Iinjineli ezivela kwi-Intel zicebise iprotocol entsha ye-HTTPA (i-HTTPS Attestable), ukwandisa i-HTTPS kunye neziqinisekiso ezongezelelweyo zokhuseleko lwezibalo ezenziweyo. I-HTTPA ikuvumela ukuba uqinisekise ingqibelelo yokusetyenzwa kwesicelo somsebenzisi kumncedisi kwaye uqinisekise ukuba inkonzo yewebhu ithembekile kwaye ikhowudi esebenza kwimeko-bume ye-TEE (Imeko-bume ethembekileyo yokuSebenzisa) kumncedisi ayitshintshwanga ngenxa yoqhekezo okanye ukonakaliswa ngumlawuli.
I-HTTPS ikhusela idatha ethunyelweyo ngexesha lokudluliselwa kwinethiwekhi, kodwa ayikwazi ukuthintela ingqibelelo yayo ukuba ingaphulwa ngenxa yokuhlaselwa kwiseva. Ii-enclaves ezizimeleyo, ezenziwe kusetyenziswa ubuchwepheshe obufana ne-Intel SGX (i-Software Guard Extension), i-ARM TrustZone kunye ne-AMD PSP (i-Platform Security Processor), inika amandla okukhusela i-computing ebuthathaka kunye nokunciphisa umngcipheko wokuvuza okanye ukuguqulwa kolwazi olubucayi kwi-node yokugqibela.
Ukuqinisekisa ukuthembeka kolwazi olugqithisiweyo, i-HTTPA ikuvumela ukuba usebenzise izixhobo zobungqina ezinikezelwe kwi-Intel SGX, eqinisekisa ukunyaniseka kwe-enclave apho izibalo zenziwe khona. Ngokusisiseko, i-HTTPA yandisa i-HTTPS ngokukwazi ukungqina ukude i-enclave kwaye ikuvumela ukuba uqinisekise ukuba iyasebenza kwindawo yokwenyani ye-Intel SGX kunye nokuba inkonzo yewebhu inokuthenjwa. Iprothokholi iqale iphuhliswe njengelizwe jikelele kwaye, ukongeza kwi-Intel SGX, inokuphunyezwa kwezinye iinkqubo zeTEE.
Ukongeza kwinkqubo eqhelekileyo yokuseka uxhulumaniso olukhuselekileyo lwe-HTTPS, i-HTTPA yongezelela idinga uthethathethwano lwesitshixo seseshoni esithembekileyo. Iprothokholi yazisa indlela entsha ye-HTTP "ATTEST", ekuvumela ukuba usebenze iintlobo ezintathu zezicelo kunye neempendulo:
- "i-preflight" ukujonga ukuba icala elikude liyabuxhasa ubungqina be-enclave;
- "ubungqina" bokuvumelana neeparameters zobungqina (ukukhetha i-algorithm ye-cryptographic, ukutshintshiselana ngokulandelelana okungahleliweyo kwiseshoni, ukuvelisa isazisi seseshoni kunye nokudlulisa isitshixo sikawonkewonke se-enclave kumxhasi);
- "iseshoni ethembekileyo" - ukuveliswa kweqhosha leseshini yokutshintshiselana ngolwazi oluthembekileyo. Isitshixo seseshoni senziwa ngokusekelwe kwimfihlo ekuvunyelwene ngayo ngaphambili kwiseshini yangaphambili eyenziwe ngumxhasi usebenzisa isitshixo sikawonkewonke se-TEE esifunyenwe kumncedisi, kunye nokulandelelana okungahleliwe okwenziwa liqela ngalinye.
I-HTTPA ithetha ukuba umxhasi uthembekile kwaye umncedisi akanjalo, okt. umxhasi angasebenzisa le protocol ukuqinisekisa ubalo kwindawo ye-TEE. Ngelo xesha, i-HTTPA ayiqinisekisi ukuba ezinye izibalo ezenziwe ngexesha lokusebenza komncedisi wewebhu ezingenziwanga kwi-TEE azizange ziphazamiseke, ezifuna ukusetyenziswa kwendlela eyahlukileyo ekuphuhlisweni kweenkonzo zewebhu. Ngaloo ndlela, i-HTTPA ijolise ikakhulu ekusebenziseni iinkonzo ezikhethekileyo eziye zandisa iimfuno zolwazi oluthembekileyo, olufana neenkqubo zemali kunye nezonyango.
Kwiimeko apho izibalo kwi-TEE kufuneka ziqinisekiswe zombini umncedisi kunye nomxhasi, ukwahluka kweprotocol ye-mHTTPA (Mutual HTTPA) inikezelwe, eyenza uqinisekiso lweendlela ezimbini. Olu khetho lunzima ngakumbi ngenxa yesidingo seendlela ezimbini zokuvelisa izitshixo zeseshoni zomncedisi kunye nomxhasi.
umthombo: opennet.ru