An Embedded-Assisted Secret Inspection Scheme in Untrusted Host Environments
摘要
To address the privacy leakage risks and the challenges posed by untrusted host environments in sensitive keyword retrieval within confidential settings, this paper proposes an embedded confidential computing scheme based on the USB Gadget driver framework. Utilizing a NanoPi R5S development board to construct a physically isolated confidential computing environment, the scheme employs a customized USB Mass Storage Gadget driver to facilitate interaction with the host. This architecture effectively migrates retrieval computation tasks from the high-risk user host to a trusted embedded device, ensuring that data decryption and matching are performed exclusively within the isolated environment. In terms of security mechanisms, a three-way handshake protocol based on the SM4 algorithm and timestamps is designed to achieve mutual authentication between the USB Key and the embedded device, providing robustness against replay attacks. Furthermore, the scheme integrates the SM9 algorithm for end-to-end key exchange, guaranteeing the confidentiality of data transmission. Security analysis and experimental results demonstrate that the proposed scheme effectively defends against threats such as Man-in-the-Middle (MitM) attacks while maintaining system overhead within an acceptable range, thereby providing a secure and efficient solution for classified data inspection.