Intel Software Guard Extensions

Similar documents
CIS 4360 Secure Computer Systems SGX

Sealing and Attestation in Intel Software Guard Extensions (SGX)

CLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.

Introduction to SGX (Software Guard Extensions) and SGX Virtualization. Kai Huang, Jun Nakajima (Speaker) July 12, 2017

TRUSTED COMPUTING TECHNOLOGIES

Recommendations for TEEP Support of Intel SGX Technology

Binding keys to programs using Intel SGX remote attestation

Intel Software Guard Extensions (Intel SGX)

A Comparison Study of Intel SGX and AMD Memory Encryption Technology

BUILDING SECURE (CLOUD) APPLICATIONS USING INTEL S SGX

Crypto Background & Concepts SGX Software Attestation

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

Intel Software Guard Extensions (Intel SGX) Developer Guide

ROTE: Rollback Protection for Trusted Execution

Attestation Service for Intel Software Guard Extensions (Intel SGX): API Documentation. Revision: 3.0

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

Intel SGX Virtualization

TPM v.s. Embedded Board. James Y

Connecting Securely to the Cloud

Security of Embedded Systems

Protecting Keys/Secrets in Network Automation Solutions. Dhananjay Pavgi, Tech Mahindra Ltd Srinivasa Addepalli, Intel

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Leveraging Intel SGX to Create a Nondisclosure Cryptographic library

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Isolating Operating System Components with Intel SGX

Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. Yuanzhong Xu, Weidong Cui, Marcus Peinado

Windows IoT Security. Jackie Chang Sr. Program Manager

Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software

Town Crier. Authenticated Data Feeds For Smart Contracts. CS5437 Lecture by Kyle Croman and Fan Zhang Mar 18, 2016

W11 Hyper-V security. Jesper Krogh.

Trustzone Security IP for IoT

How to protect Automotive systems with ARM Security Architecture

How I Learned to Stop Worrying and Love the Internet of Things

Lecture Secure, Trusted and Trustworthy Computing Introduction to SGX

SafeBricks: Shielding Network Functions in the Cloud

Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

The Security Challenges & Issues From SGX Practice

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing

Influential OS Research Security. Michael Raitza

Lecture Embedded System Security Introduction to Trusted Computing

Scotch: Combining Software Guard Extensions and System Management Mode to Monitor Cloud Resource Usage

Titan silicon root of trust for Google Cloud

Lecture Embedded System Security Trusted Platform Module

TRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Graphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij

Sanctum: Minimal HW Extensions for Strong SW Isolation

INF3510 Information Security Spring Lecture 4 Computer Security. University of Oslo Audun Jøsang

Maintaining the Anonymity of Direct Anonymous Attestation with Subverted Platforms MIT PRIMES Computer Science Conference October 13, 2018

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Massively Parallel Hardware Security Platform

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees

Embedded System Security Mobile Hardware Platform Security

INF3510 Information Security. Lecture 6: Computer Security. Universitetet i Oslo Audun Jøsang

Embedded System Security Mobile Hardware Platform Security

Security in NVMe Enterprise SSDs

How Shielded VMs Protect Your Data

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

TERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004

HAROLD BAELE MICROSOFT CLOUD TECHNICAL CONSULTANT MICROSOFT CERTIFIED TRAINER. New protection capabilities in Windows Server 2016

Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin

Operating System Security

Eleos: Exit-Less OS Services for SGX Enclaves

Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services

Trusted Mobile Platform Technology for Secure Terminals

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

OVAL + The Trusted Platform Module

The next step in IT security after Snowden

9 GENERATION INTEL CORE DESKTOP PROCESSORS

Intel, OpenStack, & Trust in the Open Cloud. Intel Introduction

Technical Brief Distributed Trusted Computing

A TRUSTED STORAGE SYSTEM FOR THE CLOUD

Encryption and Sealing for Data Processing in Clouds

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

Trusted computing. Aurélien Francillon Secappdev 24/02/2015


Flicker: An Execution Infrastructure for TCB Minimization

Intel Software Guard Extensions (SGX) SW Development Guidance for Potential Bounds Check Bypass (CVE ) Side Channel Exploits.

Security Fundamentals

Intel Security Dev API 1.0 Production Release

Revolutioni W zi h Wn e hgn e n F a Mi i s liu lsir u e ro e Cri I ti s Ic N al o t V A e n ri n O fi p c ti a o ti n oo

Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM)

Platform Configuration Registers

Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data


Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Unicorn: Two- Factor Attestation for Data Security

Lecture Embedded System Security Introduction to Trusted Computing

HP Sure Start Gen3. Table of contents. Available on HP Elite products equipped with 7th generation Intel Core TM processors September 2017

SECURE OFFICE OF THE FUTURE

Trusted Virtual Domains: Towards Trustworthy Distributed Services. Ahmad-Reza Sadeghi System Security Lab Ruhr-Universität Bochum

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware

Lecture 44 Blockchain Security I (Overview)

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

Transcription:

Intel Software Guard Extensions Dr. Matthias Hahn, Intel Deutschland GmbH July 12 th 2017 cryptovision Mindshare, Gelsenkirchen

Intel SGX Making Headlines Premium Content requiring Intel SGX on PC Intel SGX is enabling companies to deliver security technologies that span the enterprise spectrum 2

Intel SGX Analogy: Safe in Hotel Room Hotel Safe Space for only few (sensitive) items Secure even in a catastrophic event IT Secure data in Trusted Execution Environment (TEE) Intel SGX = TEE 3

Intel Software Guard Extensions (SGX) New HW instructions (Intel 6th Gen Core onward) Run code & protect secrets in Trusted Execution Environment (TEE) Prevent HW attacks (memory, bus, cold boot, ) Prevent SW attacks (Ring 0, BIOS, VMM, SMM, ) Support HW Assisted Remote Attestation Measure and verify valid code and data signatures Apps run within OS environment Familiar development and debug tools Low learning curve for developers 4

Why Aren t Platforms Trustworthy? Protected Mode (rings) protects OS from apps App App OK Protected Mode OS 5

Why Aren t Platforms Trustworthy? Protected Mode (rings) protects OS from apps App App OK Protected Mode OS and apps from each other 6

Why Aren t Platforms Trustworthy? Protected Mode (rings) protects OS from apps App Malicious App OK Protected Mode Bad Code OS Attack OS attack and apps from each other UNTIL a malicious app exploits an OS flaw to gain full privileges and then tampers with the OS or other apps 7

Why Aren t Platforms Trustworthy? Protected Mode (rings) protects OS from apps App Malicious App OK Protected Mode Bad Code OS Attack OS attack and apps from each other UNTIL a malicious app exploits an OS flaw to gain full privileges and then tampers with the OS or other apps Applications are not protected from privileged code attacks 8

Allowing App Developers to Secure Code & Data Intel SGX provides safe place for code and data in the application Enclave(s) App Malicious App OK Protected Mode Bad Code OS Attack OS attack Undetected malicious software cannot access secrets Secrets protected from bad actors with access to the platform Need a safe as well as guards 9

Protection Against Memory Snooping Attacks CPU Package Cores Cache System Memory 10

Protection Against Memory Snooping Attacks CPU Package Cores 1. Security perimeter is the CPU package boundary Cache AMEX: 3234-134584- 26864 System Memory 11

Protection Against Memory Snooping Attacks CPU Package Cores AMEX: 3234-134584- 26864 Cache System Memory 1. Security perimeter is the CPU package boundary 2. Data and code unencrypted inside CPU package 12

Protection Against Memory Snooping Attacks CPU Package Cores Cache AMEX: 3234- AMEX: 134584-3234- 26864 134584-26864 System Memory Jco3lks937weu0cwejpoi9987v80we 1. Security perimeter is the CPU package boundary 2. Data and code unencrypted inside CPU package 3. Data and code outside CPU package is encrypted and integrity checked 13

Protection Against Memory Snooping Attacks CPU Package Cores Cache AMEX: 3234- AMEX: 134584-3234- 26864 134584-26864 System Memory Jco3lks937weu0cwejpoi9987v80we Snoop 1. Security perimeter is the CPU package boundary 2. Data and code unencrypted inside CPU package 3. Data and code outside CPU package is encrypted and integrity checked 4. External memory reads and bus snoops see only encrypted data Snoop 14

Attesting and Provisioning Sensitive Data Why trust client app and share data? Remote Attestation (RA) Remote Attestation has 2 verification aspects: ISV Server verifies that the ISV client enclaves are genuine Intel Attestation Service (IAS) verifies the TCB s validity and authenticity Verification success ISV Server may trust the client and provision sensitive data 15

Data Sealing Intel SGX allows to seal an enclave secret using a processor derived key EGETKEY instruction HW Key Derivation Function generates a seal key which is Unique to the platform Unique to enclave ID (MRENCLAVE) OR the developer of the enclave (MRSIGNER) Unique to enclave loaded in Debuggable OR Production mode Secrets once encrypted with seal key can be safely stored to disk Sealed data cannot be decrypted on another platform 16

Usage Models Usage Model 1 (Client) Protect IP (Data, Execution ) from disclosure or modification Usage Model 2 (End to End) Deliver app from server to endpoint Maintain IP protection standards determined by the point of service Usage Model 3 (Datacenter) Prove that datacenter has no ability to observe or tamper with app IP has not permitted other applications to do so 17

Use Case for Intel SGX: Securing Biometric Data and Matching Algorithm Intel SGX default Sensor Sensor Biometric Data Biometric Data Tokenization Match Enclave (SGX) Matching Algorithm and Biometric Template (User-specific) LOCAL Identity Assertion (User-specific) REMOTE TLS/SSL Session Match (Y/N) LOCAL Matching Algorithm REMOTE TLS/SSL Session Identity Assertion (User-specific) Match (Y/N) Biometric Template (User-specific) Authentication Response Authentication Response 18

Summary Intel Software Guard Extensions (SGX) Provide applications ability to keep a secret Capability provided by new HW instructions Provide confidentiality and integrity Resists HW & SW attacks Applications run within the OS environment Low learning curve for application developers 19

Intel Software Guard Extensions Dr. Matthias Hahn, Intel Deutschland GmbH July 12 2017 cryptovision Mindsphere, Gelsenkirchen

Additional Information Intel Developer Zone Intel SGX Landing Zone: http://software.intel.com/sgx Intel SGX SDK for Windows: http://software.intel.com/sgx-sdk Articles and Whitepapers https://software.intel.com/en-us/search/site/field_technology/software-guardextensions-43865/type/article Blogs https://software.intel.com/en-us/search/site/field_technology/software-guardextensions-43865/type/blog 22

Intel SGX Software Stack Intel SGX SDK Intel SGX Application Tools & Extensions Untrusted Part Untrusted Libs Enter/Exit Enclave Trusted Libs Trusted Libraries Documentation Reference Applications Enclave Loader Intel SGX Platform SW Intel Provided Trusted Services

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave 1. Enclave built & measured 24

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave Intel 1. Enclave built & measured 2. Enclave requests REPORT (HW-signed blob including enclave identity information) 25

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave Intel 1. Enclave built & measured 2. Enclave requests REPORT (HW-signed blob including enclave identity information) 3. REPORT sent to server & verified 26

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave 1. Enclave built & measured 2. Enclave requests REPORT (HW-signed blob including enclave identity information) 3. REPORT sent to server & verified 27

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave 1. Enclave built & measured 2. Enclave requests REPORT (HW-signed including enclave identity information) 3. REPORT sent to server & verified 28

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave Authenticated Channel 1. Enclave built & measured 2. Enclave requests REPORT (HW-signed blob including enclave identity information) 3. REPORT sent to server & verified 4. Application Key sent to enclave; first secret can be securely provisioned 29

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave Authenticated Channel 1. Enclave built & measured 2. Enclave requests REPORT (HW-signed blob including enclave identity information) 3. REPORT sent to server & verified 4. Application Key sent to enclave; first secret can be securely provisioned 30

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave Authenticated Channel 1. Enclave built & measured 2. Enclave requests REPORT (HW-signed blob including enclave identity information) 3. REPORT sent to server & verified 4. Application Key sent to enclave; first secret can be securely provisioned 5. Enclave-platform-specific Sealing Key generated (EGETKEY) 31

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave Authenticated Channel 1. Enclave built & measured 2. Enclave requests REPORT (HW-signed blob including enclave identity information) 3. REPORT sent to server & verified 4. Application Key sent to enclave; first secret can be securely provisioned 5. Enclave-platform-specific Sealing Key generated (EGETKEY) 6. Application Key encrypted via Sealing Key & stored for later (offline) use 32

Attestation and Sealing Client Application Service Provider Intel Attestation Service Enclave Authenticated Channel 1. Enclave built & measured 2. Enclave requests REPORT (HW-signed blob including enclave identity information) 3. REPORT sent to server & verified 4. Application Key sent to enclave; first secret can be securely provisioned 5. Enclave-platform-specific Sealing Key generated (EGETKEY) 6. Application Key encrypted via Sealing Key & stored for later (offline) use 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback