Presented at
Black Hat USA 2017,
July 27, 2017, 11 a.m.
(50 minutes).
In this paper, we argue that SGX Remote Attestation provided by Intel is not sufficient to guarantee confidentiality and integrity for running unmodified applications in the cloud. In particular, we demonstrate cases where:<br><ul><li>A dishonest service provider instantiates both a valid enclave running on real hardware, as well as the same enclave running in a software simulator in parallel, is always able to respond correctly to Remote Attestation queries, all the while running the enclave inside a software simulator with full access to enclave's internal state.</li><li>A dishonest service provider rewinds the "enclave's tape" and replays computation even though the data is encrypted with platform specific seal-keys. This is a form of replay attack.</li><li>A dishonest service provider runs multiple instances of the same enclave in parallel and launches chosen cipher-text attacks on the protocol.</li></ul><br>This talk will also discuss the details about Remote Attestation mechanism:<br><ul><li>What keys are embedded inside each SGX hardware, and what's the protocol for providing proof of knowledge? Are these protocols zero-knowledge, as claimed by Intel?</li><li>How the EPID's zero-knowledge proof of knowledge works, what anonymity guarantees it provides, and can it be replaced with other simpler schemes where platform anonymity is not a concern.</li><li>What key-exchanges take place between Intel Attestation Service, Software Vendor's own service, Intel Provided Platform Enclaves (e.g., launch enclave, etc.), and the enclave itself.</li></ul><br>
Presenters:
-
Yogesh Swami
- Principal Engineer/Security Architect, Cryptography Research, Rambus
Yogesh Swami is a Principal Engineer/Security Architect at Cryptography Research, a Division of Rambus. Yogesh is passionate about all aspects of Cryptography---from it's theoretical foundations to its practical usage---and leads a team that builds HSM-based Crypto-tools for provisioning hardware root of trust in SoCs.
Yogesh has 15 years of experience analyzing Provably Secure (i.e, reductionist) protocols and takes great pride in keeping up with theoretical aspects of Cryptography and understanding its practical implications for building secure systems.
Links:
Similar Presentations: