Collaborative Research: SaTC: CORE: Medium: Hybridizing Trusted Execution Environments and Secure Multiparty Computation

协作研究：SaTC：核心：中：混合可信执行环境和安全多方计算

• 批准号: 2112726
• 负责人: Andrew Miller
• 金额: $ 50万
• 依托单位: University of Illinois at Urbana-Champaign
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2112726&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

As sensitive digital information proliferates and concerns grow about its improper use by enterprises and governments, two major technical approaches have arisen to address the challenges of secure computation. Trusted execution environments (TEEs) and secure multiparty computation (MPC) both aim to make computation trustworthy in two senses: They ensure the integrity, i.e., correctness, of the computation, and they provide confidentiality for the data over which they compute. The two approaches differ starkly, however, in their security models and performance. TEEs rely on the properties of hardware for their security assurance. They offer high performance, in some cases close to native CPU speeds, but have proven vulnerable to a number of serious side-channel attacks. Conversely, MPC relies on a committee of cooperating nodes, with strong cryptographic security guarantees given an honest quorum. Its performance, however, is inadequate for regular use with conventional applications. The novelty of this project is to provide a general exploration of secure protocol design through a synthesis of TEEs and MPC that takes advantage of their respective strengths and weaknesses. The impacts of this project will include the design of new protocols that can be used in corporate and government use of sensitive consumer data, while mitigating the risk of data breaches or policy violations. It will also advance the usefulness of TEE-based computing which has been an industry recognized need.Mathematically modelling and devising principled, empirically grounded protocol designs for a combination of TEEs and MPC poses a range of technical research challenges. This project starts from a new protocol framework, ``Knights and Knaves'' (KN framework), that applies TEEs so as to limit the impact of TEE compromise and leverage MPC to achieve stronger systemic security. This project will explore techniques for rapid detection and broad notification of TEE compromise, constraining the impact of such compromise in relying applications, and enabling failover where needed to MPC. It will also explore ways that TEEs can conversely harden and improve the performance of MPC deployments. Finally, the project considers ways to scale the KN framework through the classic technique of sharding, with new techniques for concealing shard boundaries. The project builds on investigators’ prior experience in the Universal Composability (UC) framework as a basis for rigorous security modeling, and additionally uses a decentralized identity platform called CanDID as a testbed.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着敏感数字信息的激增以及企业和政府对其不当使用的担忧日益增加，出现了两种主要的技术方法来解决安全计算的挑战。可信执行环境（TEE）和安全多方计算（MPC）都旨在使计算在两个意义上可信：它们确保完整性，即，计算的正确性，并且它们为它们计算的数据提供机密性。然而，这两种方法在安全模型和性能方面截然不同。TEE依赖于硬件的属性来保证其安全性。它们提供高性能，在某些情况下接近本机CPU速度，但已被证明容易受到许多严重的侧信道攻击。相反，MPC依赖于一个由合作节点组成的委员会，在给定一个诚实的法定人数的情况下，具有强大的加密安全保证。然而，其性能不足以与常规应用一起常规使用。该项目的新奇在于通过综合利用TEE和MPC各自的优点和缺点，对安全协议设计进行了全面的探索。该项目的影响将包括设计可用于企业和政府使用敏感消费者数据的新协议，同时降低数据泄露或违反政策的风险。它还将推进基于TEE的计算的实用性，这是一个行业公认的need.Mathematically建模和设计原则，经验接地协议设计的组合TEE和MPC提出了一系列的技术研究挑战。该项目从一个新的协议框架“Knights and Knaves”（KN框架）开始，该框架应用TEE以限制TEE妥协的影响，并利用MPC实现更强的系统安全性。该项目将探索用于快速检测和广泛通知TEE危害的技术，限制此类危害在依赖应用程序中的影响，并在需要时实现故障转移到MPC。它还将探索TEE可以反过来加强和提高MPC部署性能的方法。最后，该项目考虑通过经典的分片技术扩展KN框架的方法，并使用隐藏分片边界的新技术。该项目基于研究人员在通用可组合性（UC）框架方面的经验，作为严格安全建模的基础，并使用名为CanDID的分散式身份平台作为测试平台。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

SGXonerated: Finding (and Partially Fixing) Privacy Flaws in TEE-based Smart Contract Platforms Without Breaking the TEE

SGXonerated：在不破坏 TEE 的情况下查找（并部分修复）基于 TEE 的智能合约平台中的隐私缺陷

• DOI: 10.56553/popets-2024-0035
• 发表时间: 2024
• 期刊: Proceedings on Privacy Enhancing Technologies
• 作者: Jean-Louis, Nerla;Li, Yunqi;Ji, Yan;Malvai, Harjasleen;Yurek, Thomas;Bellemare, Sylvain;Miller, Andrew
• 通讯作者: Miller, Andrew