Onjiniyela abavela ku-Intel benze isiphakamiso esisha sephrothokholi ye-HTTPA (HTTPS Attestable), bandise i-HTTPS ngeziqinisekiso ezengeziwe zokuvikeleka kwezibalo ezenziwe. I-HTTPA ikuvumela ukuthi uqinisekise ubuqotho bokucubungula isicelo somsebenzisi kuseva futhi wenze isiqiniseko sokuthi isevisi yewebhu ithembekile futhi ikhodi esebenza endaweni ye-TEE (Indawo Eyethembekile Yokufezwa) kuseva ayishintshiwe ngenxa yokugebenga noma ukucekelwa phansi ngumlawuli.
I-HTTPS ivikela idatha edlulisiwe phakathi nokudluliselwa ngenethiwekhi, kodwa ayikwazi ukuvimbela ubuqotho bayo ukuthi buphulwa ngenxa yokuhlaselwa kweseva. Ama-enclave ahlukanisiwe, adalwe kusetshenziswa ubuchwepheshe obufana ne-Intel SGX (I-Software Guard Extension), i-ARM TrustZone ne-AMD PSP (I-Platform Security Processor), yenza kube nokwenzeka ukuvikela ikhompuyutha ebucayi nokunciphisa ingozi yokuvuza noma ukuguqulwa kolwazi olubucayi endaweni yokugcina.
Ukuqinisekisa ukwethembeka kolwazi oludlulisiwe, i-HTTPA ikuvumela ukuthi usebenzise amathuluzi okufakazela anikezwe ku-Intel SGX, aqinisekisa ubuqiniso be-enclave lapho izibalo zenziwa khona. Empeleni, i-HTTPA inweba i-HTTPS ngekhono lokufakazela ukude i-enclave futhi ikuvumele ukuthi uqinisekise ukuthi isebenza endaweni yangempela ye-Intel SGX nokuthi isevisi yewebhu ingathenjwa. Iphrothokholi ekuqaleni iyathuthukiswa njengeyomhlaba wonke futhi, ngaphezu kwe-Intel SGX, ingasetshenziswa kwezinye izinhlelo ze-TEE.
Ngokungeziwe kunqubo evamile yokusungula uxhumano oluvikelekile lwe-HTTPS, i-HTTPA idinga futhi ukuxoxisana ngokhiye weseshini othembekile. Iphrothokholi yethula indlela entsha ye-HTTP ethi βATTESTβ, ekuvumela ukuthi ucubungule izinhlobo ezintathu zezicelo nezimpendulo:
- "preflight" ukuhlola ukuthi uhlangothi olukude luyakusekela yini ukufakaza kwe-enclave;
- "ukufakazela" ukuvumelana ngemingcele yobufakazi (ukukhetha i-cryptographic algorithm, ukushintshanisa ukulandelana okungahleliwe okuhlukile kuseshini, ukukhiqiza isihlonzi seseshini nokudlulisa ukhiye womphakathi we-enclave kuklayenti);
- "isikhathi esithenjwayo" - ukukhiqizwa kokhiye weseshini wokushintshisana ngolwazi oluthembekile. Ukhiye weseshini wakhiwe ngokusekelwe kumfihlo okwavunyelwana ngayo ngaphambili kweseshini eyakhiwe iklayenti lisebenzisa ukhiye wasesidlangalaleni we-TEE otholwe kuseva, nokulandelana okungahleliwe okukhiqizwa inhlangano ngayinye.
I-HTTPA isho ukuthi iklayenti lithembekile futhi iseva ayilona, ββi.e. iklayenti lingasebenzisa le phrothokholi ukuze liqinisekise izibalo endaweni ye-TEE. Ngesikhathi esifanayo, i-HTTPA ayiqinisekisi ukuthi ezinye izibalo ezenziwa ngesikhathi sokusebenza kweseva yewebhu ezingenziwanga ku-TEE azizange zibe sengozini, okudinga ukusetshenziswa kwendlela ehlukile ekuthuthukisweni kwezinsizakalo zewebhu. Ngakho-ke, i-HTTPA ihloselwe kakhulu ukusetshenziswa namasevisi akhethekile akhulise izidingo zobuqotho bolwazi, njengezinhlelo zezimali nezokwelapha.
Ezimeni lapho izibalo ku-TEE kufanele ziqinisekiswe kukho kokubili iseva neklayenti, okuhlukile kwephrothokholi ye-mHTTPA (Mutual HTTPA) kunikezwa, eyenza ukuqinisekiswa kwezindlela ezimbili. Le nketho iyinkimbinkimbi kakhulu ngenxa yesidingo sokukhiqiza izindlela ezimbili zokhiye beseshini kuseva neklayenti.
Source: opennet.ru