Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1546 Diskussionen

Question about remote attestation

Varky__Jacek
Einsteiger
‎01-13-2018 06:28 AM
1.338Aufrufe

Hey everyone, I am currently reading up on SGX and wondering about remote attestation.

Let us consider, we have 2 different applications, whereby each has an enclave and they are remote.

Enclave A and enclave B want to perform remote attestation. Let's take the following protocol:
1) A => B: QUOTE{pkA}
2) B => A: QUOTE{pkB}
pkand pkB are public keys and each enclave has the corresponding secret key.

My question is now:
We have a MitM attacker, who intercepts whose QUOTE messages. Is the attacker able to read out the public keys or are they somehow encrypted?

Regards

 

0 Kudos

Link kopiert

3 Antworten
you_w_
Neuer Beitragender III
‎01-15-2018 05:49 PM
1.338Aufrufe

Hi:

In remote attestation scenario, before sent  MSG3 which contains SGX quote we have already established a protected channel though a sigma liked  protocol. And actually there is no pk in quote data structure.  Only a signature contained in it.

typedef struct _quote_t
{
	uint16_t version; //2 byte
	uint16_t sign_type; //2 byte
	sgx_epid_group_id_t epid_group_id;  //4 byte
	sgx_isv_svn_t qe_svn; //2 byte
	sgx_isv_svn_t pce_svn; //2 byte
	uint32 xeid; //4byte
	sgx_basename_t basename; //32 byte
	sgx_report_body_t report_body;
	uint32_t signature_len;
	uint8_t signature[];
} sgx_quote_t;
typedef struct _report_body_t
{
	sgx_cpu_svn_t cpu_svn; /* ( 0) Security Version of the CPU */
	sgx_misc_select_t misc_select; /* ( 16) Which fields defined in SSA.MISC */
	uint8_t reserved1[28]; /* ( 20) */
	sgx_attributes_t attributes; /* ( 48) Any special Capabilities the Enclave possess */
	sgx_measurement_t mr_enclave; /* ( 64) The value of the enclave's ENCLAVE measurement */
	uint8_t reserved2[32]; /* ( 96) */
	sgx_measurement_t mr_signer; /* (128) The value of the enclave's SIGNER measurement */
	uint8_t reserved3[96]; /* (160) */
	sgx_prod_id_t isv_prod_id; /* (256) Product ID of the Enclave */
	sgx_isv_svn_t isv_svn; /* (258) Security Version of the Enclave */
	uint8_t reserved4[60]; /* (260) */
	sgx_report_data_t report_data; /* (320) 64 byte Data provided by the user */ 
} sgx_report_body_t;

Regards 

you

0 Kudos
Link kopieren
Varky__Jacek
Einsteiger
‎01-17-2018 07:34 AM
1.338Aufrufe

Hey, if I understand your answer correct, this means, that the quote is sent through a protected channel and therefore it would be not possible to read the quote in cleartext by a third party, am I right?

You are right, the data structure does not contain a pk. I picked this writing to indicate that a party is using the data field report_data in the _report_body_t structure. I should have mentioned that.

0 Kudos
Link kopieren
you_w_
Neuer Beitragender III
‎01-18-2018 10:35 PM
1.338Aufrufe

Hi Varky:

Yes, It's impossible for a third party to read the quote.

Kind Regards

you

0 Kudos
Link kopieren
Antworten

Community-Support wird von Montag bis Freitag angeboten. Andere Kontaktmethoden finden Sie hier.

Intel überprüft nicht alle Lösungen, darunter auch nicht alle Dateiübertragungen, die ggf. in der Community stattfinden. Dementsprechend lehnt Intel alle ausdrücklichen und stillschweigenden Garantien ab, einschließlich und ohne Einschränkung stillschweigender Garantien der Marktgängigkeit, der Eignung für einen bestimmten Zweck und der Nichtverletzung von Rechten sowie jeglicher Garantien, die sich aus der Ausführung, Bearbeitung oder handelsmäßigen Verwendung ergeben.

Vollständige Angaben zu Compiler-Optimierungen finden Sie in unseren Optimierungshinweis.