Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Do Intel SGX processor use any Criptographic method to make data secure?

Muthumanickam_V_
Beginner
‎11-24-2016 10:38 AM
458 Views


1. When there are instructions passed between the Enclave memory and the CPU, is there any encryption and  decryption logic involved in between Enclave and CPU?

2. Can I create a windows service using SGX. What will be the issues if I use the SGX developed service in an non SGX machine?


3. In case If I have to send a secured messages from one windows service to the other windows service with in a machine, Would Intel SGX be useful? Basically I am looking to secure my messages that are passed between services.

Regards,
Muthu

0 Kudos

Link Copied

2 Replies
PadmaPriya_M_Intel
Employee
‎11-25-2016 04:34 AM
458 Views

Hi,

1. When there are instructions passed between the Enclave memory and the CPU, is there any encryption and  decryption logic involved in between Enclave and CPU?
The instructions are encrypted while passing it to CPU and it is decrypted inside the CPU cache. The enclave memory is encrypted using industry-standard encryption algorithms with replay protection.

• Tapping the memory or connecting the DRAM modules to another system will only give access to encrypted data.

• The memory encryption key changes every power cycle randomly (for example, boot/sleep/hibernate). The key is stored within the CPU and is not accessible.

2. Can I create a windows service using SGX.

SGX doesn’t supports Windows services 

0 Kudos
Copy link
Francisco_C_Intel
Employee
‎11-28-2016 07:22 AM
458 Views

I wanted to clarify

>3. In case If I have to send a secured messages from one windows service to the other windows service with in a machine, Would Intel SGX be useful? Basically I am looking to secure my messages that are passed between services.

>SGX doesn’t supports Windows services 

Although you cannot create a Windows service inside an enclave, you can write a Windows service that loads an enclave. A different Windows service could load the same or a different enclave. Those two enclaves could then perform local attestation and talk to each other.

I believe this would meet your requirements.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.