Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Attestation Key source entity?

francis_l_
Beginner
‎11-08-2016 08:35 AM
564 Views

Hi Intel!

With Regards to Remote Attestation:

As I understood the documentation so far, it revolves around the fact that client already has an Attestation Key. Which it will use to sign/create a QUOTE that will serve as a response to a challenge by a Challenger/Server...

 

Question is: Where did this Attestation Key come from? Is it already there in the Intel CPU out of the box like the Root Provisioning Key?

0 Kudos

Link Copied

3 Replies
Rodolfo_S_
New Contributor III
‎11-08-2016 10:08 AM
564 Views

Hi, Francis.

You can find the information about the EPID provisioning here: https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisioning-and-attestation-services

Cheers,

Rodolfo

0 Kudos
Copy link
francis_l_
Beginner
‎11-08-2016 12:36 PM
564 Views

Rodolfo S. wrote:

Hi, Francis.

You can find the information about the EPID provisioning here: https://software.intel.com/en-us/blogs/2016/03/09/intel-sgx-epid-provisi...

Cheers,

Rodolfo

 

Hi Rodolfo,

Thanks! It's getting a bit clearer now... Just a few more clarification to finish the big picture:

1) In "4.4.3 Message 3: Client Response" it mentioned that:
"...the provisioning enclave conducts the EPID blind join protocol with Intel, including the liveness challenge issued in message 2. At the completion of this protocol, the provisioning enclave will have a private EPID key, and Intel will not know what it is. "

So after proving its TCB to the Provisioning server, does this mean that the EPID/Attestation_Key won't travel along the wire, rather it is computed by the SGx client application itself?

 

2) In "4.4.4 Message 4: Server Completion":

What is then the "...the verification of the proof of platform TCB and the blind join are verified and the member’s key is certified..."?

I mean, since the client now has computed its own EPID, what is this data being sent in Message 4, what it will be used for making it security sensitive that a secured connection is needed for it?

0 Kudos
Copy link
jamason
Beginner
‎10-11-2017 07:04 AM
564 Views

Hi Rodolfo, ive got the same question as you..did you have a clearer answer about it now? thanks

Hi Rodolfo,

Thanks! It's getting a bit clearer now... Just a few more clarification to finish the big picture:

1) In "4.4.3 Message 3: Client Response" it mentioned that:
"...the provisioning enclave conducts the EPID blind join protocol with Intel, including the liveness challenge issued in message 2. At the completion of this protocol, the provisioning enclave will have a private EPID key, and Intel will not know what it is. "

So after proving its TCB to the Provisioning server, does this mean that the EPID/Attestation_Key won't travel along the wire, rather it is computed by the SGx client application itself?

 

2) In "4.4.4 Message 4: Server Completion":

What is then the "...the verification of the proof of platform TCB and the blind join are verified and the member’s key is certified..."?

I mean, since the client now has computed its own EPID, what is this data being sent in Message 4, what it will be used for making it security sensitive that a secured connection is needed for it?

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.