- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm looking into the sample code shipped with the SGX windows sdk as well as the user guide document.
It seems that the last step of attestation is service provider receiving and verifying MSG3 which includes the REPORT_DATA generated by the quoting enclave.
I'm wondering, how could a service provider verify that the REPORT is actually generated by the quoting enclave, but not some fake report generated by some malware. I know that the report should be signed by the quoting enclave using hardware based EPID, but how could the service provider get the public key corresponding to the EPID?
In the sample code, it used a simulated Intel attestation service (IAS). Should the verification mentioned above done by IAS? Is the IAS a mandatory component of remote attestation framework?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Shivani,
Here’s how the message flow works starting at MSG2:
Client receives MSG2 from the Service Provider
MSG2 = gb || SPID || QUOTETYPE || SigSP(gb,ga) || CMACSMK(gb || SPID || QUOTETYPE || SigSP(gb,ga)) || SigRL
Where || is concatenation.
What this boils down to is MSG2 is constructed from this data:
gb (the random data from the server) || SPID || QUOTETYPE || SigSP(gb,ga) followed by a CMAC of that data, followed by the revocation list.
Client processes MSG2 and generates MSG3
MSG3 = CMAC(SMKCMAC, M) || M
Where M = ga || PS_SECURITY_PROPERTY || QUOTE
So what is happening here is that MSG3 is a CMAC of ( the CMAC from MSG2 || M ) followed by M. It’s the CMAC from MSG2 that includes the random data generated by the server.
Thanks and Regards,
Surenthar Selvaraj
Link Copied
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Kuppusamy,
I've tried the sample code shipped with the SGX SDK. The sample "remote attestation" project is not interacting with IAS. The sample code project only demonstrated necessary steps of the remote attestation, but it did not execute all the steps in the real.
e.g., a code snippet of service_provider.cpp in the RemoateAttestation project is like this:
// Check to see if we have registered with the IAS yet? if(!g_is_sp_registered) { do { // @IAS_Q: What are the sp credentials? // @IAS_Q: What is in the authentication token // In the product, the SP will establish a mutually // authenticated SSL channel. The authentication token is // based on this channel. // @TODO: Convert this call to a 'network' send/receive // once the IAS server is a vaialable. ret = ias_enroll(g_sp_credentials, &g_spid, &g_authentication_token); if(0 != ret) { ret = SP_IAS_FAILED; break; } // IAS may support registering the Enclave Trust Policy. // Just leave a place holder here // @IAS_Q: What needs to be sent to the IAS with the policy // that identifies the SP? // ret = ias_register_enclave_policy(g_enclave_policy, // g_authentication_token); // if(0 != ret) // { // break; // } g_is_sp_registered = true; break; } while(0); }
the function ias_enroll() is not doing anything in the sample code. It is just a... sample. Also, in the body of function "ias_get_sigrl", it is said that "we should try to get sig_rl from IAS, but right now we will just skip it until the IAS backend is ready." Now, given that Intel IAS is online, how should we modify these sample functions so that they can really work but not just return a "SUCCESS"?
I've read the the "Intel Attestation Service API" white paper but I still feel that there lacks the source code level support. More specifically, section 2.3 in the white paper says that "Intel Attestation Service accepts connections protected by TLS 1.2 at minimum. IAS will drop any incoming connections utilizing SSL protocol in any version (widely considered as insecure at the moment)." So, how should I make a correct "connection request"? I have some experience programming with windows socket in C, but I have no experience with HTTP services and protocols. I've googled with "TLS, connection, c++, HTTP etc." After several days of struggling, I still cannot get things to work, I still can't get any response from https://test-as.sgx.trustedservices.intel.com:443.
Would somebody point out what should I do now? Any code snippet or link of some tutorial would help a lot
Sincerely,
Sijie
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kuppusamy R. (Intel) wrote:
Hi Luis,
Spec details of Intel® Attestation Service API document https://software.intel.com/sites/default/files/managed/3d/c8/IAS_1_0_API_spec_1_1_Final.pdf
Thanks,
Kuppusamy.R
This is indeed helpful. I didn't come across it anywhere else. Can you guys disclose more info regarding IAS? E.g. the exact procedure for registration.
Thanks!
Fan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sijie,
We have a code sample that is nearing release. It should be ready soon (weeks, not months).
Thanks,
Kuppusamy.R
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Fan,
For testing remote attestation, Sandbox is available for testing purpose Goto : https://software.intel.com/formfill/sgx-onboarding
This link is available from the SGX landing zone (software.intel.com/sgx). Go to “Resource Library” and then select “Access Development Services” from the sidebar.
Thanks,
Kuppusamy.R
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Kuppusamy,
I saw your previous post, said that you are going to release some new sample codes related to the attestation process few weeks ago. Just want to know that when you plan to release the new sample codes, and where we can access them.
Thanks,
Chen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chenghong,
New sample codes will be release at the end of June' 2016
Thanks,
Kuppusamy.R
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
In the RemoteAttestation, message 3 is generated by the sgx_ra_proc_msg2(), but I'm confused about how is nonce, which is provided by the service provider as challenge, incorporated in the generation of QUOTE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Shivani,
Here’s how the message flow works starting at MSG2:
Client receives MSG2 from the Service Provider
MSG2 = gb || SPID || QUOTETYPE || SigSP(gb,ga) || CMACSMK(gb || SPID || QUOTETYPE || SigSP(gb,ga)) || SigRL
Where || is concatenation.
What this boils down to is MSG2 is constructed from this data:
gb (the random data from the server) || SPID || QUOTETYPE || SigSP(gb,ga) followed by a CMAC of that data, followed by the revocation list.
Client processes MSG2 and generates MSG3
MSG3 = CMAC(SMKCMAC, M) || M
Where M = ga || PS_SECURITY_PROPERTY || QUOTE
So what is happening here is that MSG3 is a CMAC of ( the CMAC from MSG2 || M ) followed by M. It’s the CMAC from MSG2 that includes the random data generated by the server.
Thanks and Regards,
Surenthar Selvaraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Surenthar
But I'm still confused about what is the challenge sent by the service provider at the begin used for. Isn't it the nonce ? How and where is it used?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Shivani,
There is the initial “challenge” issued by the Remote Attestation service at the start of a connection. This occurs when the client connects to the remote service because it wants to access something that the server has—maybe a movie, a user’s bank account information, etc.—and the server “challenges” the client to prove that it is a legitimate SGX application. The “challenge” in this context just means that the server is telling the client “please attest so that I can determine whether or not I trust you”. This happens before Remote Attestation begins.
Then, there is a “liveness challenge” sent in message 2, which is a nonce. This nonce is so that a client can’t replay a previous response to message 2 back to the server as message 3. It has to generate a new message 3 because the nonce forces the signatures in message 2 to be different each time it is generated. It’s referred to as a “liveness challenge” because the point is to ensure that the client response is “live”, not pre-recorded.
Thanks,
Kuppusamy.R
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Since sample crypto library provided in Remote Attestation Sample code cannot be used in production code, does that mean we need to implement crypto library ourself? Is there any crypto library available that can be linked as static library in service provider code and be used in Remote attestation. We cannot use sgx_tcrypto.h at service provider side ( which does not have enclave) ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sivani,
The Intel® Software Guard Extensions Evaluation SDK includes a trusted cryptography library named sgx_tcrypto. It includes the cryptographic functions used by other trusted libraries included in the SDK, such as the sgx_tservice library. Thus, the functionality provided by this library might be somewhat limited. If you need additional cryptographic functionality, you would have to develop your own trusted cryptographic library.
Thanks and Regards,
Surenthar Selvaraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Surenthar
I understand the functionality is limited in sgx_tcrypto, but can it be used on service provider side which does not have intel sgx enabled hardware?
Thank You
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Shivani,
No, sgx_tcrypto can't be used on service provider side which does not have intel SGX enabled Hardware.
sgx_tcrypt is trusted library and its part of Intel SGX SDK
Thanks and Regards,
Surenthar Selvaraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Remote Attestation sample now live
-Surenthar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kuppusamy R. (Intel) wrote:
Then, there is a “liveness challenge” sent in message 2, which is a nonce. This nonce is so that a client can’t replay a previous response to message 2 back to the server as message 3. ...
Do you know in which field the nonce is? In sgx_ra_msg2_t i cant see a field with a nonce!?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Please refer the latest Remote attestation code https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-end-example for your reference.
-Surenthar
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- « Previous
-
- 1
- 2
- Next »