Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

Using same attestation report for two remote attestation

user14
Beginner
‎06-02-2020 01:24 PM
606 Views

In my application there are 3 three entities: 

A: Host application that communicates to B and C. A is running the SGX enclave.

B: Can be considered as RP. It remotely attests A and creates a secure channel. It has internet connectivity to get a report from IAS.

C: This entity also does remote attestation for A, but doesn't have Internet connectivity.

 

C can remotely attest A if A or B can retrieve the IAS report and forwards it to C. C verifies the signature of IAS on the report and also checks the validity of MRENCLAVE.

My question is, as B is already retrieving the report for that enclave if A can retrieve that report from B and forwards it to C. Would that work? Are there any session-specific values in the attestation proof/attestation report generated by IAS? If yes, can you please elaborate a bit or point me in the right direction?

Both B and C always attest to the same instance of the enclave at the same time. So, B always has a fresh attestation report.

 

0 Kudos

Link Copied

5 Replies
JesusG_Intel
Moderator
‎06-02-2020 02:07 PM
605 Views

Hello user14,

You are pretty much describing setting up an internal attestation service. You can do this with the Intel SGX Datacenter Attestation Primitives. This allows you to attest enclaves within your network without having to always connect to the IAS. Check out the Intel® SGX Data Center Attestation Primitives Orientation Guide for more information.

Regards,

0 Kudos
Copy link
user14
Beginner
‎06-02-2020 02:45 PM
606 Views

Thanks Garcia!

That was helpful. But in my case, C can't have network connectivity even to an internal attestation service. C is only connected to A. So, the only option to retrieve the attestation report is through A.

0 Kudos
Copy link
JesusG_Intel
Moderator
‎06-02-2020 04:04 PM
606 Views

Hello user14,

If C is trying to attest A, do you think it's a good idea to trust A to provide the correct attestation material? You are asking if C can trust A before it can attest A. The whole point of attestation is to use a trusted 3rd party (IAS) to provide the reports so that the challenging entities (B and C) can attest that A is trustworthy. You should download the attestation reports from IAS and cache it in a local network-attached database that is accessible by B and C so that they can attest A. If C is only attached to A, then why does it need to attest A? It sounds like C is dependent on A for everything, so C must trust A implicitly.

Regards,

0 Kudos
Copy link
user14
Beginner
‎06-02-2020 05:50 PM
606 Views

Isn't the attestation report signed by IAS? If yes, the C can just verify the signature on the report that it gets from A. This way C is not really trusting A, right? 

 

0 Kudos
Copy link
JesusG_Intel
Moderator
‎06-03-2020 02:23 PM
606 Views

Hello user14,

I consulted with some folks who are much smarter than me and you are right, this is possible to do. They recommend that you implement a freshness check to make sure the report is up to date. You will want to re-attest the platform based on your own policy. Intel provides the documentation for the DCAP APIs but the implementation is really up the customer since there are so many ways to do this.

Regards,

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.