Page 312 - Kaleidoscope Academic Conference Proceedings 2024
P. 312
2024 ITU Kaleidoscope Academic Conference
data transmission, this paper proposes a solution including computing nodes, securing data transmission under dynamic
confidential computing, blockchain, and high-speed conditions, and ensuring the fidelity of cross-domain data
encryption. The solution covers the life cycle of data content. This aims to safeguard the entire security and
transmission from the east region to the west region, starting trustworthiness of computing nodes and network
from the certification of scaled computing devices, transmission. .
establishing a trustworthy environment for heterogeneous
High-Speed Encryption
Figure 1 - End-to-end Trustworthy Scheme Architecture
data, providing data verification function, and
The scheme mainly consists of the Trusted Collaboration completing the security audit of the data circulation
Layer, Trusted Support Layer, Trusted Service Layer, and path.
Trusted Application Layer. The architecture of the scheme is
shown in Figure 1. The overall design of the scheme is as l High-Speed Encryption: To mitigate the data
follows: transfer efficiency and the encryption performance,
our scheme proposes a hardware-accelerated high-
Resource Scheduling Layer: This layer performs resource speed encryption algorithm for large files, which
operations and orchestration management, to manage the reduces the overall system latency.
CNC infrastructure. The infrastructure management aims at
two key asset elements of CNC, which are data and devices, Trusted Application Layer: This layer includes
ensuring the security of data circulation and device applications such as resource identification and resource
trustworthy. scheduling, which calls for the capabilities on the Trusted
Service Layer.
Trusted Support Layer: This layer fits the infrastructure
for the corresponding blockchain functionality. The 3. INTEGRATED SECURITY CAPABILITIES
blockchain records the allocation information of computing
tasks and resources. The consensus algorithms verify devices, The key security capabilities of the scheme are implemented
data content, and status. The smart contracts automate the by the Trusted Service Layer, modularly encapsulating the
scheduling of computing tasks and resource allocation. Trusted Identification, Trusted Computing, Trusted
Verification, and High-Speed Encryption into four
Trusted Service Layer: This layer is the core capability components. These components form a security service
layer of the scheme, consisting of Trusted Identification, resource pool, which can be flexibly selected according to
Trusted Computing, Trusted Verification, and High-Speed different resource scheduling business scenarios, providing a
Encryption. one-stop security service.
l Trusted Identification: Measuring the computing 3.1 Trusted Identification
devices under the node as the basic unit, issuing
DID identity to each computing device to form an The computing devices are usually located in different data
asset trusted management system for computing centers. The security authentication and effective integration
devices. of these large-scale, distributed, heterogeneous computing
devices are the prerequisites of computing power allocation.
l Trusted Computing: Utilizing TEE [2] to achieve The security foundation of the device access, environmental
trusted isolation, constructing a secure network perception, data tracking, and permission management
defense network, and ensuring the trustworthiness processes relies on the uniqueness, consistency, and anti-
of the node computing environment. counterfeiting of device identities.
l Trusted Verification: Leveraging blockchain Asset-trusted identification technology utilizes blockchain's
signature technology to achieve trusted marking of tamper-proof distributed ledger technology to provide
– 268 –
