Mainjiniya ochokera ku Intel akonza njira yatsopano ya HTTPA (HTTPS Attestable), kukulitsa HTTPS ndi zitsimikizo zina zachitetezo cha kuwerengera komwe kunachitika. HTTPA imakupatsani mwayi wotsimikizira kukhulupirika pokonza zopempha za ogwiritsa ntchito pa seva ndikuwonetsetsa kuti ntchito yapaintaneti ndi yodalirika komanso khodi yomwe ikuyenda mu TEE (Trusted Execution Environment) pa seva sinasinthidwe chifukwa chobera kapena kuwonongedwa ndi woyang'anira.
HTTPS imateteza deta yotumizidwa pa intaneti, koma singalepheretse kukhulupirika kwake kuphwanyidwa chifukwa cha kuukira kwa seva. Ma enclaves akutali, opangidwa pogwiritsa ntchito matekinoloje monga Intel SGX (Software Guard Extension), ARM TrustZone ndi AMD PSP (Platform Security processor), amapereka kuthekera koteteza makompyuta odziwika bwino komanso kuchepetsa chiopsezo cha kutayikira kapena kusinthidwa kwa chidziwitso chodziwika bwino pa node yomaliza.
Kuti mutsimikizire kudalirika kwa chidziwitso chofalitsidwa, HTTPA imakupatsani mwayi wogwiritsa ntchito zida zotsimikizira zomwe zaperekedwa ku Intel SGX, zomwe zimatsimikizira kutsimikizika kwa enclave momwe mawerengedwewo adachitidwira. M'malo mwake, HTTPA imakulitsa HTTPS ndi kuthekera kochitira umboni patali ndikukulolani kuti mutsimikizire kuti ikuyenda m'malo enieni a Intel SGX ndikuti ntchito yapaintaneti itha kudaliridwa. Protocol imayamba kupangidwa ngati yapadziko lonse lapansi ndipo, kuwonjezera pa Intel SGX, imatha kukhazikitsidwa pamakina ena a TEE.
Kuphatikiza panjira yokhazikika yokhazikitsa kulumikizana kotetezeka kwa HTTPS, HTTPA imafunikiranso kukambirana kwa kiyi yodalirika yagawo. Protocol imabweretsa njira yatsopano ya HTTP "ATTEST", yomwe imakupatsani mwayi wokonza zopempha ndi mayankho atatu:
- "preflight" kuti muwone ngati mbali yakutali imathandizira umboni wa enclave;
- "umboni" wogwirizana ndi magawo otsimikizira (kusankha cryptographic algorithm, kusinthanitsa zotsatizana mwachisawawa za gawoli, kupanga chozindikiritsa gawo ndikusamutsa makiyi agulu la enclave kwa kasitomala);
- "gawo lodalirika" - kupanga fungulo la gawo la kugawana uthenga wodalirika. Kiyi ya gawoli imapangidwa kutengera chinsinsi chomwe chidagwirizana kale pagawo loyamba lopangidwa ndi kasitomala pogwiritsa ntchito kiyi yapagulu ya TEE yomwe idalandilidwa kuchokera ku seva, ndi kutsatizana mwachisawawa kopangidwa ndi gulu lililonse.
HTTPA ikutanthauza kuti kasitomala ndi wodalirika ndipo seva sichoncho, i.e. kasitomala angagwiritse ntchito ndondomekoyi kuti atsimikizire mawerengedwe mu malo a TEE. Panthawi imodzimodziyo, HTTPA sichikutsimikiziranso kuti kuwerengera kwina komwe kumachitidwa panthawi ya seva ya intaneti yomwe siinapangidwe mu TEE sikunasokonezedwe, zomwe zimafuna kugwiritsa ntchito njira yosiyana pa chitukuko cha mautumiki a intaneti. Chifukwa chake, HTTPA imayang'ana kwambiri kugwiritsidwa ntchito ndi mautumiki apadera omwe awonjezera zofunikira pazambiri, monga zachuma ndi zamankhwala.
Pazochitika zomwe kuwerengera mu TEE kuyenera kutsimikiziridwa pa seva ndi kasitomala, njira yosiyana ya mHTTPA (Mutual HTTPA) imaperekedwa, yomwe imatsimikizira njira ziwiri. Njirayi ndi yovuta kwambiri chifukwa chosowa makiyi a magawo awiri a seva ndi kasitomala.
Source: opennet.ru