Trusted Execution Environment With Rollback Protection for Smart Contract-Based IoT Data Trading

Blockchain uses smart contract technology to automate the execution of Internet of Things (IoT) data trading and facilitate the flow and application of IoT data. The verifiability of the blockchain system requires data to be open and transparent. Directly using smart contracts for IoT data trading may expose sensitive data generated by IoT devices, thereby increasing the risk of data leakage and abuse. The trusted execution environment represented by software guard extension (SGX) provides new ideas for trusted execution of IoT data trading based on smart contracts. SGXs is a set of hardware security enhancement technologies launched by Intel, which aims to protect the execution of sensitive data and code through the hardware isolation and security encryption capabilities provided by the processor. However, we found that due to SGX's lack of a checksum mechanism for the execution state of smart contracts, a rollback attack can lead to errors when the account state of IoT data trading is replayed. To address the above issues, we propose a trusted execution environment for IoT data trading with rollback protection. First, we design a freshness checking mechanism for the execution state of IoT data trading contracts for rollback protection. In addition, we propose a "chain-of-trust"-based authentication model to realize trust metrics and remote proofs for the proposed trusted execution environment for IoT data trading. Finally, we then provide a formal security analysis and comprehensive performance evaluation.