30 research outputs found
Composite Enclaves: Towards Disaggregated Trusted Execution
The ever-rising computation demand is forcing the move from the CPU to
heterogeneous specialized hardware, which is readily available across modern
datacenters through disaggregated infrastructure. On the other hand, trusted
execution environments (TEEs), one of the most promising recent developments in
hardware security, can only protect code confined in the CPU, limiting TEEs'
potential and applicability to a handful of applications. We observe that the
TEEs' hardware trusted computing base (TCB) is fixed at design time, which in
practice leads to using untrusted software to employ peripherals in TEEs. Based
on this observation, we propose \emph{composite enclaves} with a configurable
hardware and software TCB, allowing enclaves access to multiple computing and
IO resources. Finally, we present two case studies of composite enclaves: i) an
FPGA platform based on RISC-V Keystone connected to emulated peripherals and
sensors, and ii) a large-scale accelerator. These case studies showcase a
flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a
low-performance overhead (only around 220 additional cycles for a context
switch), thus demonstrating the feasibility of our approach and showing that it
can work with a wide range of specialized hardware
Snappy: Fast On-chain Payments with Practical Collaterals
Permissionless blockchains offer many advantages but also have significant
limitations including high latency. This prevents their use in important
scenarios such as retail payments, where merchants should approve payments
fast. Prior works have attempted to mitigate this problem by moving
transactions off the chain. However, such Layer-2 solutions have their own
problems: payment channels require a separate deposit towards each merchant and
thus significant locked-in funds from customers; payment hubs require very
large operator deposits that depend on the number of customers; and side-chains
require trusted validators.
In this paper, we propose Snappy, a novel solution that enables recipients,
like merchants, to safely accept fast payments. In Snappy, all payments are on
the chain, while small customer collaterals and moderate merchant collaterals
act as payment guarantees. Besides receiving payments, merchants also act as
statekeepers who collectively track and approve incoming payments using
majority voting. In case of a double-spending attack, the victim merchant can
recover lost funds either from the collateral of the malicious customer or a
colluding statekeeper (merchant). Snappy overcomes the main problems of
previous solutions: a single customer collateral can be used to shop with many
merchants; merchant collaterals are independent of the number of customers; and
validators do not have to be trusted. Our Ethereum prototype shows that safe,
fast (<2 seconds) and cheap payments are possible on existing blockchains.Comment: Network and Distributed Systems Security (NDSS) Symposium 2020, 23-26
February 2020, San Diego, CA, US
Dedicated Security Chips in the Age of Secure Enclaves
Secure enclave architectures have become prevalent in modern CPUs and enclaves provide a flexible way to implement various hardware-assisted security services. But special-purpose security chips can still have advantages. Interestingly, dedicated security chips can also assist enclaves and improve their security
ProximiTEE: Hardened SGX Attestation by Proximity Verification
Intel SGX enables protected enclaves on untrusted computing platforms. An important part of SGX is its remote attestation mechanism that allows a remote verifier to check that the expected enclave was correctly initialized before provisioning secrets to it. However, SGX attestation is vulnerable to relay attacks where the attacker, using malicious software on the target platform, redirects the attestation and therefore the provisioning of confidential data to a platform that he physically controls. Although relay attacks have been known for a long time, their consequences have not been carefully examined. In this paper, we analyze relay attacks and show that redirection increases the adversary\u27s abilities to compromise the enclave in several ways, enabling for instance physical and digital side-channel attacks that would not be otherwise possible. %We also explain why commonly suggested solutions like trust on first use (TOFU) are inadequate to prevent relay attacks.
We propose ProximiTEE, a novel solution to prevent relay attacks. Our solution is based on a trusted embedded device that is attached to the target platform. Our device verifies the proximity of the attested enclave, thus allowing attestation to the intended enclave regardless of malicious software, such as a compromised OS, on the target platform. The device also performs periodic proximity verification which enables secure enclave revocation by detaching the device. Although proximity verification has been proposed as a defense against relay attacks before, this paper is the first to experimentally demonstrate that it can be secure and reliable for TEEs like SGX. Additionally, we consider a stronger adversary that has obtained leaked SGX attestation keys and emulates an enclave on the target platform. To address such emulation attacks, we propose a second solution where the target platform is securely initialized by booting it from the attached embedded device