Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1447 Discussions

How long should we trust an attestation verification report?

Warren_H_
Beginner
616 Views

From https://software.intel.com/en-us/articles/intel-software-guard-extensions-product-licensing-faq :

... multiple attestations may occur in DRM- or transaction-based applications. Such applications will likely implement a periodic attestation challenge to client machines when they refresh encryption and licensing keys.

What would be a good period for refreshing the revocation list, quote, and attestation verification report? We'd definitely want to refresh so that we can pick up new revocation lists and check for up-to-date platform services.

0 Kudos
3 Replies
Hoang_N_Intel
Employee
616 Views

There is no fixed interval guideline that I know of. But you should take at least these values into consideration: the frequency of microcode/firmware update, the number of issued critical security patches, the possibility of key compromise, and the valid duration of the certificate used in the remote attestation.

0 Kudos
Hoang_N_Intel
Employee
616 Views

This white paper of TCB Recovery at https://software.intel.com/sites/default/files/managed/01/7b/Intel-SGX-Trusted-Computing-Base-Recovery.pdf has the section of "frequency policy" for attestation that may be of your interest.

0 Kudos
Warren_H_
Beginner
616 Views

Thanks, great reference. For other readers, here's an excerpt, emphasis added:

The frequency policy must require an Intel SGX enabled client application to successfully
complete an attestation flow after a given length of time had elapsed (days, weeks, months,
etc.). This period is arbitrary, and should be based on the organization’s risk tolerance for the
compromise of sensitive data due to a vulnerability on an out of date platform. For
organizations with low risk tolerance (e.g., Banking), the attestation frequency policy might be
once per day or once per week. Organizations with higher risk tolerance may define a
frequency policy of once every 180 days. A typical frequency policy is once every 30 days.
Frequency policy implementation is a time-to-live policy for any sensitive data provisioned to
an Intel SGX client application after at least one successful attestation has been completed. In
short, the sensitive data is valid only for a specific period of time before expiration, and re-
attestation is required to provision a new set of data.

0 Kudos
Reply