Increasing security of an e-auction smart contracts with Intel SGX trusted hardware

Bachelor thesis (2022)

Authors

R. Deshamudre Electrical Engineering, Mathematics and Computer Science

Contributors

K. Liang Cyber Security - EEMCS (supervisor 1)
Marco Zuniga Embedded Systems - EEMCS (supervisor 2)
Faculty
Electrical Engineering, Mathematics and Computer Science
Copyright: © 2022 Rohan Deshamudre
More Info
expand_more

Published Date

28-01-2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Abstract

Smart contracts allow for the collaboration and transaction processes between multiple parties/organisations to be automated and conducted in a neutral environment. In many situations these agreements are confidential and running a smart contract that contains private/sensitive information on a public blockchain network which is transparent and shares data with all nodes is not a sensible method of execution. With the use of hyperledger fabric which is a private and permissioned network merged with Intel SGX trusted execution environments, a feasible solution can be proposed to tackle this problem.

This paper first analyses some of the security issues faced by smart contracts on hyperledger fabric, compares the current solutions for blockchain based e-auction systems and discusses security measures such as encryption, attestation and combination with different trusted hardware modules.

The second part proposes a solution to combine Intel SGX trusted hardware with a e-auctions fabric smart contract, discusses the architecture and step by step implementation of a prototype, explains the security enhancements of this method by comparing just hyperledger vs the new method, and lastly outlines the limitations and future extensions. This solution mitigates many vulnerabilities by isolating execution of chaincode with sensitive data in a TEE and minimizing the trusted computing base to reduce latency and overhead.