research-article

ProximiTEE: Hardened SGX Attestation by Proximity Verification

Authors:

Kari Kostiainen,

Srdjan CapkunAuthors Info & Claims

CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

Pages 5 - 16

https://doi.org/10.1145/3374664.3375726

Published: 16 March 2020 Publication History

Abstract

Intel SGX enables protected enclaves on untrusted computing platforms. An important part of SGX is its remote attestation mechanism that allows a remote verifier to check that the expected enclave was correctly initialized before provisioning secrets to it. However, SGX attestation is vulnerable to relay attacks where the attacker, using malicious software on the target platform, redirects the attestation and therefore the provisioning of confidential data to a platform that he physically controls. Although relay attacks have been known for a long time, their consequences have not been carefully examined. In this paper, we analyze relay attacks and show that redirection increases the adversary's abilities to compromise the enclave in several ways, enabling for instance physical and digital side-channel attacks that would not be otherwise possible.

We propose ProximiTEE, a novel solution to prevent relay attacks. Our solution is based on a trusted embedded device that is attached to the target platform. Our device verifies the proximity of the attested enclave, thus allowing attestation to the intended enclave regardless of malicious software, such as a compromised OS, on the target platform. The device also performs periodic proximity verification which enables secure enclave revocation by detaching the device. Although proximity verification has been proposed as a defense against relay attacks before, this paper is the first to experimentally demonstrate that it can be secure and reliable for TEEs like SGX. Additionally, we consider a stronger adversary that has obtained leaked SGX attestation keys and emulates an enclave on the target platform. To address such emulation attacks, we propose a second solution where the target platform is securely initialized by booting it from the attached embedded device.

References

[1]

2018. Tiny Core Linux, Micro Core Linux, 12MB Linux GUI Desktop, Live, Frugal, Extendable. https://distro.ibiblio.org/tinycorelinux/.

[2]

Sachin Agarwal. 2018. Public Cloud Inter-region Network Latency as Heat-maps. http://tiny.cc/vvbvbz

[3]

A. Ahmad et al. 2019. OBFSCURO: A Commodity Obfuscation Engine on Intel SGX. NDSS'19.

[4]

Inc. Algo-Logic Systems. 2019. Low Latency PCIe Solutions for FPGA. https://www.algo-logic.com/sites/default/files/PCIe.pdf.

[5]

Stefan Brands and David Chaum. 1993. Distance-Bounding Protocols. In EUROCRYPT '93.

[6]

V. Costan and S. Devadas. 2016. Intel SGX Explained. Cryptology ePrint Archive, Report 2016/086.

[7]

Fergus Dall et al. 2018. Cachequote: Efficiently recovering long-term secrets of SGX EPID via cache attacks. TCHES 2018, 2 (2018).

[8]

Ferdinand Brasser et al. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In USENIX WOOT'17.

[9]

Jo Van Bulck et al. 2018. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In USENIX Security'18.

[10]

Russell A. Fink et al. 2011. Catching the Cuckoo: Verifying TPM Proximity Using a Quote Timing Side-Channel. In Trust and Trustworthy Computing.

[11]

Karine Gandolfi et al. 2001. Electromagnetic analysis: Concrete results. In CHES'01.

[12]

Daniel Genkin et al. 2016. Physical key extraction attacks on PCs. Commun. ACM 59, 6 (2016).

[13]

Johannes Götzfried et al. 2017. Cache attacks on Intel SGX. In EuroSec'17.

[14]

Simon Johnson and Intel. 2017. Intel SGX: EPID Provisioning and Attestation Services. http://tiny.cc/6nbvbz.

[15]

Paul et al. Kocher. 2019. Spectre Attacks: Exploiting Speculative Execution. In S&P'19.

[16]

Sangho et al. Lee. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In USENIX Security'17.

[17]

ARM Limited. [n. d.]. SSL Library mbed TLS / PolarSSL. https://tls.mbed.org/

[18]

Moritz Lipp et al. 2018. Meltdown: Reading Kernel Memory from User Space. USENIX Security'18.

[19]

Jiuxing Liu et al. and Chandrasekaran. 2003. Performance comparison of MPI implementations over InfiniBand, Myrinet and Quadrics. In SC'03.

[20]

Sinisa Matetic ET AL. 2017. ROTE: Rollback Protection for Trusted Execution. In USENIX Security'17.

[21]

Jonathan M McCune et al. 2008. Flicker: An execution infrastructure for TCB minimization. In ACM SIGOPS Operating Systems Review.

Digital Library

[22]

Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. 2017. Cachezoom: How SGX amplifies the power of cache attacks. In CHES'17.

[23]

Bryan Parno. 2008. Bootstrapping Trust in a Trusted Platform. In HotSec'08.

[24]

Ashay Rane et al. 2015. Raccoon: Closing Digital Side-Channels through Obfuscated Execution. In USENIX Security'15.

[25]

Sajin Sasy et al. 2017. ZeroTrace: Oblivious memory primitives from Intel SGX. In NDSS'17.

[26]

Vinnie Scarlata et al. 2018. Supporting Third Party Attestation for Intel SGX with Intel Data Center Attestation Primitives. http://tiny.cc/oxbvbz.

[27]

Felix Schuster et al. 2015. VC3: Trustworthy data analytics in the cloud using SGX. In S&P'15.

[28]

Michael Schwarz et al. 2019. ZombieLoad: Cross-Privilege-Boundary Data Sampling. arXiv:1905.05726 (2019).

[29]

Adi Shamir and Eran Tromer. 2004. Acoustic cryptanalysis. presentation available from http://www. wisdom. weizmann. ac. il/ tromer (2004).

[30]

Zhenghong Wang and Ruby B Lee. 2006. Covert and side channels due to processor architecture. In ACSAC'06.

Digital Library

[31]

Dan Wendlandt et al. 2008. Perspectives: Improving SSH-style Host Authentication with Multi-path Probing. In USENIX ATC'08.

[32]

Yuanzhong et al. Xu. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In S&P'15.

[33]

Zhangkai Zhang et al. 2017. Presence Attestation: The Missing Link in Dynamic Trust Bootstrapping. In CCS'17.

Cited By

Paju AJaved MNurmi JSavimäki JMcGillion BBrumley B(2023)SoK: A Systematic Review of TEE Usage for Developing Trusted ApplicationsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600169(1-15)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600169
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Gregor FKrahn RQuoc DFetzer C(2023)SinClaveProceedings of the 24th International Middleware Conference10.1145/3590140.3629107(85-97)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629107
Show More Cited By

Index Terms

ProximiTEE: Hardened SGX Attestation by Proximity Verification
1. Security and privacy
  1. Software and application security

Recommendations

D-ward: source-end defense against distributed denial-of-service attacks
Detecting Insider Theft of Trade Secrets

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
Abstract
Side-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '20: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy

March 2020

392 pages

ISBN:9781450371070

DOI:10.1145/3374664

General Chairs:
Vassil Roussev
University of New Orleans, USA
,
Bhavani Thuraisingham
University of Texas at Dallas, USA
,
Program Chairs:
Barbara Carminati
University of Insubria, Italy
,
Murat Kantarcioglu
University of Texas at Dallas, USA

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 March 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Paper

Qualifiers

Research-article

Conference

CODASPY '20

Sponsor:

SIGSAC

CODASPY '20: Tenth ACM Conference on Data and Application Security and Privacy

March 16 - 18, 2020

LA, New Orleans, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
323
Total Downloads

Downloads (Last 12 months)39
Downloads (Last 6 weeks)4

Reflects downloads up to 16 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Paju AJaved MNurmi JSavimäki JMcGillion BBrumley B(2023)SoK: A Systematic Review of TEE Usage for Developing Trusted ApplicationsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600169(1-15)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600169
Will NMaziero C(2023)Intel Software Guard Extensions Applications: A SurveyACM Computing Surveys10.1145/359302155:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593021
Gregor FKrahn RQuoc DFetzer C(2023)SinClaveProceedings of the 24th International Middleware Conference10.1145/3590140.3629107(85-97)Online publication date: 27-Nov-2023
https://dl.acm.org/doi/10.1145/3590140.3629107
Usman ACole NAsplund MBoeira FVestlund CGupta MAbdelsalam MNobi M(2023)Remote Attestation Assurance Arguments for Trusted Execution EnvironmentsProceedings of the 2023 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems10.1145/3579988.3585056(33-42)Online publication date: 26-Apr-2023
https://dl.acm.org/doi/10.1145/3579988.3585056
Subramanyan BHollum AMazzeo GFicke MVaydia D(2023)Enabling Trusted TEE-as-a-Service Models with Privacy Preserving Automatons2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom)10.1109/CloudCom59040.2023.00048(252-260)Online publication date: 4-Dec-2023
https://doi.org/10.1109/CloudCom59040.2023.00048
Bae YBanerjee SLee SPeinado M(2022)Spacelord: Private and Secure Smart Space SharingProceedings of the 38th Annual Computer Security Applications Conference10.1145/3564625.3564637(427-439)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1145/3564625.3564637
Ozga WFaqeh RQuoc DGregor FDragone SFetzer CHong JBures MPark JCerny T(2022)CHORSProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3506961(1626-1635)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3506961
Zhou LDing XZhang F(2022)Smile: Secure Memory Introspection for Live Enclave2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833714(386-401)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833714
Garg CMachiry AContinella AKruegel CVigna GPöpper CVanhoef MBatina LMayrhofer R(2021)Toward a secure crowdsourced location tracking systemProceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3448300.3467821(311-322)Online publication date: 28-Jun-2021
https://dl.acm.org/doi/10.1145/3448300.3467821
da Rocha MValadares DPerkusich AGorgonio KPagno RWill N(2021)Trusted Client-Side Encryption for Cloud StorageCloud Computing and Services Science10.1007/978-3-030-72369-9_1(1-24)Online publication date: 23-Mar-2021
https://doi.org/10.1007/978-3-030-72369-9_1
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten