Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Is Ga redundant in Msg3 of remote attestation?

Dokmai__Natnatee
Beginner
230 Views
According to the explanation in https://software.intel.com/en-us/articles/code-sample-intel-software-guard-extensions-remote-attesta..., Ga and SHA-256(Ga || Gb || VK) (in the report data as a part of Quote) are both included and signed by SMK in Msg3. My question is, why would Ga be necessary to include in Msg3? Wouldn't SHA-256(Ga || Gb || VK) already provide integrity for Ga?
0 Kudos
2 Replies
Rodolfo_S_
New Contributor III
230 Views

Hi there,

I don't think that Ga is redundant. The reasoning is that you cannot obtain Ga from the hash and verify if it is still the same Ga as in previous messages.
Moreover, in a scenario where you are attesting multiple enclaves, how would you verify if the hash is valid (iterate over all possible Ga's)?

Regards,
Rodolfo

Dokmai__Natnatee
Beginner
230 Views

Hell Rodolfo,

Ga is already sent to SP in Msg1. Sending it again doesn't help prevent a MITM attack because an active adversary can change both Msg1 and Msg3. If multiple enclaves are to be attested, then the entire flow needs to be started from the beginning, meaning a new Msg1 and Ga will be received by SP for every attestation instance. Therefore, there isn't really a problem obtaining a hash for Ga.

Reply