Download presentation
Presentation is loading. Please wait.
1
SBLWT: A Secure Blockchain Lightweight Wallet Based on Trustzone
Source : IEEE Access, Vol. 6, pp , July 2018 Authors : Weiqi Dai, Jun Deng, Qinyuan Wang, Changze Cui, Deqing Zou, and Hai Jin Speaker : Fengyu Chiu Date : 2019/1/3 中國武漢(華中科技大學 )
2
Outline Introduction Preliminaries Proposed scheme Security analysis
Performance analysis Conclusions
3
Introduction(1/2) Hardware-based wallet Digital currency
Software-based wallet simplied payment verication (SPV) wallet Stagefright MMS(Multimedia Messaging Service)
4
Block header merkle root
Introduction(2/2) SPV Transaction Hash Detail information Merkle route Tx-hash SPV node Full node 0.從網絡上獲取並保存最長鏈的所有block header至本地; 1.計算該交易的hash值tx_hash; 2.定位到包含該tx_hash所在的區塊,驗證block header是否包含在已知的最長鏈中; 3.從區塊中獲取構建merkle tree所需的hash值; 4.根據這些hash值計算merkle_root_hash; 5 .若計算結果與block header中的merkle_root_hash相等,則交易真實存在。 6.根據該block header所處的位置,確定該交易已經得到多少個確認。 Merkle root = ? Block header merkle root
5
Preliminaries –Blockchain(1/3)
$10 Book Amanda Bob Decentralization Immutability 5
6
Preliminaries –Blockchain and merkle tree(2/3)
Block header Block header Block header Timestamp Prev hash Nonce Merkle root Timestamp Prev hash Nonce Merkle root Prev hash Nonce Merkle root Timestamp Hash 01 Hash 23 Hash 0 Hash 1 Hash 2 Hash 3 Tx0 Tx1 Tx2 Tx3
7
Preliminaries –Trustzone(3/3)
7
8
Proposed scheme – Framework of SBLWT
9
Proposed scheme – Secure booting
Normal Execution Environment Secure Execution Environment Normal bootloader Secure OS boot Integrity Normal OS boot Flash Device bootloader SBLWT System running ROM SOC bootloader Device power on
10
Proposed scheme – Reliable switching
NMI (Non-Maskable Interrupt) Secure Execution Environment Secure OS SBLWT Secure storage Normal Execution Environment Rich OS NMI Non-secure storage Encrypted Block headers , private key and address
11
Proposed scheme – Secure keys and reliable addresses
Private key Secp256k1 Public key Attackers Double hash Address The hash of Public key Base58Check 0, O, I, l, +, /
12
Proposed scheme – Secure sync and verification
13
Proposed scheme – Secure sync and verification
14
Security analysis Secure booting Information leakage Secure booting
Integrity SBLWT Secure booting Information leakage Secure booting DOS attack NMI
15
Performance analysis(1/3)
Operations Times 1 Environment switching 1.7 us 2 read(1KB) 2 ms 3 write(1KB) 12 ms 4 SBLWB check 1.54 ms 5 Information cleanup 0.521 ms Module lines 1 prikey generate 543 2 Address generate 309 3 sync 1037 4 verification 559 The detail TCB of SBLWT Some overheads of SBLWT
16
Performance analysis(2/3)
SHA-256 speed comparision
17
Performance analysis(3/3)
Normal SPV wallet SBLWT start 1.387 s 1.443 s verification 2.283 ms 3.137 ms SBLWT’s start and verify overhead comparision
18
Conclusions Trustzone Confidentiality and integrity
Similar presentations
