https://community.intel.com/t5/Intel-Software-Guard-Extensions/Question-about-Monotonic-Counter-on-hard-disk-clone-replay/m-p/1133365#M1964 <P>The value of the monotonic counter is stored in the management engine (ME), not the hard disk drive. It is thus not affected by hard disk clone attacks.</P> <P>You may also be interested in this paper that offers some stronger security guarantees:</P> <P><A href="https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_strackx.pdf">https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_strackx.pdf</A></P> <P>(full disclosure: this is my work :) )</P> Fri, 23 Jun 2017 08:03:29 GMT Raoul 2017-06-23T08:03:29Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Question-about-Monotonic-Counter-on-hard-disk-clone-replay/m-p/1133364#M1963 <P>Hi,</P> <P>Currently I am working on&nbsp;Monotonic Counter.&nbsp; From "<STRONG>Intel SGX SDK Developer Reference for Windows OS.pdf</STRONG>", I noticed that&nbsp;Monotonic Counter can defend&nbsp;Replay Attack by compare the saved previous counter value and current value of&nbsp;Monotonic Counter.</P> <P>However, it seems the&nbsp;&nbsp;Monotonic Counter value is exists in non-volatile memory or sealed data. In this way, it seems&nbsp;Monotonic Counter can't defend&nbsp;hard-disk-clone-replay attack. By "hard-disk-clone-replay attack", I mean in <STRONG>Enterprise&nbsp;Rights Management </STRONG>(<STRONG>ERM</STRONG>) type usages, the attacker first clone the disk (including sealed data since it also on the disk) and then replace the disk once the attacker has reached the max-time to read the protected secret document.</P> <P>Does&nbsp;&nbsp;Monotonic Counter help under this kind of attack? I think the key question is whether we can save information in the CPU even after reboot or not.</P> <P>Thank you,<BR /> Chao</P> Thu, 22 Jun 2017 18:16:24 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Question-about-Monotonic-Counter-on-hard-disk-clone-replay/m-p/1133364#M1963 chaoshun_z_ 2017-06-22T18:16:24Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Question-about-Monotonic-Counter-on-hard-disk-clone-replay/m-p/1133365#M1964 <P>The value of the monotonic counter is stored in the management engine (ME), not the hard disk drive. It is thus not affected by hard disk clone attacks.</P> <P>You may also be interested in this paper that offers some stronger security guarantees:</P> <P><A href="https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_strackx.pdf">https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_strackx.pdf</A></P> <P>(full disclosure: this is my work :) )</P> Fri, 23 Jun 2017 08:03:29 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Question-about-Monotonic-Counter-on-hard-disk-clone-replay/m-p/1133365#M1964 Raoul 2017-06-23T08:03:29Z https://community.intel.com/t5/Intel-Software-Guard-Extensions/Question-about-Monotonic-Counter-on-hard-disk-clone-replay/m-p/1133366#M1965 <P>@<A href="https://software.intel.com/en-us/user/504462"><U><FONT color="#0066cc">Raoul</FONT></U></A>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ​Thank you, that's really helpful. I am reading your paper, cool stuff !&nbsp;</P> Tue, 27 Jun 2017 17:10:34 GMT https://community.intel.com/t5/Intel-Software-Guard-Extensions/Question-about-Monotonic-Counter-on-hard-disk-clone-replay/m-p/1133366#M1965 chaoshun_z_ 2017-06-27T17:10:34Z