Paper 2017/736
SGX Remote Attestation is not Sufficient
Yogesh Swami
Abstract
Intel SGX enclaves provide hardware enforced confidentiality and integrity guarantees for running pure computations (\ie, OS-level side-effect-free code) in the cloud environment. In addition, SGX remote attestation enables enclaves to prove that a claimed enclave is indeed running inside a genuine SGX hardware and not some (adversary controlled) SGX simulator. Since cryptographic protocols do not compose well, especially when run concurrently, SGX remote attestation is only a necessary pre-condition for securely instantiating an enclave. In practice, one needs to analyze all the different interacting enclaves as a \textit{single protocol} and make sure that no sub-computation of the protocol can be simulated outside of the enclave. In this paper we describe protocol design problems under (a) sequential-composition, (b) concurrent-composition, and (c) enclave state malleability that must be taken into account while designing new enclaves. We analyze Intel provided EPID \textsf{Provisioning} and \textsf{Quoting} enclave and report our (largely positive) findings. We also provide details about how SGX uses EPID Group Signatures and report (largely negative) results about claimed anonymity guarantees.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Published elsewhere. Minor revision. BlackHat'17
- Contact author(s)
- yogesh swami @ gmail com
- History
- 2017-08-01: received
- Short URL
- https://ia.cr/2017/736
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/736, author = {Yogesh Swami}, title = {{SGX} Remote Attestation is not Sufficient}, howpublished = {Cryptology {ePrint} Archive, Paper 2017/736}, year = {2017}, url = {https://eprint.iacr.org/2017/736} }