- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Currently I am working on Monotonic Counter. From "Intel SGX SDK Developer Reference for Windows OS.pdf", I noticed that Monotonic Counter can defend Replay Attack by compare the saved previous counter value and current value of Monotonic Counter.
However, it seems the Monotonic Counter value is exists in non-volatile memory or sealed data. In this way, it seems Monotonic Counter can't defend hard-disk-clone-replay attack. By "hard-disk-clone-replay attack", I mean in Enterprise Rights Management (ERM) type usages, the attacker first clone the disk (including sealed data since it also on the disk) and then replace the disk once the attacker has reached the max-time to read the protected secret document.
Does Monotonic Counter help under this kind of attack? I think the key question is whether we can save information in the CPU even after reboot or not.
Thank you,
Chao
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The value of the monotonic counter is stored in the management engine (ME), not the hard disk drive. It is thus not affected by hard disk clone attacks.
You may also be interested in this paper that offers some stronger security guarantees:
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_strackx.pdf
(full disclosure: this is my work :) )
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The value of the monotonic counter is stored in the management engine (ME), not the hard disk drive. It is thus not affected by hard disk clone attacks.
You may also be interested in this paper that offers some stronger security guarantees:
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_strackx.pdf
(full disclosure: this is my work :) )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page