<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Quote:Prabu Rajathirumoni in Intel® Software Guard Extensions (Intel® SGX)</title>
    <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111665#M1333</link>
    <description>&lt;P&gt;&lt;/P&gt;&lt;BLOCKQUOTE&gt;Prabu Rajathirumoni wrote:&lt;BR /&gt;&lt;P&gt;&lt;/P&gt;

&lt;P&gt;case 1: After generating old report, if there was any change in TCB, Enclave B fails to authenticate.It's because the Enclave B may consider that report generated by Enclave A might be old or not from valid TCB.&lt;/P&gt;

&lt;P&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;/P&gt;

&lt;P&gt;What parts are counted as TCB here?&lt;/P&gt;

&lt;P&gt;&lt;/P&gt;&lt;BLOCKQUOTE&gt;Prabu Rajathirumoni wrote:&lt;BR /&gt;&lt;P&gt;&lt;/P&gt;

&lt;P&gt;case 2 : After the generation of report, there is no change in TCB of the platform, then Enclave B can authenticate successfully.&lt;BR /&gt;
	But even in this case, the secret information like keys can't be leaked to malware application.Here report authentication happens within&lt;BR /&gt;
	enclave(trusted zone).So there is no chance of accomplising the benefit of replay attack.&lt;/P&gt;

&lt;P&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;BR /&gt;
	&lt;BR /&gt;
	Sure signing keys cannot be leaked. But I am thinking of a scenario where Enclave A has been corrupted and the malicious application A would like to get Quoting Enclave (say Enclave B) to attest the report of Enclave A.&amp;nbsp; Now application A might be able to launch replay attack and get Enclave B to sign an old valid report of A. This may have&amp;nbsp; some implications in the remote attestation where the ISV can now be fooled into thinking that Enclave A might be running right software.&lt;BR /&gt;
	&lt;BR /&gt;
	Thanks&lt;BR /&gt;
	&amp;nbsp;&lt;P&gt;&lt;/P&gt;</description>
    <pubDate>Tue, 07 Mar 2017 13:09:00 GMT</pubDate>
    <dc:creator>AB_</dc:creator>
    <dc:date>2017-03-07T13:09:00Z</dc:date>
    <item>
      <title>Intra-Platform Attestation</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111663#M1331</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;

&lt;P&gt;Reading from the &lt;A href="https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing" target="_blank"&gt;https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing&lt;/A&gt;, Section 3.1 Intra-Platform Attestation, Figure 3,&amp;nbsp; in step 2, if application A behaves adversely and launches a replay attack by sending a previously (i.e., say launched at some point in history) valid report of Enclave A, can Enclave B still attest that report? If not, what prevents it from successfully attesting it?&lt;/P&gt;

&lt;P&gt;Anitha&lt;/P&gt;</description>
      <pubDate>Mon, 06 Mar 2017 14:54:00 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111663#M1331</guid>
      <dc:creator>AB_</dc:creator>
      <dc:date>2017-03-06T14:54:00Z</dc:date>
    </item>
    <item>
      <title>If the Enclave A performs</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111664#M1332</link>
      <description>&lt;P&gt;If the Enclave A performs replay attack with the old report that was launched at some point in history, there is a chance for Enclave B&lt;BR /&gt;
	to successfully auntheticate Enclave A's report.&lt;/P&gt;

&lt;P&gt;case 1: After generating old report, if there was any change in TCB, Enclave B fails to authenticate.It's because the Enclave B may consider that report generated by Enclave A might be old or not from valid TCB.&lt;/P&gt;

&lt;P&gt;case 2 : After the generation of report, there is no change in TCB of the platform, then Enclave B can authenticate successfully.&lt;BR /&gt;
	But even in this case, the secret information like keys can't be leaked to malware application.Here report authentication happens within&lt;BR /&gt;
	enclave(trusted zone).So there is no chance of accomplising the benefit of replay attack.&lt;/P&gt;</description>
      <pubDate>Tue, 07 Mar 2017 11:30:30 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111664#M1332</guid>
      <dc:creator>Prabu_R_Intel</dc:creator>
      <dc:date>2017-03-07T11:30:30Z</dc:date>
    </item>
    <item>
      <title>Quote:Prabu Rajathirumoni</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111665#M1333</link>
      <description>&lt;P&gt;&lt;/P&gt;&lt;BLOCKQUOTE&gt;Prabu Rajathirumoni wrote:&lt;BR /&gt;&lt;P&gt;&lt;/P&gt;

&lt;P&gt;case 1: After generating old report, if there was any change in TCB, Enclave B fails to authenticate.It's because the Enclave B may consider that report generated by Enclave A might be old or not from valid TCB.&lt;/P&gt;

&lt;P&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;/P&gt;

&lt;P&gt;What parts are counted as TCB here?&lt;/P&gt;

&lt;P&gt;&lt;/P&gt;&lt;BLOCKQUOTE&gt;Prabu Rajathirumoni wrote:&lt;BR /&gt;&lt;P&gt;&lt;/P&gt;

&lt;P&gt;case 2 : After the generation of report, there is no change in TCB of the platform, then Enclave B can authenticate successfully.&lt;BR /&gt;
	But even in this case, the secret information like keys can't be leaked to malware application.Here report authentication happens within&lt;BR /&gt;
	enclave(trusted zone).So there is no chance of accomplising the benefit of replay attack.&lt;/P&gt;

&lt;P&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;BR /&gt;
	&lt;BR /&gt;
	Sure signing keys cannot be leaked. But I am thinking of a scenario where Enclave A has been corrupted and the malicious application A would like to get Quoting Enclave (say Enclave B) to attest the report of Enclave A.&amp;nbsp; Now application A might be able to launch replay attack and get Enclave B to sign an old valid report of A. This may have&amp;nbsp; some implications in the remote attestation where the ISV can now be fooled into thinking that Enclave A might be running right software.&lt;BR /&gt;
	&lt;BR /&gt;
	Thanks&lt;BR /&gt;
	&amp;nbsp;&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 07 Mar 2017 13:09:00 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111665#M1333</guid>
      <dc:creator>AB_</dc:creator>
      <dc:date>2017-03-07T13:09:00Z</dc:date>
    </item>
    <item>
      <title>What parts are counted as TCB</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111666#M1334</link>
      <description>&lt;P&gt;What parts are counted as TCB here?&lt;/P&gt;

&lt;P&gt;TCB stands for Trusted Computing Base. It corresponds to the software and hardware component that helps to build the protected region.&lt;/P&gt;

&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Wed, 08 Mar 2017 11:31:46 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111666#M1334</guid>
      <dc:creator>Prabu_R_Intel</dc:creator>
      <dc:date>2017-03-08T11:31:46Z</dc:date>
    </item>
    <item>
      <title>Quote:Prabu Rajathirumoni</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111667#M1335</link>
      <description>&lt;P&gt;&lt;/P&gt;&lt;BLOCKQUOTE&gt;Prabu Rajathirumoni wrote:&lt;BR /&gt;&lt;P&gt;&lt;/P&gt;

&lt;P&gt;What parts are counted as TCB here?&lt;/P&gt;

&lt;P&gt;TCB stands for Trusted Computing Base. It corresponds to the software and hardware component that helps to build the protected region.&lt;/P&gt;

&lt;P&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;BR /&gt;
	&lt;BR /&gt;
	Sure, I meant to ask what exactly counts as TCB. Perhaps I will be more explicit. Suppose an enclave A was launched with program p (binary) at some point, say yesterday. If I launch an enclave today with the same program p (same binary as well), on the same machine, and say there is a change in TCB. Since I am using the same hardware, what exactly does attribute to the change in the TCB?&lt;P&gt;&lt;/P&gt;</description>
      <pubDate>Wed, 08 Mar 2017 19:57:00 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111667#M1335</guid>
      <dc:creator>AB_</dc:creator>
      <dc:date>2017-03-08T19:57:00Z</dc:date>
    </item>
    <item>
      <title>Even though the same binary</title>
      <link>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111668#M1336</link>
      <description>&lt;P&gt;Even though the same binary and same hardware&amp;nbsp;are used at different point of time in the same system, there is a chance of change in other TCB components like BIOS version, run time component provided by PSW package.&lt;/P&gt;</description>
      <pubDate>Thu, 09 Mar 2017 10:47:47 GMT</pubDate>
      <guid>https://community.intel.com/t5/Intel-Software-Guard-Extensions/Intra-Platform-Attestation/m-p/1111668#M1336</guid>
      <dc:creator>Prabu_R_Intel</dc:creator>
      <dc:date>2017-03-09T10:47:47Z</dc:date>
    </item>
  </channel>
</rss>

