Research And Implementation Of Protecting The Runtime Environment For National Cryptographic Algorithm Based On Software Guard Extensions

Cryptography plays a significant role in the field of cloud computing,big data and block chain in the information age.Secure operation technology of cryptographic algorithm has attracted increasing attention of academia and industry.Software Guard Extensions(SGX)is a new trusted computing technique which has smaller Trusted Computing Base(TCB)and is more secure.It is produced by Intel in 2015.Secure operation technology of cryptographic algorithm based on SGX which has been in widespread use is becoming a new research aspect.The security of cryptosystem not only is related to the cryptographic algorithm's mathematical security but also is related to its execution environment.Cryptographic algorithms are facing serious threats under the software environment.Attackers might even be able to destroy the execution environment of cryptographic algorithm and steal keys by controlling the operation system.There is no ideal solution as many passive defense methods could not avoid the occurring of illegal operation in a deeper level.The article researches in the protection of the National Cryptographic Algorithm environment aiming to dynamically protect datas of the National Cryptographic Algorithm in its runtime.First,the paper proposes a National Cryptographic Algorithm security enhancement method based on SGX.In order to defense attacks from Operating System(OS)and Virtual Machine Monitor(VMM)that operate illegally on the National Cryptographic Algorithm,the method devided the National Cryptographic Algorithm application into trusted part and untrusted part,it also construct Enclave for the trusted part of the National Cryptographic Algorithm.We put progresses of key generation,hash,encryption and decryption into Enclave and the untrusted part is not able to access and modify contents in the Enclave and produce a trusted framework to dynamically protect the confidentiality of key and datas in its runtime.Second,the paper makes National Cryptographic Algorithm be suitable for SGX platform and own features of SGX applications.We recombinate and wrap codes of SM3,Keyed-Hash Message Authentication Code(HMAC)based on SM3 as well as SM4 and implement all parts of the method including the SGX National Cryptographic Algorithm.Experimental results show that the method,framework and implementation produced by the article are able to provide a trusted execution environment for the runtime of the National Cryptographic Algorithm and prevent vital information being accessed illegally.At the same time,the National Cryptographic Algorithm is able to achieve its function by using the method.The extra cost of the method is acceptable.