It further improves the flexibility and effectiveness of key management for multiple clients and enhances the protection strength of keys by configuring key hierarchical management policies and key access control policies.

SUMMARY OF THE INVENTION

In view of the defects in the prior art, the purpose of the present invention is to provide a security database method, system and medium based on SGX technology.

A kind of security database method based on SGX technology provided according to the present invention, comprises:

Step M1: Based on the SGX technology, the server verifies that the client is a trusted remote entity through the remote authentication server, establishes an authenticated communication channel between the server and the client, and the client can securely transmit data to the server;

Step M2: When the server does not accept the connection request or needs to be closed for maintenance, the data of the client is sealed and migrated through SGX technology, and the database file is stored in the form of cipher text.

Preferably, the step M1 includes:

Step M1.1: The client sends its own SGX information digest and the generated unique asymmetric key to the remote authentication server;

Step M1.2: The remote authentication server backs up the received information, makes a judgment on security, and feeds it back to the client;

Step M1.3: The client sends its own hardware information to the server, requesting to initiate a connection;

Step M1.4: the server forwards the received hardware information of the client to the remote authentication server to verify the identity of the client;

Step M1.5: the remote authentication server compares the received information with the stored backup information, determines whether it is credible, and sends feedback to the server;

Step M1.6: After receiving the authentication from the remote authentication server, the server accepts the request of the client and establishes a connection.

Preferably, the step M2 includes: encrypting the data of the client database, and writing the data to an untrusted area for storage without revealing the database data; reading back and decrypting the data when the security area is opened again .

Preferably, the encrypting the data of the client database includes: the encryption key is deduced in the security zone according to software and hardware information.

A kind of security database system based on SGX technology provided according to the present invention, comprises:

Module M1: Based on SGX technology, the server verifies that the client is a trusted remote entity through the remote authentication server, establishes an authenticated communication channel between the server and the client, and the client can securely transmit data to the server;

Module M2: When the server does not accept the connection request or needs to be closed for maintenance, the data of the client is sealed and migrated through SGX technology, and the database file is stored in the form of cipher text.

Preferably, the module M1 includes:

Module M1.1: The client sends its own SGX information digest and the generated unique asymmetric key to the remote authentication server;

Module M1.2: The remote authentication server backs up the received information and judges the security, and feeds it back to the client;

Module M1.3: The client sends its own hardware information to the server and requests to initiate a connection;

Module M1.4: The server forwards the received hardware information of the client to the remote authentication server to verify the identity of the client;

Module M1.5: The remote authentication server compares the received information with the stored backup information, judges whether it is credible, and sends feedback to the server;

Module M1.6: After the server receives the authentication from the remote authentication server, it accepts the client's request and establishes a connection.

Preferably, the module M2 includes: encrypting the data of the client database, and writing the data to an untrusted area for storage without revealing the database data; reading back and decrypting the data when the security area is opened again .

Preferably, the encrypting the data of the client database includes: the encryption key is deduced in the security zone according to software and hardware information.

According to a computer-readable storage medium storing a computer program provided by the present invention, when the computer program is executed by a processor, the steps of any one of the methods described above are implemented.

Compared with the prior art, the present invention has the following beneficial effects:

1. Communication security: The present invention sends a request to the database server to obtain data by simulating application software. In the process, the packet capture tool is used to monitor the whole process, and its confidentiality is tested in different links. From the packet capture results, all transmission processes are in ciphertext, so the security of the communication process can be guaranteed. In this test, by filtering the SSL protocol, the process of establishing SSL during communication can be accurately captured. You can see to this work does use encrypted communications;

2. Memory security: Use the reverse tool EDB under Linux to dynamically debug the process of querying the database with ordinary SQLite, and you can see the information in the database in the stack, including query operations and query results. For the SQLite database protected by SGX security, we can only see the content outside the security zone, and the keys, instructions, and query results in the security zone are difficult to crack after encryption;

3. Storage security: Compared with ordinary databases, secure SQLite databases can well prevent the most common dragging attacks. When the database access ends and the Enclave area is to be reclaimed by the system, the system encrypts all database information with a hardware key, seals it to the local disk, and clears all data and records in the Enclave. The database encryption key stored locally is only valid locally, so it can effectively resist remote attacks. The sealed data can be decrypted and read only when the Enclave area is opened again. At this time, the content in the database is placed under the protection of the Enclave again and is invisible to the outside world. In this way, the confidentiality of data storage can be ensured, even if the database is stolen by a third party, its contents cannot be decrypted.

Description of drawings

Other features, objects and advantages of the present invention will become more apparent by reading the detailed description of non-limiting embodiments with reference to the following drawings:

Figure 1 shows the attack level of whether to use Intel SGX technology;

Figure 2 is the virtual memory space of the safe area;

Figure 3 is the overall framework of the system;

Figure 4 is a schematic diagram of remote authentication;

Figure 5 is a schematic diagram of seal migration.

Detailed ways

The present invention will be described in detail below with reference to specific embodiments. The following examples will help those skilled in the art to further understand the present invention, but do not limit the present invention in any form. It should be noted that, for those skilled in the art, several changes and improvements can be made without departing from the inventive concept. These all belong to the protection scope of the present invention.

Example 1

A kind of security database method based on SGX technology provided according to the present invention, comprises:

Step M1: Based on the SGX technology, the server verifies that the client is a trusted remote entity through the remote authentication server, establishes an authenticated communication channel between the server and the client, and the client can securely transmit data to the server;

Step M2: When the server does not accept the connection request or needs to be closed for maintenance, the data of the client is sealed and migrated through SGX technology, and the database file is stored in the form of cipher text.

Specifically, the step M1 includes:

Step M1.1: The client sends its own SGX information digest and the generated unique asymmetric key to the remote authentication server;

Step M1.2: The remote authentication server backs up the received information, makes a judgment on security, and feeds it back to the client;

Step M1.3: The client sends its own hardware information to the server, requesting to initiate a connection;

Step M1.4: the server forwards the received hardware information of the client to the remote authentication server to verify the identity of the client;

Step M1.5: the remote authentication server compares the received information with the stored backup information, determines whether it is credible, and sends feedback to the server;

Step M1.6: After receiving the authentication from the remote authentication server, the server accepts the request of the client and establishes a connection.

Specifically, the step M2 includes: encrypting the data of the client database, and writing the data to an untrusted area for storage without revealing the database data; reading back and decrypting the data when the security area is opened again .

Specifically, the encrypting the data of the client database includes: the encryption key is deduced in the security zone according to software and hardware information.

A security database system based on SGX technology provided according to the present invention, as shown in Figures 1-5, includes:

Module M1: Based on SGX technology, the server verifies that the client is a trusted remote entity through the remote authentication server, establishes an authenticated communication channel between the server and the client, and the client can securely transmit data to the server;

Module M2: When the server does not accept the connection request or needs to be closed for maintenance, the data of the client is sealed and migrated through SGX technology, and the database file is stored in the form of cipher text.

Specifically, the module M1 includes:

Module M1.1: The client sends its own SGX information digest and the generated unique asymmetric key to the remote authentication server;

Module M1.2: The remote authentication server backs up the received information and judges the security, and feeds it back to the client;

Module M1.3: The client sends its own hardware information to the server and requests to initiate a connection;

Module M1.4: The server forwards the received hardware information of the client to the remote authentication server to verify the identity of the client;

Module M1.5: The remote authentication server compares the received information with the stored backup information, judges whether it is credible, and sends feedback to the server;

Module M1.6: After the server receives the authentication from the remote authentication server, it accepts the client's request and establishes a connection.

Specifically, the module M2 includes: encrypting the data of the client database, and writing the data to an untrusted area for storage without revealing the database data; reading back and decrypting the data when the security area is opened again .

Specifically, the encrypting the data of the client database includes: the encryption key is deduced in the security zone according to software and hardware information.

According to a computer-readable storage medium storing a computer program provided by the present invention, when the computer program is executed by a processor, the steps of any one of the methods described above are implemented.

Example 2

Example 2 is a modification of Example 1

The technical problem to be solved by the present invention is the security problem in the query process of the traditional database.

The data processing system decrypts sensitive data in memory during query processing, making this link a weak link in data protection. Based on this idea, the database faces some non-traditional threats: for example, when the database runs in an untrusted host, the memory space becomes untrusted; when the operating system or hypervisor is attacked, the attacker can bypass the database The management system itself protects sensitive data; when encountering malicious administrators, the attacker has the authority to operate the database and can obtain and tamper with the data at will. The common point of the above three is that the database data and operations are carried out in an environment that is not credible enough. Once the system level is attacked, the security cannot be guaranteed. Since the operating system is in the database system, it interacts with the DBMS and assists in the control and management of the database, so how to maintain the security of the important data in the database in a malicious environment has become a valuable research direction.

The security database based on SGX technology proposed in this paper aims to use hardware-based trusted computing technology. Its essence is to design a set of CPU instructions, and use hardware to create a trusted security zone. It is completely invisible to users at the operating system level, providing security protection for the operation of the database in an untrusted environment.

As shown in Figure 3, the SGX programming needs to re-divide the software architecture of the database server, and the entire software needs to be divided into two logical parts: a trusted part and an untrusted part. The trusted part is used to perform operations such as remote connection, database initialization, SQL statement execution, database shutdown, and database seal migration; the untrusted part is responsible for the rest that do not involve sensitive operations. The code segment and data segment of the trusted part are located in the EPC and are protected by SGX, while the code segment and data segment of the untrusted part are located in regular unencrypted memory.

The basic idea of the system is to put key modules related to database operations (remote connection, database creation and insertion, query, etc.) into a secure and isolated Enclave and bind related data encryption keys and other private data to the Enclave-related hardware. Enclave-based operations are absolutely safe. Even if the system is maliciously attacked or tampered with, the operations in the above-mentioned security zone can be safely isolated and private information such as keys can be prevented from being stolen.

The specific implementation modules are:

SGX-based remote authentication

Before establishing a connection between the client and the server-side database, both parties should confirm that the other party's platform is reliable. Although the communication channel between the client and server may be encrypted, there is no guarantee that the client is free from malware. If these vulnerabilities exist, there is a potential risk in handing over sensitive data to the client for processing. Therefore, it is not only necessary to ensure confidentiality on the server side, but also to increase the level of trust on the client side.

Using the remote authentication process, the client enclave can authenticate a trusted remote entity and establish an authenticated communication channel with that entity. As part of the authentication, the client's enclave proves: it's identity; it hasn't been tampered with; it's running on a genuine platform with Intel SGX enabled. At this point, the remote server can safely transmit data to the server. The process is shown in Figure 4.

Data Seal Migration

As shown in Figure 5, sealed migration refers to encrypting database data so that the data can be written to an untrusted area for storage without revealing its contents. The data can be read back and decrypted when the secure area is opened again. In order to ensure the uniqueness of the key, the encryption key here is deduced on demand inside the security zone and will not be exposed outside the security zone.

The sealed migration is mainly used to save static data. When the server has no connection request or needs to be closed for maintenance, the database file is migrated from memory to disk through SGX data sealed migration and stored in ciphertext. Since the key is jointly generated by software and hardware, it is difficult for external attackers to obtain it. Even if the stored hard disk information is stolen, it cannot be decrypted, thus effectively preventing the risk of dragging the library.

Those skilled in the art know that, in addition to implementing the system, device and each module provided by the present invention in the form of pure computer readable program code, the system, device and each module provided by the present invention can be completely implemented by logically programming the method steps. The same program is implemented in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, and embedded microcontrollers, among others. Therefore, the system, device and each module provided by the present invention can be regarded as a kind of hardware component, and the modules used for realizing various programs included in it can also be regarded as the structure in the hardware component; A module for realizing various functions can be regarded as either a software program for realizing a method or a structure within a hardware component.

Specific embodiments of the present invention have been described above. It should be understood that the present invention is not limited to the above-mentioned specific embodiments, and those skilled in the art can make various changes or modifications within the scope of the claims, which do not affect the essential content of the present invention. The embodiments of the present application and features in the embodiments may be combined with each other arbitrarily, provided that there is no conflict.

Claims (5)

1. a security database method based on SGX technology, is characterized in that, comprises: based on CPU instruction, utilize hardware to create a trusted security zone, relevant data and instruction run in the security zone, completely invisible to the user of operating system level ; The SGX programming needs to re-divide the software architecture of the database server, including the trusted part and the untrusted part; the trusted part includes remote connection, database initialization, SQL statement execution, database shutdown and database seal migration; the The code segment and data segment of the trusted part are located in the EPC and are protected by SGX; Step M1: Based on the SGX technology, the server verifies that the client is a trusted remote entity through the remote authentication server, establishes an authenticated communication channel between the server and the client, and the client can securely transmit data to the server; Step M2: When the server does not accept the connection request or needs to be closed for maintenance, the client's data is sealed and migrated through SGX technology, and the database file is stored in ciphertext; The step M1 includes: Step M1.1: The client sends its own SGX information digest and the generated unique asymmetric key to the remote authentication server; Step M1.2: The remote authentication server backs up the received information, makes a judgment on security, and feeds it back to the client; Step M1.3: The client sends its own hardware information to the server, requesting to initiate a connection; Step M1.4: the server forwards the received hardware information of the client to the remote authentication server to verify the identity of the client; Step M1.5: the remote authentication server compares the received information with the stored backup information, determines whether it is credible, and sends feedback to the server; Step M1.6: After the server receives the authentication from the remote authentication server, it accepts the client's request and establishes a connection; The step M2 includes: encrypting the data of the client database, and writing the data to an untrusted area for storage without revealing the database data; reading back and decrypting the data when the safe area is opened again; During the communication process, use the packet capture tool to monitor the communication process, and test confidentiality in different links; check from the packet capture results that all transmission processes are encrypted to ensure the security of the communication process, and filter the SSL protocol during the test. method to accurately capture the process of SSL establishment during communication; When the database access is over and the Enclave area is to be reclaimed by the system, the system will encrypt all database information with the hardware key, seal it and store it to the local disk, and at the same time clear all data and records in the Enclave; the database encryption key stored locally It is only valid on the local machine, so it can effectively resist remote attacks; the sealed data can only be decrypted and read when the Enclave area is opened again. At this time, the content in the database is placed under the protection of the Enclave again and is invisible to the outside world. 2. The secure database method based on SGX technology according to claim 1, wherein said encrypting the data of the client database comprises: the encryption key is deduced from the inside of the security zone according to software and hardware information. 3. a security database system based on SGX technology, is characterized in that, comprises: Based on CPU instructions, use hardware to create a trusted security zone, and relevant data and instructions run in the security zone, which is completely invisible to users at the operating system level; The SGX programming needs to re-divide the software architecture of the database server, including the trusted part and the untrusted part; the trusted part includes remote connection, database initialization, SQL statement execution, database shutdown and database seal migration; the The code segment and data segment of the trusted part are located in the EPC and are protected by SGX; Module M1: Based on SGX technology, the server verifies that the client is a trusted remote entity through the remote authentication server, establishes an authenticated communication channel between the server and the client, and the client can securely transmit data to the server; Module M2: When the server does not accept the connection request or needs to be closed for maintenance, the client's data is sealed and migrated through SGX technology, and the database file is stored in ciphertext; The module M1 includes: Module M1.1: The client sends its own SGX information digest and the generated unique asymmetric key to the remote authentication server; Module M1.2: The remote authentication server backs up the received information and judges the security, and feeds it back to the client; Module M1.3: The client sends its own hardware information to the server and requests to initiate a connection; Module M1.4: The server forwards the received hardware information of the client to the remote authentication server to verify the identity of the client; Module M1.5: The remote authentication server compares the received information with the stored backup information, judges whether it is credible, and sends feedback to the server; Module M1.6: After the server receives the authentication from the remote authentication server, it accepts the client's request and establishes a connection; The module M2 includes: encrypting the data of the client database, and writing the data to an untrusted area for storage without revealing the database data; reading back and decrypting the data when the safe area is opened again; During the communication process, use the packet capture tool to monitor the communication process, and test confidentiality in different links; check from the packet capture results that all transmission processes are encrypted to ensure the security of the communication process, and filter the SSL protocol during the test. method to accurately capture the process of SSL establishment during communication; When the database access is over and the Enclave area is to be reclaimed by the system, the system will encrypt all database information with the hardware key, seal it and store it to the local disk, and at the same time clear all data and records in the Enclave; the database encryption key stored locally It is only valid on the local machine, so it can effectively resist remote attacks; the sealed data can only be decrypted and read when the Enclave area is opened again. At this time, the content in the database is placed under the protection of the Enclave again and is invisible to the outside world. 4 . The secure database system based on SGX technology according to claim 3 , wherein the encrypting the data of the client database comprises: the encryption key is deduced according to software and hardware information inside the security zone. 5 . 5. A computer-readable storage medium storing a computer program, wherein when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 2 are implemented.

Images