论文信息 - Supporting Third Party Attestation for Intel® SGX with Intel® Data Center Attestation Primitives

Supporting Third Party Attestation for Intel® SGX with Intel® Data Center Attestation Primitives

Intel® Software Guard Extensions (SGX) has an attestation and sealing capability that can be used to remotely provision secrets and secure secrets to an enclave [1]. In [2], Intel describes how Intel® Enhanced Privacy Identifier (EPID) based attestation keys are provisioned and describes the Intel provided online services to support this architecture. This paper describes additional services and primitives available to allow 3 parties to build their own attestation infrastructure, using classical public key algorithms such as ECDSA or RSA. This paper also describes an example deployment pipeline with important trade-offs to be considered when deploying Intel® SGX at scale using these new elements.

Simon Johnson | V. Scarlata | J. Beaney | P. Żmijewski

[1] Jiangtao Li,et al. Enhanced Privacy ID from Bilinear Pairing for Hardware Authentication and Attestation , 2010, 2010 IEEE Second International Conference on Social Computing.

[2] Margaret Salter,et al. Fundamental Elliptic Curve Cryptography Algorithms , 2011, RFC.

[3] Carlos V. Rozas,et al. Innovative instructions and software model for isolated execution , 2013, HASP '13.

[4] Carlos V. Rozas,et al. Intel® Software Guard Extensions: EPID Provisioning and Attestation Services , 2016 .