Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Question about one typical SGX usage scenario

Irene__GP
Beginner
397 Views

Dear all,

I am a newbie to SGX and would like to use this feature to secure our https communication. Am I thinking to develop and launch the following scenario, but not sure whether it is indeed feasible, or whether SGX is supposed to be used in this way. 

1. developed a Windows/Linux application, which leverages the SGX supported OpenSSL or WolfSSL.

2. distribute the compiled binary applications to *untrusted* users.

3. Following the standard way, the applications communicates with the server and generates a symmetric secret before communication through https.

4. To protect the generated symmetric secret, I would like to put it in the enclave for security purpose. 

Is SGX supposed to be used in this way? Any suggestion and advice would be strongly appreciated, thank you!

0 Kudos
1 Reply
Surenthar_S_Intel
397 Views

Hi,

Yes. You can develop the secure communication using SGX

1. developed a Windows/Linux application, which leverages the SGX supported OpenSSL or WolfSSL.

2. distribute the compiled binary applications to *untrusted* users.

  • You can distribute the binary applications to other users that has SGX support platform

3. Following the standard way, the applications communicates with the server and generates a symmetric secret before communication through https.

  • Use Remote Attestation to Communicate with Server

4. To protect the generated symmetric secret, I would like to put it in the enclave for security purpose. 

  • Use ​Sealing Process

-Surenthar

 

0 Kudos
Reply