Page 313 - Kaleidoscope Academic Conference Proceedings 2024
P. 313
Innovation and Digital Transformation for a Sustainable World
trusted asset identity management. Through smart contracts, The capability for secure computing within the Trusted
it manages the computing resources data throughout its Service Layer is realized by the node's TEE key management
entire lifecycle, establishing a complete and trustworthy system function.
asset management system.
The TEE key management system employs the hardware-
The specific implementation involves combining the supported TEE technology to provide hardware security
blockchain's trusted identity management approach with the isolation. Combining with encryption algorithms, the system
existing W3C-standard decentralized identity (DID) [3] offers a reliable key management method, and ensures the
system as shown in Figure 2. reliability and integrity of keys. This establishes an effective
node identity authentication and authorization mechanism,
including permission control, audit tracking, and other
functions, to prevent unauthorized access and use, ensuring
the security of the internal operating environment of nodes.
1) Trusted Execution Environment (TEE)
The Trusted Execution Environment (TEE) serves as a
crucial component deployed in various nodes of the resource
scheduling system, including computing, storage, and
network nodes. TEE ensures the secure isolation of the
storage and the use of keys, by allocating independent
computing and storage spaces in CPU and memory. It also
provides API interfaces for applications to call, achieving
Figure 2 - Schematic Diagram of DID Trusted Asset secure system communication, data transfer, and transaction
Identification protection.
Within the resource scheduling system, admission 2) Key Management Module
certification access points are established as professional
security identity audit and issuance institutions. The issuer The key management module provides centralized control
issues a verifiable statement of DID identity and Verifiable and key management for nodes. This module is deployed
Claims to the connected device nodes and users. Accessing within TEE section, execute key functions such as key
devices, nodes, etc., through a unique, unified trusted generation, distribution, storage, accessing, updating, and
identity verification, encodes and marks information for each revocation. The management working flow is as shown in
data circulation, operation, and flow, building a unified and Figure 3. Through secure key management systems on
cross-system data identity marker. This facilitates the initial various nodes, it performs operations like identity
screening of data sources and permission management of verification and encrypted communication, building an
nodes. intrusion protection network to ensure the security and
reliability of the entire system.
Compared to traditional identity management systems,
trusted identification possesses the decentralized
characteristics of blockchain. The identity of each user is not
controlled by a trusted third party but by its owner, allowing
individuals to manage their own identities autonomously. By
using Verifiable Credentials (VC) and Verifiable Poofs (VP),
the authentication process does not depend on the application
provider offering the identity, avoiding the concentration of
identity data in a single centralized authoritative institution Figure 3 - Key Management Based on TEE
and preventing identity data leakage and attack risks.
3.3 Trusted Verification
3.2 Trusted Computing
The diversification of data cross-domain flow paths leads to
The implementation of the resource scheduling system relies a significant increase in risk exposure, with the transmission
on the computing within nodes and the transmission between process facing threats of tampering and distortion. The
nodes. The trusted computing of nodes is the source of data authenticity of content requires secure and trustworthy
security. Attackers infiltrating nodes to steal data being means of protection. This scheme utilizes blockchain
computed, stored, or transited on devices, or gaining control technology to encode and mark important files and data
of devices to masquerade as secure nodes and wait for information, building cross-system and cross-node data
opportunities to damage the system, pose significant circulation marking capabilities and authentication
challenges to internal security. capabilities, achieving controllable and perceivable data
management.
– 269 –
