Intel® SGX and Blockchain: The iExec End-to-End Trusted Execution Solution
Note*: The User Guide for the iExec E2E Trusted Execution Solution is now available.
— Click here to get started!
Latest news: iExec V3 is coming May 2019.
Dev Letter #27: Roadmap to V3
The next major milestone for the iExec team is the launch of iExec V3, planned for release in May 2019. This…
The challenge: How can we guarantee security on decentralized and distributed networks?
Blockchain-based applications and computing are not owned or controlled by one specific entity but rather powered by a distributed network of multiple machines or ‘nodes’. The distributed nature of decentralized cloud computing networks presents a challenge to guarantee security. This is because any root privilege user may easily inspect the sensitive data and tamper with the application running on the decentralized host. It is different from the case of traditional centralized cloud computing providers, where it is easier to employ existing security mechanisms protect the involved application.
For decentralized blockchain-based clouds, a silicon-based security solution, called Trusted Execution Environment (TEE), is the only effective solution to protect users and applications involved. Intel® SGX is such an implementation of TEE.
Intel® SGX (Intel Software Guard Extensions), is a set of CPU instruction codes that enable the execution of select pieces code and data in protected areas called enclaves. Basically, while you have an application running on a host machine, SGX enclaves essentially act as a bubble, isolating and protecting the application from the host machine, in this way, even the root privilege administrator of the host machine is not able to penetrate this bubble to access and tamper with the application.
An introduction to Intel® SGX Enclaves — iExec Security R&D, Lei Zhang
“What makes Intel® SGX compelling is that it provides a hardware trusted execution environment (TEE), allowing better protections for data in-use, at-rest and in-transit, built-in CPU instructions and platform enhancements provide cryptographic assertions for the code that is permitted to access the data. If the code is altered or tampered, then access is denied and the environment disabled.” — Rick Echevarria, Vice president of Intel’s Software and Services Group.
1. iExec E2E Trusted Execution
iExec is a pioneer in building a blockchain-enabled decentralized and distributed cloud network. We have now provided the first-ever full and end-to-end solution integrating trusted execution. Some of iExec’s initial work with Intel®SGX can be read in this blog post and is covered in this video presentation. iExec presented the first phase of work on Intel® SGX in March 2018 at IBM Think in Las Vegas and presented alongside Intel in May 2018 at Consensus in New York. This first phase focused on the protection of secrets built into decentralized applications. The proof-of-concept presented alongside Intel showed that Intel® SGX enclaves could ensure that, although the applications were running on decentralized nodes, the sensitive data could not be inspected or altered with by malicious attackers on the network. This first piece of work was a great success, however, the solution was complicated for app developers and users, especially for those who are not in the field of security.
iExec has since continued to make significant contributions, working diligently with partners, to push forward a powerful and user-friendly full end-to-end trusted execution solution. The solution is intended to be used as an industry reference to enhance the overall security of decentralized cloud computing. This new Intel® SGX solution, combined with Blockchain, allows for an unmatched level of trust for Decentralized Applications (Dapps) and execution/data processing on decentralized nodes. The iExec approach specifically allows Blockchain to work with Intel® SGX in order to:
- Protect the DApp and provide full data protection that cannot be accessed by the execution host. This is especially important for the user’s input and output data.
- Guarantee the integration of the Dapp/Data, making sure the correct and expected DApp or Data is running on the decentralized node.
- Provide blockchain-based validation for off-chain computing, verifying that the Dapp is correctly executed in an enclave and is neither tampered nor interrupted by the decentralized node. A smart-contract signature is signed inside this secure enclave before the verification is done by the blockchain network.
- Make sure the execution and DApp result is valid and not copied or fabricated by the malicious decentralized node.
- Protect the end-to-end privacy of DApp result, which can never be inspected by anyone else but the user.
- A friendly-user interface: significant simplification for users to encrypt/decrypt the input/output data and trigger the trusted application execution.
Easy usability is a key element of User Experience; with the new iExec E2E Trusted Execution , the user only needs 3 simple steps to run a trusted application execution and to provide a full protection of user’s input and output data.
Let’s think about a typical application, a FinTech application, for example. The application is fed by user input data which contains the user’s personal and sensitive details (such as bank account information, personal private information, etc). The output result of the application also contains some sensitive data and is only intended for the user who triggers the application. The input data and the output results need to be strictly protected during the whole procedure. The non-encrypted and sensitive data will never leave user ‘local’ scope and will be protected withing high-secured trusted execution environment: the Intel® SXG hardware enclave. The following will give a general description of the 3 main steps of the iExec E2E Trusted Execution.
Step 1: The user only needs to run one simple command which will automatically:
- Encrypt user’s input data
- Push the encrypted data to a remote file system (i.e. the remote file system can be any public file sharing service and end user is free to choose his/her preferred one, please note that this service is not provided by iExec)
- Update related session data (i.e. each user’s triggering of the application is a session) to a TEE based secret management service. Secret management service can be deployed in a flexible way: it can be at the user’s side, or scheduler’s side (i.e. a worker pool with Intel® SGX).
Step 2: The user triggers the target application by just a few clicks from the iExec Dapp store and Marketplace via a user-friendly UI interface.
Once the target application is triggered at remote enclave, the application will automatically pull the encrypted user input data from the remote file system (i.e. pushed in step 1); retrieve the secret key via secure channel, which is then used to decrypt the user input data, the decryption is done only inside the high-secured trusted environment — the Intel® SGX enclave. The application result is finally encrypted and then the iExec’s verification procedure (i.e. Proof of Contribution) is triggered. Everything happens securely inside the enclave and no secret is able to be revealed to the outside world.
The signature is finally transferred to on-chain network and verified by on-chain smart contract via the registered corresponding public key. If the signature verification passes and application result’s trust level achieves a given threshold. The user will be informed to download the encrypted result.
It may sound complicated, but for the user, all this can be done in just a few simple clicks!
Step 3: The user can download the encrypted result package, running just one simple command to decrypt the result. Please note that only the user who triggers the task is able to download the encrypted result, and only the user owns the key to decrypt the application result.
Please note that the procedure is platform independent, and therefore is compatible with different operating systems: Windows, Linux, Mac OS.
In the near future, we will further simplify the user’s procedure — all the three steps will be integrated into one simple step.
iExec Trusted Execution is Generic
The iExec platform is open to different implementations of trusted execution environment. The current iExec E2E Trusted Execution solution is based on SCONE platform provided by Scontain UG. We have been working hard these past months together with the Scone team to deliver a complete solution that can be used by any blockchain developer without prior knowledge in secure computing. iExec has also been collaborating with Fortanix to integrate their frameworks into iExec’s E2E Trusted Execution solution, and we are confident that we’ll be soon ready to support this solution as well. We are also in the phase of evaluating Intel’s Private Data Object (PDO) framework. In the future, we will also consider the framework of Graphene-SGX/Graphene-ng that is proposed by Golem. All the mainstream TEE solutions will be 100% compatible with iExec’s platform, and we will leave iExec Dapp developers and users to freely choose their preferred TEE frameworks. Our objective is to promote the emergence of an ecosystem which provides trusted execution for Blockchain based computing, and these trusted services can be monetized on the iExec Marketplace.
iExec Contributions towards Industry Standardization
iExec are very active in the research field of Trusted Computing and is leading the industrial standardization in the context of Blockchain technology.
- iExec is very active in EEA (Enterprise Ethereum Alliance): iExec is chairing the Trusted Compute Work Group, and keeps contributing and pushing forward the EEA specifications, especially the Off-chain Trusted Compute Specification which is to be publicly released soon.
- iExec is active in IEEE as well. iExec is a member of IEEE P2418, and is involved in IEEE standard project on DLT-based Federated Identity, Credential and Trust Management. iExec leads the standardization work in several Blockchain based domains, especially the security and TEE.
- iExec is collaborating with hardware trusted execution vendors to move forward this hardware-based security solution (Intel® SGX) to be fully standard-compliant, stay tuned for the coming updates during Devcon4.
- iExec is also collaborating with our partners to move forward the standardization for Blockchain based Fog Computing in the context of OpenFog consortium. Some result of the first stage collaboration with our partners on Fog Computing will be released soon, please stay tuned in the following days.
The next dev letter will feature a tutorial for users and developers to use the new iExec SDK with Intel® SGX features. So don’t miss it!
With the approaching of Devcon4, we will soon publish all of our work on iExec Trusted Execution. Lots of exciting news is in the pipeline, ready to be shared with the community. Stay tuned for updates from iExec, including new releases, around the time of Devcon4.
Learn more at the iExec Summit, After Devcon4 in Prague.
The team is getting ready for Devcon4 and our own event, the iExec Summit & Party on Friday 02 Nov. 2 pm in Prague. It will involves a mix of technical talks from guest speakers, workshops and fun.(with speakers from Intel, Parity, Ubisoft and more) Afterwards, we’ll party with food, drink and good company!