Mainjiniya kubva kuIntel vakurudzira itsva HTTPA protocol (HTTPS Attestable), kuwedzera HTTPS nekuwedzera vimbiso dzekuchengetedza kwekuverenga kwakaitwa. HTTPA inokutendera kuti uvimbise kutendeseka kwekugadzirisa chikumbiro chemushandisi pane sevha uye ita shuwa kuti sevhisi yewebhu yakavimbika uye kodhi iri kushanda munzvimbo yeTEE (Trusted Execution Environment) paserver haina kuchinjwa semhedzisiro yekubira kana kuparadza nemutungamiriri.
HTTPS inochengetedza data rakatapurirwa panguva yekufambisa panetiweki, asi haigone kudzivirira kutendeseka kwayo kubva kutyorwa nekuda kwekurwiswa kweseva. Isolated enclaves, akagadzirwa achishandisa matekinoroji akadai seIntel SGX (Software Guard Extension), ARM TrustZone uye AMD PSP (Platform Security processor), inoita kuti zvikwanise kudzivirira komputa inonzwisisika uye kuderedza njodzi yekudonha kana kugadziridzwa kweruzivo rwakadzama pane yekupedzisira node.
Kuti uvimbise kuvimbika kweruzivo rwunofambiswa, HTTPA inokutendera kuti ushandise maturusi ekupupurira akapihwa muIntel SGX, ayo anosimbisa huchokwadi hweiyo enclave umo maverengero akaitwa. Chaizvoizvo, HTTPA inotambanudzira HTTPS nekugona kupupurira kure kure uye kubvumidza iwe kuti uone kuti iri kushanda munzvimbo yechokwadi yeIntel SGX uye kuti webhu sevhisi inogona kuvimbwa nayo. Iyo protocol iri kutanga kugadzirwa seyepasirese uye, kuwedzera kune Intel SGX, inogona kuitwa kune mamwe maTEE masisitimu.
Pamusoro peyakajairwa maitiro ekumisikidza yakachengeteka yekubatanidza yeHTTPS, HTTPA inodawo kutaurirana kwekiyi yakavimbika yechikamu. Iyo protocol inounza nzira itsva yeHTTP "ATTEST", iyo inokutendera kuti ugadzirise marudzi matatu ezvikumbiro nemhinduro:
- "preflight" kutarisa kana rutivi rwuri kure ruchitsigira enclave attestation;
- "kupupura" kwekubvumirana pane zvipupuriro zvezvipupuriro (kusarudza cryptographic algorithm, kuchinjana kutevedzana kwakasiyana nechikamu, kugadzira chiziviso chechikamu uye kuendesa kiyi yeruzhinji kune mutengi);
- "yakavimbika chikamu" - kugadzirwa kwesesheni kiyi yekuvimbika kwekuchinjana ruzivo. Kiyi yechikamu inoumbwa zvichibva pane yakambobvumiranwa pamusoro pe-pre-session chakavanzika chakagadzirwa nemutengi achishandisa TEE yeruzhinji kiyi inotambirwa kubva kuseva, uye zvisina tsarukano kutevedzana kunogadzirwa nebato rega rega.
HTTPA inoreva kuti mutengi akavimbika uye sevha haisi, i.e. mutengi anogona kushandisa iyi protocol kuratidza maverengero munzvimbo yeTEE. Panguva imwecheteyo, HTTPA haivimbisi kuti mamwe maverengero akaitwa panguva yekushanda kwewebhu server asina kuitwa muTEE haana kukanganiswa, izvo zvinoda kushandiswa kweimwe nzira yekuvandudza masevhisi ewebhu. Nekudaro, HTTPA inonyanya kunangana nekushandiswa nemasevhisi ane hunyanzvi ayo akawedzera zvinodikanwa zvekuvimbika kweruzivo, senge mari nehurongwa hwekurapa.
Pamamiriro ezvinhu apo maverengero muTEE anofanirwa kusimbiswa kune esevha uye mutengi, musiyano wemHTTPA (Mutual HTTPA) protocol unopihwa, iyo inoita nzira mbiri. Iyi sarudzo yakanyanya kuomarara nekuda kwekuda kwenzira mbiri chizvarwa chesesheni makiyi evhavha uye mutengi.
Source: opennet.ru