Injineerada Intel ayaa soo jeediyay hab-maamuus HTTPA cusub (HTTPS Attestable), oo ballaarinaya HTTPS oo wata dammaanad dheeri ah oo amniga xisaabaadka la sameeyay. HTTPA waxay kuu ogolaanaysaa inaad dammaanad qaado daacadnimada ka baaraandega codsiga adeegsadaha ee serverka oo aad hubiso in adeega webku yahay mid la aamini karo iyo koodhka ka shaqeeya deegaanka TEE (Trusted Execution Environment) ee serverka lama bedelin natiijada jabsiga ama kharribaadda maamuluhu.
HTTPS waxay ilaalisaa xogta la kala qaado inta lagu guda jiro gudbinta shabakada, laakiin kama hortagi karto daacadnimadeeda in lagu xadgudbo natiijada weerarrada serverka. Go'doonsan, oo la abuuray iyadoo la adeegsanayo tignoolajiyada sida Intel SGX (Software Guard Extension), ARM TrustZone iyo AMD PSP (Processor Security Platform), waxay suurtogal ka dhigtaa in la ilaaliyo xisaabinta xasaasiga ah oo la yareeyo khatarta daadinta ama wax ka beddelka macluumaadka xasaasiga ah ee qanjidhada dhamaadka.
Si loo dammaanad qaado isku halaynta macluumaadka la gudbiyo, HTTPA waxay kuu ogolaanaysaa inaad isticmaasho agabka caddaynta ee lagu bixiyo Intel SGX, kaas oo xaqiijinaya run ahaanshiyaha meesha xisaabaadka lagu sameeyay. Asal ahaan, HTTPA waxay ku fidinaysaa HTTPS iyada oo awood u leh in ay meel fog ka caddayso xannibaad waxayna kuu ogolaaneysaa inaad xaqiijiso inay ku shaqeyso jawiga Intel SGX ee dhabta ah iyo in adeega shabakada la aamini karo. Hab-maamuuska ayaa markii hore loo sameeyay sidii mid caalami ah, marka lagu daro Intel SGX, waxaa loo hirgelin karaa nidaamyada kale ee TEE.
Marka lagu daro habka caadiga ah ee samaynta xiriir aamin ah HTTPS, HTTPA waxa kale oo ay u baahan tahay gorgortanka furaha fadhiga la aamini karo. Nidaamku wuxuu soo bandhigayaa hab HTTP cusub "ATTEST", kaas oo kuu ogolaanaya inaad ka shaqeyso saddex nooc oo codsiyo iyo jawaabo ah:
- "hordhac" si loo hubiyo in dhinaca fog-fog uu taageerayo marag-furka;
- "caddaynta" ee lagu heshiinayo cabbirrada caddaynta (doorashada algorithm cryptographic, beddelashada tixanayaal random ah oo u gaar ah fadhiga, soo saarista aqoonsiga kalfadhiga iyo wareejinta furaha dadweynaha ee enclave ee macmiilka);
- "Kalfadhi la aamini karo" - abuurista furaha fadhiga ee xog isweydaarsiga la aamini karo. Furaha kalfadhiga waxa la sameeyay iyadoo lagu salaynayo sirta fadhiga hore ee hore loogu heshiiyey ee uu soo saaray macmiilku isagoo isticmaalaya furaha guud ee TEE ee laga helay server-ka, iyo taxane aan toos ahayn oo qolo kastaaba samaysay.
HTTPA waxay tusinaysaa in macmiilku yahay mid la aamini karo oo adeeguhu aanu ahayn, i.e. macmiilku wuxuu isticmaali karaa borotokoolkan si uu u xaqiijiyo xisaabinta deegaanka TEE. Isla mar ahaantaana, HTTPA ma dammaanad qaadayso in xisaabinta kale ee la sameeyay inta lagu jiro hawlgalka server-ka shabakada ee aan lagu samayn TEE aan la dhicin, taas oo u baahan isticmaalka hab gaar ah oo loogu talagalay horumarinta adeegyada shabakada. Marka, HTTPA waxaa inta badan loogu talagalay in lagu isticmaalo adeegyo khaas ah kuwaas oo kordhiyey shuruudaha daacadnimada macluumaadka, sida hababka maaliyadeed iyo caafimaadka.
Xaaladaha ay tahay in xisaabinta TEE ay tahay in loo xaqiijiyo server-ka iyo macmiilka labadaba, kala duwanaanshiyaha borotokoolka mHTTPA (Mutual HTTPA) ayaa la bixiyaa, kaas oo fuliya xaqiijinta laba-geesoodka ah. Doorashadani aad bay u dhib badan tahay baahida loo qabo jiil laba-jid ah oo furayaasha fadhiga ee serverka iyo macmiilka.
Source: opennet.ru