Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

SGX enclaves

Sam5
New Contributor I
1,275 Views

Hi,

Are there any guarantees for freshness of sealed data? In other words, rollback attack, where a malicious OS tries to roll the state of the enclave back to some earlier point in time: e.g., checkpoint the saved state, run the enclave for a while, then possibly restore back to the checkpoint. Can SGX code defend against such rollback attacks? If so, how?

-Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
1,275 Views

Hi Sam,

The CPU does not directly provide such protection, but you can rely on the monotonic counter and the trusted time features of the ME to achieve it. They can be used to limit the duration for which a secret is valid (trusted time) and prevent replay attacks (monotonic counter). I would point them at the developer reference:

https://software.intel.com/sites/default/files/managed/b4/cf/Intel-SGX-SDK-Developer-Reference-for-Windows-OS.pdf

The section on Sealed Data talks about setting replay and time-based policies, and which functions in the SDK are there to assist.

Thanks and Reagrds,
Surenthar Selvaraj

View solution in original post

0 Kudos
2 Replies
Surenthar_S_Intel
1,276 Views

Hi Sam,

The CPU does not directly provide such protection, but you can rely on the monotonic counter and the trusted time features of the ME to achieve it. They can be used to limit the duration for which a secret is valid (trusted time) and prevent replay attacks (monotonic counter). I would point them at the developer reference:

https://software.intel.com/sites/default/files/managed/b4/cf/Intel-SGX-SDK-Developer-Reference-for-Windows-OS.pdf

The section on Sealed Data talks about setting replay and time-based policies, and which functions in the SDK are there to assist.

Thanks and Reagrds,
Surenthar Selvaraj

0 Kudos
Sam5
New Contributor I
1,275 Views

Thanks Surenthar

0 Kudos
Reply