Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1452 Discussions

Is Ga redundant in Msg3 of remote attestation?

Dokmai__Natnatee
Beginner
‎01-14-2020 01:50 AM
395 Views
According to the explanation in https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attestation-end-to-end-example, Ga and SHA-256(Ga || Gb || VK) (in the report data as a part of Quote) are both included and signed by SMK in Msg3. My question is, why would Ga be necessary to include in Msg3? Wouldn't SHA-256(Ga || Gb || VK) already provide integrity for Ga?
0 Kudos

Link Copied

2 Replies
Rodolfo_S_
New Contributor III
‎01-22-2020 05:19 AM
395 Views

Hi there,

I don't think that Ga is redundant. The reasoning is that you cannot obtain Ga from the hash and verify if it is still the same Ga as in previous messages.
Moreover, in a scenario where you are attesting multiple enclaves, how would you verify if the hash is valid (iterate over all possible Ga's)?

Regards,
Rodolfo

0 Kudos
Copy link
Dokmai__Natnatee
Beginner
‎01-22-2020 06:28 AM
395 Views

Hell Rodolfo,

Ga is already sent to SP in Msg1. Sending it again doesn't help prevent a MITM attack because an active adversary can change both Msg1 and Msg3. If multiple enclaves are to be attested, then the entire flow needs to be started from the beginning, meaning a new Msg1 and Ga will be received by SP for every attestation instance. Therefore, there isn't really a problem obtaining a hash for Ga.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.