Hi,
Currently I am working on Monotonic Counter. From "Intel SGX SDK Developer Reference for Windows OS.pdf", I noticed that Monotonic Counter can defend Replay Attack by compare the saved previous counter value and current value of Monotonic Counter.
However, it seems the Monotonic Counter value is exists in non-volatile memory or sealed data. In this way, it seems Monotonic Counter can't defend hard-disk-clone-replay attack. By "hard-disk-clone-replay attack", I mean in Enterprise Rights Management (ERM) type usages, the attacker first clone the disk (including sealed data since it also on the disk) and then replace the disk once the attacker has reached the max-time to read the protected secret document.
Does Monotonic Counter help under this kind of attack? I think the key question is whether we can save information in the CPU even after reboot or not.
Thank you,
Chao
Link Copied
The value of the monotonic counter is stored in the management engine (ME), not the hard disk drive. It is thus not affected by hard disk clone attacks.
You may also be interested in this paper that offers some stronger security guarantees:
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_strackx.pdf
(full disclosure: this is my work :) )
The value of the monotonic counter is stored in the management engine (ME), not the hard disk drive. It is thus not affected by hard disk clone attacks.
You may also be interested in this paper that offers some stronger security guarantees:
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_strackx.pdf
(full disclosure: this is my work :) )
@Raoul Thank you, that's really helpful. I am reading your paper, cool stuff !
For more complete information about compiler optimizations, see our Optimization Notice.