OPERA: Open Remote Attestation for Intel's Secure Enclaves

Intel Software Guard Extensions (SGX) remote attestation enables enclaves to authenticate hardware inside which they run, and attest the integrity of their enclave memory to the remote party. To enforce direct control of attestation, Intel mandates attestation to be verified by Intel's attestation service. This Intel-centric attestation model, however, neither protects privacy nor performs efficiently when distributed and frequent attestation is required. This paper presents OPERA, an Open Platform for Enclave Remote Attestation. Without involving Intel's attestation service while conducting attestation, OPERA is unchained from Intel, although it relies on Intel to establish a chain of trust whose anchor point is the secret rooted in SGX hardware. OPERA is open, as the implementation of its attestation service is completely open, allowing any enclave developer to run her own OPERA service, and its execution is publicly verifiable and hence trustworthy; OPERA is privacy-preserving, as the attestation service does not learn which enclave is being attested or when the attestation takes place; OPERA is performant, as it does not rely on a single-point-of-verification and also reduces the latency of verification.

[1]  Fan Zhang,et al.  REM: Resource-Efficient Mining for Blockchains , 2017, IACR Cryptol. ePrint Arch..

[2]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[3]  Benny Pinkas,et al.  The Circle Game: Scalable Private Membership Test Using Trusted Hardware , 2016, AsiaCCS.

[4]  Claudio Soriente,et al.  ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud , 2019, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[5]  Insik Shin,et al.  SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs , 2017, NDSS.

[6]  Shweta Shinde,et al.  Panoply: Low-TCB Linux Applications With SGX Enclaves , 2017, NDSS.

[7]  David M. Eyers,et al.  SCONE: Secure Linux Containers with Intel SGX , 2016, OSDI.

[8]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[9]  Li Lei,et al.  Integrating Remote Attestation with Transport Layer Security , 2018, ArXiv.

[10]  N. Asokan,et al.  Using SafeKeeper to Protect Web Passwords , 2018, WWW.

[11]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[12]  Dawn Xiaodong Song,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contract Execution , 2018, ArXiv.

[13]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[14]  Fan Zhang,et al.  Ekiden: A Platform for Confidentiality-Preserving, Trustworthy, and Performant Smart Contracts , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[15]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[16]  Yogesh Swami SGX Remote Attestation is not Sufficient , 2017, IACR Cryptol. ePrint Arch..

[17]  Nektarios Georgios Tsoutsos,et al.  SGXCrypter: IP protection for portable executables using Intel's SGX technology , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[18]  Mario Werner,et al.  SGXIO: Generic Trusted I/O Path for Intel SGX , 2017, CODASPY.

[19]  Christof Fetzer,et al.  SGXBOUNDS: Memory Safety for Shielded Execution , 2017, EuroSys.

[20]  Bruno. Blanchet,et al.  Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif , 2016, Found. Trends Priv. Secur..

[21]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[22]  Jiangtao Li,et al.  Enhanced Privacy ID from Bilinear Pairing for Hardware Authentication and Attestation , 2010, 2010 IEEE Second International Conference on Social Computing.

[23]  Michael M. Swift,et al.  A Placement Vulnerability Study in Multi-Tenant Public Clouds , 2015, USENIX Security Symposium.

[24]  Emmett Witchel,et al.  Ryoan: A Distributed Sandbox for Untrusted Computation on Secret Data , 2016, OSDI.

[25]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[26]  Donald E. Porter,et al.  Graphene-SGX: A Practical Library OS for Unmodified Applications on SGX , 2017, USENIX Annual Technical Conference.

[27]  Sanjit A. Seshia,et al.  Moat: Verifying Confidentiality of Enclave Programs , 2015, CCS.

[28]  N. Asokan,et al.  S-FaaS: Trustworthy and Accountable Function-as-a-Service using Intel SGX , 2018, CCSW@CCS.

[29]  Simon Johnson,et al.  Supporting Third Party Attestation for Intel® SGX with Intel® Data Center Attestation Primitives , 2018 .

[30]  Ion Stoica,et al.  Opaque: An Oblivious and Encrypted Distributed Analytics Platform , 2017, NSDI.

[31]  Yuan Xiao,et al.  SgxPectre: Stealing Intel Secrets from SGX Enclaves Via Speculative Execution , 2018, 2019 IEEE European Symposium on Security and Privacy (EuroS&P).

[32]  Fan Zhang,et al.  Town Crier: An Authenticated Data Feed for Smart Contracts , 2016, CCS.

[33]  Frank Piessens,et al.  Ariadne: A Minimal Approach to State Continuity , 2016, USENIX Security Symposium.

[34]  Sebastian Nowozin,et al.  Oblivious Multi-Party Machine Learning on Trusted Processors , 2016, USENIX Security Symposium.

[35]  Carlos V. Rozas,et al.  Intel® Software Guard Extensions: EPID Provisioning and Attestation Services , 2016 .

[36]  Gene Tsudik,et al.  A minimalist approach to Remote Attestation , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[37]  Fan Zhang,et al.  Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[38]  Christos Gkantsidis,et al.  VC3: Trustworthy Data Analytics in the Cloud Using SGX , 2015, 2015 IEEE Symposium on Security and Privacy.

[39]  Srdjan Capkun,et al.  ROTE: Rollback Protection for Trusted Execution , 2017, USENIX Security Symposium.

[40]  Karthikeyan Bhargavan,et al.  Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[41]  Herbert Bos,et al.  RIDL: Rogue In-Flight Data Load , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[42]  Alex Pentland,et al.  Enigma: Decentralized Computation Platform with Guaranteed Privacy , 2015, ArXiv.

[43]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[44]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.