- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey everyone, I am currently reading up on SGX and wondering about remote attestation.
Let us consider, we have 2 different applications, whereby each has an enclave and they are remote.
Enclave A and enclave B want to perform remote attestation. Let's take the following protocol:
1) A => B: QUOTE{pkA}
2) B => A: QUOTE{pkB}
pkA and pkB are public keys and each enclave has the corresponding secret key.
My question is now:
We have a MitM attacker, who intercepts whose QUOTE messages. Is the attacker able to read out the public keys or are they somehow encrypted?
Regards
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi:
In remote attestation scenario, before sent MSG3 which contains SGX quote we have already established a protected channel though a sigma liked protocol. And actually there is no pk in quote data structure. Only a signature contained in it.
typedef struct _quote_t { uint16_t version; //2 byte uint16_t sign_type; //2 byte sgx_epid_group_id_t epid_group_id; //4 byte sgx_isv_svn_t qe_svn; //2 byte sgx_isv_svn_t pce_svn; //2 byte uint32 xeid; //4byte sgx_basename_t basename; //32 byte sgx_report_body_t report_body; uint32_t signature_len; uint8_t signature[]; } sgx_quote_t;
typedef struct _report_body_t { sgx_cpu_svn_t cpu_svn; /* ( 0) Security Version of the CPU */ sgx_misc_select_t misc_select; /* ( 16) Which fields defined in SSA.MISC */ uint8_t reserved1[28]; /* ( 20) */ sgx_attributes_t attributes; /* ( 48) Any special Capabilities the Enclave possess */ sgx_measurement_t mr_enclave; /* ( 64) The value of the enclave's ENCLAVE measurement */ uint8_t reserved2[32]; /* ( 96) */ sgx_measurement_t mr_signer; /* (128) The value of the enclave's SIGNER measurement */ uint8_t reserved3[96]; /* (160) */ sgx_prod_id_t isv_prod_id; /* (256) Product ID of the Enclave */ sgx_isv_svn_t isv_svn; /* (258) Security Version of the Enclave */ uint8_t reserved4[60]; /* (260) */ sgx_report_data_t report_data; /* (320) 64 byte Data provided by the user */ } sgx_report_body_t;
Regards
you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey, if I understand your answer correct, this means, that the quote is sent through a protected channel and therefore it would be not possible to read the quote in cleartext by a third party, am I right?
You are right, the data structure does not contain a pk. I picked this writing to indicate that a party is using the data field report_data in the _report_body_t structure. I should have mentioned that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Varky:
Yes, It's impossible for a third party to read the quote.
Kind Regards
you
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page