Injiniyoyi daga Intel sun ba da shawarar sabuwar yarjejeniya ta HTTPA (HTTPS Attestable), tana faɗaɗa HTTPS tare da ƙarin garantin tsaro na lissafin da aka yi. HTTPA yana ba ku damar tabbatar da amincin sarrafa buƙatun mai amfani akan uwar garken kuma tabbatar da cewa sabis ɗin gidan yanar gizo amintattu ne kuma lambar da ke gudana a cikin yanayin TEE (Trusted Execution Environment) akan sabar ba a canza ba sakamakon hacking ko sabotage daga mai gudanarwa.
HTTPS tana kare bayanan da ake watsawa yayin watsawa akan hanyar sadarwar, amma ba za ta iya hana amincinta keta haddi ba sakamakon hare-hare akan uwar garken. Keɓance keɓaɓɓen, waɗanda aka ƙirƙira ta amfani da fasaha kamar Intel SGX (Ƙara Tsaro na Software), ARM TrustZone da AMD PSP (Mai sarrafa Tsarin Tsaro), suna ba da damar kare ƙididdiga masu mahimmanci da rage haɗarin yabo ko gyaggyara bayanai masu mahimmanci a ƙarshen kumburi.
Don tabbatar da amincin bayanan da aka watsa, HTTPA yana ba ku damar amfani da kayan aikin shaida da aka bayar a cikin Intel SGX, waɗanda ke tabbatar da sahihancin ƙaƙƙarfan ƙayyadaddun bayanan da aka yi. Mahimmanci, HTTPA yana faɗaɗa HTTPS tare da ikon tabbatar da ƙayyadaddun ƙaya kuma ba ku damar tabbatar da cewa yana gudana a cikin ainihin yanayin Intel SGX kuma ana iya amincewa da sabis na yanar gizo. An fara haɓaka ƙa'idar a matsayin ta duniya kuma, ban da Intel SGX, ana iya aiwatar da shi don sauran tsarin TEE.
Baya ga tsarin al'ada na kafa amintaccen haɗi don HTTPS, HTTPA kuma yana buƙatar yin shawarwari na amintaccen maɓallin zama. Yarjejeniyar ta gabatar da sabuwar hanyar HTTP “ATTEST”, wacce ke ba ku damar aiwatar da buƙatu iri uku da amsoshi:
- "preflight" don bincika idan gefen nesa yana goyan bayan shaida;
- "shaida" don yarda da sigogin shaida (zaɓan algorithm na cryptographic, musayar jerin bazuwar musamman ga zaman, samar da mai gano zaman da kuma canja wurin maɓalli na jama'a ga abokin ciniki);
- “Zama mai amintacce” - ƙirƙirar maɓallin zama don amintaccen musayar bayanai. An ƙirƙiri maɓalli na zaman bisa ga sirrin da aka amince da shi kafin zama wanda abokin ciniki ya ƙirƙira ta amfani da maɓallin jama'a na TEE da aka karɓa daga uwar garken, da jerin bazuwar da kowane bangare ya samar.
HTTPA yana nuna cewa abokin ciniki amintacce ne kuma uwar garken ba, watau. abokin ciniki na iya amfani da wannan yarjejeniya don tabbatar da ƙididdiga a cikin yanayin TEE. A lokaci guda kuma, HTTPA ba ta ba da garantin cewa wasu ƙididdiga da aka yi yayin aikin sabar gidan yanar gizon da ba a yin su a cikin TEE ba su yi nasara ba, wanda ke buƙatar amfani da wata hanya ta daban don haɓaka ayyukan yanar gizon. Don haka, HTTPA galibi ana nufin amfani da sabis na musamman waɗanda ke da ƙarin buƙatu don amincin bayanan, kamar tsarin kuɗi da tsarin likitanci.
Don yanayin da dole ne a tabbatar da ƙididdiga a cikin TEE ga uwar garken da abokin ciniki, an samar da bambance-bambancen ka'idar mHTTPA (Mutual HTTPA), wanda ke yin tabbaci ta hanyoyi biyu. Wannan zaɓin ya fi rikitarwa saboda buƙatar maɓalli na ƙarni na biyu don uwar garken da abokin ciniki.
source: budenet.ru