近日,中国信息通信研究院联合行业领军企业共同制修订了《基于可信执行环境的数据计算平台、技术要求与测试方法》。测试标准致力于为可信执行环境TEE在数据流通中的应用提供在任务处理能力、算法拓展性、环境验证、通信安全、计算机密性、一致性、数据存储、审计和运维这九个角度对产品能力提出规范要求,为可信执行环境技术在数据流通行业的落地提供可行性证明。Recently, the China Academy of Information and Communication Research (CAICR), together with industry leaders, has jointly developed and revised the "Data Computing Platforms Based on Trusted Execution Environments, Technical Requirements and Test Methods". The test standard is dedicated to provide the application of Trusted Execution Environment TEE in data circulation with specification requirements for product capabilities from nine perspectives: task processing capability, algorithm scalability, environment validation, communication security, computational confidentiality, consistency, data storage, auditing and operation and maintenance, providing proof of feasibility for the implementation of Trusted Execution Environment technology in the data circulation industry.
1、TEE technology development history
TEE相关标准组织的成立:1999年,康柏、HP、IBM、Intel、微软等企业发起成立了可信计算平台联盟TCPA(Trusted Computing Platform Alliance)该组织于2003年改组为可信计算组织TCG,并制定了关于可信计算平台、可信存储和可信网络链接等一些列技术规范。
The establishment of TEE-related standards organizations: In 1999, Compaq, HP, IBM, Intel, Microsoft and other companies initiated the establishment of the Trusted Computing Platform Alliance (TCPA), which was reorganized as the Trusted Computing Group (TCG) in 2003 and developed a number of technical specifications on trusted computing platforms, trusted storage In 2003, the organization was reorganized as the Trusted Computing Group (TCG) and developed a number of technical specifications on trusted computing platforms, trusted storage and trusted network links.
TEE的实现:2009年OMTP (Open Mobile Terminal Platform,开放移动终端平台)率先提出了一种双系统解决方案:即在同一个智能终端下,除了多媒体操作系统外再提供一个隔离的安全操作系统,这一运行在隔离的硬件之上的隔离安全操作系统用来专门处理敏感信息以保证信息的安全。
TEE implementation: In 2009, OMTP (Open Mobile Terminal Platform) pioneered a dual system solution: that is, under the same smart terminal, in addition to the multimedia operating system, an isolated security operating system is provided, which runs on top of the isolated hardware and is used to specifically This isolated security operating system, running on top of isolated hardware, is used to specifically handle sensitive information to keep it secure.
TEE相关标准的规范:2011年GlobalPlatform(全球最主要的智能卡多应用管理规范的组织,简称为GP)从2011年起开始起草制定相关的TEE规范标准,并联合一些公司共同开发基于GP TEE标准的可信操作系统。因此,如今大多数基于TEE技术的Trust OS都遵循了GP的标准规范。
Specification of TEE-related standards: In 2011 GlobalPlatform (the world's leading organization for smart card multi-application management specifications, referred to as GP) began drafting and developing TEE-related standards in 2011, and has joined forces with a number of companies to develop a trusted operating system based on the GP TEE standard. As a result, most Trust OSes based on TEE technology today follow GP's standard specifications.
2、The advantages of TEE technology
根据TEE的技术特定可以总结其优势:
The advantages of TEE can be summarized according to its technology-specific:
(1)可信区域内可支持多层次、高复杂度的算法逻辑实现。
(1)Multi-level, high-complexity implementation of algorithmic logic can be supported in the trusted region.
(2)运算效率高,相较于明文计算仅有3-4倍损耗,相比MPC及联邦学习100+倍的运算损耗具有一定的优势。
(2)High computing efficiency, compared to plaintext computing only 3-4 times loss, compared to MPC and federal learning 100 + times the loss of computing has certain advantages.
(3)能够应对恶意攻击模型下的攻击手段,通过可信度量的方式保证TEE的运行逻辑的可信及可度量性。(3)It is able to cope with attacks under the malicious attack model, and ensures the trustworthiness and measurability of TEE's operational logic by means of trustworthy metrics.
3、Application Scenarios
可信执行环境技术(后简称TEE)因其较强的算法通用性和较小的性能损失,在许多涉及到隐私数据计算的场景中都得到了广泛应用,并且尤其适用于具备以下特征的应用场景:Trusted Execution Environment (later TEE) is widely used in many scenarios involving private data computation due to its strong algorithmic generality and small performance loss, and is particularly suitable for applications with the following characteristics:
(1) 计算逻辑相对复杂,算法难以通过同态加密等技术进行改造,或者改造过后效率下降过多。
(1) Computational logic is relatively complex and the algorithm is difficult to modify by techniques such as homomorphic encryption, or the efficiency of the modification is too low.(2) High data volume, high cost of data transmission and encryption/decryption.(3) 性能要求较高,要求在较短时间内完成运算并返回结果。(3) High performance requirements, requiring operations to be completed and results returned in a relatively short period of time.(4) 需要可信第三方参与的隐私计算场景,且数据(部分或间接)可被可信第三方获取或反推。(4) Privacy computing scenarios that require the involvement of trusted third parties, and where the data (partially or indirectly) can be accessed or back-propagated by trusted third parties.
(5) 数据的传输与使用环境与互联网直接接触,需要防范来自外部的攻击。
(5) The environment in which the data is transmitted and used is in direct contact with the Internet and requires protection against attacks from external sources.
(6) 数据协作的各方不完全互信,存在参与各方恶意攻击的可能。
(6) The parties involved in data collaboration do not fully trust each other, and there is the potential for malicious attacks by all parties involved.其中最常见的具体应用场景包括:隐私身份信息的认证比对、大规模数据的跨机构联合建模分析、数据资产所有权保护、链上数据机密计算、智能合约的隐私保护等。The most common specific application scenarios include: authentication and matching of private identity information, cross-agency joint modelling and analysis of large-scale data, data asset ownership protection, confidential on-chain data calculation, privacy protection of smart contracts, etc.
4.Real-life practice based on TEE technology
隐私身份信息的认证比对。身份信息的认证比对是许多数字化应用需要具备的基础功能之一,通过对使用者的指纹、脸部图像、声音等数据进行比对,验证使用者的真实身份以确保安全性。为了降低身份信息认证比对过程中的隐私泄露风险,TEE技术被应用于包括移动端、PC端和各类终端设备中。由摄像头、指纹识别器等IO设备采集到的个人身份数据,经过加密后传输到基于TEE技术生成的隐私计算环境中,数据在TEE内进行解密、特征提取、相似性比对等一系列操作,并将最终结果和再次加密的数据,通过安全的传输通道上传至服务器端。
Authentication and matching of privacy and identity information. Authentication and matching of identity information is one of the basic functions required by many digital applications, where the user's fingerprint, face image, voice and other data are compared to verify the user's true identity for security purposes. In order to reduce the risk of privacy breaches during the authentication and matching process, TEE technology is used in a variety of devices including mobile, PC and various terminals. Personal identity data collected by IO devices such as cameras and fingerprint readers are encrypted and transmitted to a privacy computing environment generated based on TEE technology. The data is decrypted, feature extracted and similarity matched in a series of operations within the TEE, and the final results and re-encrypted data are uploaded to the server side through a secure transmission channel.在整个过程中服务器仅能获得最终的比对结果和加密的原始数据,明文数据的计算完全在由用户掌握的终端设备的TEE中完成,既能够保障用户隐私信息的安全性,又可以防止终端设备上其它应用通过对校验过程进行干扰而发生作弊行为。During the whole process the server only gets the final comparison result and the encrypted original data, the calculation of the plaintext data is done entirely in the TEE of the terminal device in the hands of the user, which can guarantee the security of the user's private information and also prevent other applications on the terminal device from cheating by interfering with the verification process.大规模数据的跨机构联合建模分析。在数字化社会的发展过程中,基于大数据技术和数据智能衍生出的各类产品和服务已经广泛地影响到商业和生活,随着这些场景中各类算法的迭代发展,对于数据维度和数据量的要求也在日益增加,单个机构仅仅使用自身业务产生的数据已经不足以支撑这些场景的需求,因此联合多方数据进行联合分析建模已经成为一个重要趋势。
Cross-institutional joint modelling and analysis of large scale data. In the development of the digital society, various products and services derived from big data technology and data intelligence have widely influenced business and life, and with the iterative development of various algorithms in these scenarios, the requirements for data dimension and data volume are increasing. Joint analysis and modelling has become an important trend.由于大数据分析难以避免会涉及到企业的用户数据和经营数据,在多方数据联合和协作的过程中,各方都希望这些隐私信息能够得到充分保护,实现数据的可用而不可见。As big data analysis inevitably involves user data and business data, in the process of data federation and collaboration among multiple parties, all parties want to ensure that this private information is fully protected and that the data is available but not visible.在这类型的场景中,可以通过分布式部署在多个机构间的TEE节点网络,实现数据的隐私求交和计算。各方通过部署在本地的TEE节点从数据库中获取数据,并通过一个基于TEE可信根生成的加密密钥对数据进行加密,该密钥通过多个TEE节点协商产生,仅在各节点的TEE安全区域内部可见。加密后的数据在TEE节点网络间传输,并最终在一个同样由TEE节点组成的计算资源池中,然后在TEE中进行数据的解密、求交和运算。在运算完成后,TEE节点仅对外部输出结算结果,而原始数据和计算过程数据均在TEE内部就地销毁。In this type of scenario, privacy seeking intersection of data and computation can be achieved through a distributed network of TEE nodes deployed across multiple organisations. Each party obtains data from a database through a locally deployed TEE node and encrypts the data with an encryption key generated based on the TEE Trusted Root, negotiated by multiple TEE nodes and visible only inside the TEE security zone of each node. The encrypted data is transmitted across the network of TEE nodes and ends up in a pool of computing resources, also consisting of TEE nodes, where the data is then decrypted, intersected and computed in the TEE. Upon completion of the computation, the TEE node outputs the settlement results only to the outside, while both the original data and the computational process data are destroyed in situ within the TEE.通过TEE技术实现的多方数据联合建模,既能够满足多方数据协作的业务需求,也能够充分保护各方之间原始数据可用不可见。并且相比其它的分布式计算或纯密态计算的方案,基于TEE的方案具备更强大的性能和算法通用性,能够在涉及到大规模数据或对性能有一定要求的场景中达到更好地效果。The joint modelling of multiple parties' data through TEE technology can meet the business needs of multiple data collaboration, while fully protecting the original data available and invisible between the parties. Compared to other distributed or purely dense computing solutions, TEE-based solutions are more powerful and algorithmically versatile, and can achieve better results in scenarios involving large-scale data or where performance is required.数据资产所有权保护。数据作为一种数字化资产,具备可复制、易传播的特性,如何在数据资产共享和交易过程中保护数据资产的所有权,成为了推动数据生产要素市场化需要解决的首要问题之一。
Data asset ownership protection. As a digital asset, data is reproducible and easily disseminated. How to protect the ownership of data assets in the process of data asset sharing and trading has become one of the primary issues to be addressed in promoting the marketization of data production factors.通过TEE技术与区块链技术的有机结合,可以在企业间进行数据共享和交易时有效确保数据所有权和数据使用权的分离和保护。在TEE和区块链技术的结合下,数据交易过程的安全、可信和公平可以得到更好的保障,数据权属的划分可以更加明确,从而让数据生产要素成为一种真正可流通的资产,促进数字化社会对于数据生产要素潜能的充分激活。Through the organic combination of TEE technology and blockchain technology, the separation and protection of data ownership and data usage rights can be effectively ensured when data is shared and traded between enterprises. With the combination of TEE and blockchain technology, the security, trustworthiness and fairness of the data transaction process can be better guaranteed, and the division of data ownership can be more clearly defined, thus making data production factors a truly negotiable asset and promoting the full activation of the potential of data production factors in the digital society.链上数据机密存储和计算。面对日益增长的电子数据存证需求,传统的存证方式因成本高、效率低、采信困难等不足,而逐步被区块链电子存证取代,利用区块链的可追溯、不可篡改和安全透明的特性去保证数据“存储、提取、出示、比对”等环节都在链上公示,如何保证链上公示数据的安全性,成为推动区块链电子存证发展的需要首要解决的问题之一。
Confidential storage and calculation of data on the chain. In the face of the growing demand for electronic data deposition, the traditional deposition method is gradually replaced by blockchain electronic deposition due to the high cost, low efficiency and difficulties in credibility, and the use of blockchain's traceability, immutability and security transparency features to ensure that data "storage, extraction, presentation, comparison" and other aspects are publicized on the chain, how to How to ensure the security of the data disclosed on the chain has become one of the primary issues that need to be resolved in order to promote the development of blockchain e-deposit.在这类场景中,可以通过TEE节点,实现链上数据的机密存储和计算,实现链上数据的机密存储和计算。In this kind of scenario, the TEE node can be used to achieve confidential storage and calculation of data on the chain.在TEE技术的加成下,链上数据以及使用流程的隐私性也可以得到更好的保证,从而让区块链具备安全、可信和公平的存证的能力,让区块链存证也可以更好的落地并服务于各行各业的用户,做到真正的为民所用。With the addition of TEE technology, the privacy of the data on the chain and the usage process can also be better guaranteed, thus giving the blockchain the ability to store evidence in a secure, credible and fair manner, so that the blockchain depository can also be better landed and serve users from all walks of life and be truly useful for the people.
5. Autonomy and controllability
随着国内的政府、金融等关系到国计民生的重要领域在计算机软硬件领域的自主可控要求逐步提高,如何将依赖软硬件结合的数据流通和隐私计算技术——TEE,发展成为完全自主可控的技术,并落地在实际业务场景中,成为业界关注的话题,当前国内的多个芯片厂商也在研发和推出TEE解决方案,并在信任链扩展性、集成密码学算法等方面,相比国外TEE方案国产化TEE技术都做了创新。As the domestic government, finance and other important areas related to national security and people's livelihood in the field of computer hardware and software requirements for independent and controllable gradually increased, how to rely on a combination of hardware and software data circulation and privacy computing technology - TEE, developed into a fully independent and controllable technology, and landed in the actual business scenarios, become the industry concern Currently, several domestic chip vendors are also developing and launching TEE solutions, and in terms of trust chain scalability, integrated cryptography algorithms, etc., compared to foreign TEE solutions localised TEE technology have made innovations.
6.Multi-technology integration
满足商业生产环境的复杂应用需求,保障数据安全可信流通的技术解决方案只靠TEE是远远不够的。可以从安全、可信、可运维和数据智能化四个层面来分析需要融合的技术。TEE alone is not enough to meet the complex application requirements of commercial production environments and to ensure the secure and trusted flow of data. The technologies that need to be converged can be analysed on four levels: security, trustworthiness, transportability and data intelligence.从系统安全角度来看,系统安全是数据隐私保护的前提,若某一方的系统如果被敌手攻破,之上构建的所有隐私策略效果都会归零。From the perspective of system security, system security is a prerequisite for data privacy protection. If one party's system is breached by an adversary, the effect of all privacy policies built on top will be zero.从系统可信角度来看,系统本身要保证各个切面的行为都是可以被跟踪、审计的。From the perspective of system trustworthiness, the system itself must ensure that the behaviour of all facets is traceable and auditable.从系统可运维性来看,因为是一套跨多方的分布式系统,系统要具备可灵活部署、标准化交付的能力。From the perspective of system maintainability, because it is a set of distributed system across multiple parties, the system should have the ability to be flexibly deployed and standardized delivery.从数据智能化来看,因为数据的价值取决于数据挖掘的计算能力。构建数据协作的系统的目的是为了挖掘出数据的价值,所以必然需要集成已有大数据系统和已在生产环境中反复验证过效果的数据挖掘算法。In terms of data intelligence, because the value of data depends on the computing power of data mining. The purpose of building a data collaboration system is to uncover the value of the data, so it necessarily requires the integration of existing big data systems and data mining algorithms that have been repeatedly validated in production environments.国广清科深入分析发现,安全可信的数据流通系统需要多技术融合,不仅仅是TEE,区块链、云原生、数据挖掘等都将是这个领域的技术基石,国广清科也因此努力响应信通院号召,将TEE技术施用于最新平台之上,为可信执行环境技术在数据流通行业的落地提供帮助。In-depth analysis CRI TSING'S TECH found that a secure and trustworthy data circulation system requires the integration of multiple technologies, not only TEE, but also blockchain, cloud-native and data mining, which will be the cornerstones of this field.
联系电话:13552057290
合作咨询:hz@cri-tsing.com
简历投递:zp@cri-tsing.com
联系地址:北京市朝阳区二十一世纪大厦
