Smart-contract Blockchain with Secure Hardware

In recent years, blockchains have grown in popularity and the main reason for this growth is the set of properties that they provide, such as user privacy and a public record of transactions. This popularity is verifiable by the number of cryptocurrencies currently available and by the current market value of Bitcoin currency. Since its introduction, blockchain has evolved and another concept closely linked with it is smart-contract, which allows for more complex operations over the blockchain than simple transactions. Nevertheless, blockchain technologies have significant problems that prevent it to be adopted as a mainstream solution, or at least as an alternative to centralized solutions such as banking systems. The main one is its inefficiency, which is due to the need of a consensus algorithm that provides total order of transactions. Traditional systems easily solve this by having a single central entity that orders transactions, which can’t be done in decentralized systems. Thus, blockchain’s efficiency and scalability suffer from the need of time-costly consensus algorithms, which means that they can’t currently compete with centralized systems that provide a much greater amount of transactional processing power. However, with the emergence of novel processor architectures, secure hardware and trusted computing technologies (e.g. Intel SGX and ARM TrustZone), it became possible to investigate new ways of improving the inefficiency issues of blockchain systems, by designing better and improved blockchains. With all this in mind, this dissertation aims to build an efficient blockchain system that leverages trusted technologies, namely the Intel SGX. Also, a previous thesis will serve as a starting point, since it already implements a secure wallet system, that allows authenticated transactions between users, through the Intel SGX. As such, this wallet system will be extended to provide traceability of its transactions through a blockchain. This blockchain will use Intel SGX to provide an efficient causal consistency mechanism for ordering transactions. After this, the following step will be to support the execution of smart-contracts, besides regular transactions.Nos últimos anos, as blockchains tornaram-se bastante populares e o motivo é o conjunto de propriedades que fornecem, como a privacidade dos utilizadores e um registo público de transações. Essa popularidade é verificável pelo número de criptomoedas existentes e pelo atual valor de mercado da moeda Bitcoin. Desde a sua introdução, o conceito de blockchain evoluiu bastante e surgiu o conceito de smart-contract, que permite realizar operações mais complexas sobre uma blockchain, além de simples transações. Contudo, existem problemas que impedem blockchains de serem adotadas como so luções convencionais ou como uma alternativa a soluções centralizadas, como o caso de sistemas bancários. O seu principal problema é ineficiência, resultante da necessidade de um algoritmo de consensus que forneça ordem total das transações. Os sistemas tradi cionais resolvem esse problema facilmente, sendo que têm uma única entidade central que ordena transações, o que não pode ser feito em sistemas descentralizados. Assim, a eficiência e a escalabilidade das blockchains sofrem com a utilização de algoritmos de consensus dispendiosos, o que significa que não conseguem competir atualmente com sistemas centralizados que fornecem uma maior quantidade de poder de processamento transacional. No entanto, com o aparecimento de novas arquiteturas de processadores, hardware seguro e tecnologias de computação confiável (por exemplo, Intel SGX e ARM TrustZone), tornou-se possível investigar novas formas de melhorar os problemas de ineficiência dos sistemas de blockchain e a construção de sistemas melhores e mais eficientes. Assim sendo, esta dissertação visa construir uma blockchain eficiente com recurso ao Intel SGX. O ponto de partida será um sistema de wallet, que permite transações autenticadas entre usuários através do Intel SGX, desnvolvido numa dissertação anterior. Como tal, esse sistema será estendido para fornecer rastreabilidade das transações através de uma blockchain. Esta blockchain utilizará o Intel SGX para fornecer um mecanismo de consistência causal eficiente para a ordenação das transações. Depois disto, o passo seguinte será suportar a execução de smart-contract, além de simples transações

Secure hardware design against side-channel attacks

Embedded systems such as smart card or IoT devices should be protected from side-channel analysis (SCA) attacks. For the secure hardware implementation, SCA security metrics to quantify robustness of the implementation at the abstraction level from the logic level to the layout level against SCA attacks should be considered. In our design flow, the first security test is executed at the logic level. If the implementation does not satisfy the threshold of the SCA security metric based on Kullback-Leibler divergence, the module can be re-synthesized with secure logic styles such as WDDL or t-private logic circuits. At the final security test, we use the machine learning technique such as LDA, QDA, SVM and naive Bayes to check the distinguishability of the side-channel leakage depending on inputs or outputs. These techniques apply to an ASIC in characterizing the secret data leakage. In this thesis, t-private logic circuits are implemented with the FreePDK45nm. The SCA security metric as well as the delay and power consumption is characterized. All this charac- terization data are stored in the standard liberty format(.lib) in order for general CAD tools to use this file. The t-private logic package including the general digital logics can be exploited for secure VLSI design. Also, various classifiers such as LDA, QDA, SVM or naive Bayes are used to emulate real SCA environment. Based on this SCA simulator, the threshold of the SCA security metric can be estimated and the security can be verified more accurately. The secure logic cell package and SCA simulator support the methodology of the secure hardware implementation

Individual Risk Management for Digital Payment Systems

Despite existing security standards and security technologies, such as secure hardware, gaps between users’ demand for security and the security offered by a payment system can still remain. These security gaps imply risks for users. In this paper, we introduce a framework for the management of those risks. As a result, we present an instrument enabling users to evaluate eventual risks related with digital payment systems and to handle these risks with technical and economic instruments.Payment Systems, Digital Money

Secure Hardware Performance Analysis in Virtualized Cloud Environment

The main obstacle in mass adoption of cloud computing for database operations is the data security issue. In this paper, it is shown that IT services particularly in hardware performance evaluation in virtual machine can be accomplished effectively without IT personnel gaining access to real data for diagnostic and remediation purposes. The proposed mechanisms utilized TPC-H benchmark to achieve 2 objectives. First, the underlying hardware performance and consistency is supervised via a control system, which is constructed using a combination of TPC-H queries, linear regression, and machine learning techniques. Second, linear programming techniques are employed to provide input to the algorithms that construct stress-testing scenarios in the virtual machine, using the combination of TPC-H queries. These stress-testing scenarios serve 2 purposes. They provide the boundary resource threshold verification to the first control system, so that periodic training of the synthetic data sets for performance evaluation is not constrained by hardware inadequacy, particularly when the resources in the virtual machine are scaled up or down which results in the change of the utilization threshold. Secondly, they provide a platform for response time verification on critical transactions, so that the expected Quality of Service (QoS) from these transactions is assured

Secure Hardware Enhanced MyProxy: A Ph.D. Thesis Proposal

In 1976, Whitfield Diffie and Martin Hellman demonstrated how New Directions In Cryptography could enable secure information exchange between parties that do not share secrets. In order for public key cryptography to work in modern distributed environments, we need an infrastructure for finding and trusting other parties\u27 public keys (i.e., a PKI). A number of useful applications become possible with PKI. While the applications differ in how they use keys (e.g., S/MIME uses the key for message encryption and signing, while client-side SSL uses the key for authentication), all applications share one assumption: users have keypairs. In previous work, we examined the security aspects of some of the standard keystores and the their interaction with the OS. We concluded that desktops are not safe places to store private keys, and we demonstrated the permeability of keystores such as the default Microsoft keystore and the Mozilla keystore. In addition to being unsafe, these desktop keystores have the added disadvantage of being immobile. In other previous work, we examined trusted computing. In industry, a new trusted computing initiative has emerged: the Trusted Computing Platform Alliance (TCPA) (now renamed the Trusted Computing Group (TCG)). The goal of the TCG design is lower-assurance security that protects an entire desktop platform and is cheap enough to be commercially feasible. Last year, we built a trusted computing platform based on the TCG specifications and hardware. The picture painted by these previous projects suggests that common desktops are not secure enough for use as PKI clients, and trusted computing can improve the security of client machines. The question that I propose to investigate is: Can I build a system which applies trusted computing hardware in a reasonable manner in order to make desktops usable for PKI? My design begins with the Grid community\u27s MyProxy credential repository, and enhances it to take advantage of secure hardware on the clients, at the repository, and in the policy framework. The result is called Secure Hardware Enhanced MyProxy

Dedicated Secure hardware Component to protect permissioned blockchains

This disclosure relates to the field of blockchain/distributed ledgers. More specifically, this disclosure addresses the challenges of securing a blockchain running in an untrusted environment in order to make it verifiable by a remote party

Proceedings of the Workshop on web applications and secure hardware (WASH 2013).

Web browsers are becoming the platform of choice for applications that need to work across a wide range of different devices, including mobile phones, tablets, PCs, TVs and in-car systems. However, for web applications which require a higher level of assurance, such as online banking, mobile payment, and media distribution (DRM), there are significant security and privacy challenges. A potential solution to some of these problems can be found in the use of secure hardware – such as TPMs, ARM TrustZone, virtualisation and secure elements – but these are rarely accessible to web applications or used by web browsers. The First Workshop on Web Applications and Secure Hardware (WASH'13) focused on how secure hardware could be used to enhance web applications and web browsers to provide functionality such as credential storage, attestation and secure execution. This included challenges in compatibility (supporting the same security features despite different user hardware) as well as multi-device scenarios where a device with hardware mechanisms can help provide assurance for systems without. Also of interest were proposals to enhance existing security mechanisms and protocols, security models where the browser is not trusted by the web application, and enhancements to the browser itself

Drivers and barriers for secure hardware adoption across ecosystem stakeholders

The decisions involved in choosing technology components for systems are poorly understood. This is especially so where the choices pertain to system security and countering the threat of cybersecurity attack. Although common in some commercial products, secure hardware chips provide security functions such as authentication, secure execution and integrity validation on system start, and are increasingly deemed to have a role in devices across sectors, such as IoT devices, autonomous vehicle systems and critical infrastructure components. To understand the decisions and opinions regarding the adoption of secure hardware, we conducted 23 semi-structured interviews with senior decision-makers from companies spanning a range of sectors, sizes and supply-chain roles. Our results consider the business propositional drivers, barriers and economic factors that influence the adoption decisions. Understanding these would help those seeking to influence the adoption process, whether as a business decision, or as a trade or national strategy