User Private Key Protection Scheme Based On Sgx And Obfuscation Technology In Cloud Environment

With the increasing maturity of cloud computing technology,cloud storage services with advantages such as high scalability and high reliability are becoming more and more popular.However,the fuzzy virtualization boundary and vulnerable public platforms make it difficult for users to ensure the security of their data.The user's data is stored in the cloud after being encrypted,and the encryption key is encrypted by the semi-trusted server after being encrypted by the public key.The user saves the private key used to decrypt the encryption key.In some cases,for example,if users want to view their data on the cloud virtual machine,they must upload their private key to the cloud.This departs from the principle that the private key cannot leave users.In addition,the private key needs to be mapped into the memory during encryption and decryption,which is extremely vulnerable to attack and lead to leakage.This solution protects the private key from attacks in this scenario.Intel SGX technology is by far one of the most secure memory encryption technologies,and its security boundary includes only the CPU and itself.When a user's private key is mapped into SGX encrypted memory,any attackers and users,including unauthorized users with high permissions,cannot access protected code and data.However,some existing attack technologies can bypass the encryption technology,analyze the code's access mode to the data,and infer and steal the user's key data through side-channel attacks.Aiming at how to ensure that the user's private key is securely transmitted to the cloud environment,and stored securely in the cloud environment,when using a cryptographic algorithm to perform encryption and decryption,to avoid the disclosure of the plaintext information of the key and the code's access mode to the data during the execution process,the paper research and propose a user private key protection scheme based on SGX and ORAM obfuscation technology.The main work is as follows:1.Improved the ORAM protocol.In order to reduce the storage of the ORAM tree,reduce the bandwidth between the ORAM controller and the ORAM tree,and the overall operating efficiency,the ORAM protocol has been improved based on the tree model structure.In the SGX encryption environment,ensure that the access mode of the cryptographic algorithm at run time is not leaked.2.Improved user private key protection scheme.The solution protects the user's private key from the user client to the cloud virtual client,secure storage in the cloud client,and mapping to memory when the process running.Utilizing the high security of SGX,the SM2 digital signature algorithm and private key decryption algorithm executed by the private key in the cloud environment were modified.By analyzing the overall security of the solution,and implementing and testing the code in ORAM obfuscation mode,it provides a trusted execution environment for the user's private key in the cloud environment,which can resist common memory attacks and avoid leakage of access mode of program run time.And improve the overall efficiency of the program.