Software Guard Extensions Research Articles

SAKAP: SGX-Based Authentication Key Agreement Protocol in IoT-Enabled Cloud Computing

With the rapid development of the Internet, Internet of Things (IoT) technology is widely used in people’s daily lives. As the number of IoT devices increases, the amount of data to be processed also increases. The emergence of cloud computing can process the data of IoT devices in a timely manner, and it provides robust storage and computing capabilities to facilitate data resource sharing. Since wireless communication networks are unstable and open, it is easy for attackers to eavesdrop, intercept, and tamper with the messages sent. In addition, authentication protocols designed for IoT-enabled cloud computing environments still face many security challenges. Therefore, to address these security issues, we propose an Intel software-guard-extensions (SGX)-based authentication key agreement protocol in an IoT-enabled cloud computing environment. The goal is to ensure data privacy and sustainable communication between the entities. Moreover, SGX can resist several well-known attacks. Finally, we show the security using the real-or-random model, ProVerif, and informal analysis. We also compare the security and performance of the proposed protocol with existing protocols. The comparison results show that our proposed protocol reduces the communication cost by 7.07% compared to the best one among the current protocols and ensures sufficient security.

Privacy‐enhancing machine learning framework with private aggregation of teacher ensembles

Private aggregation of teacher ensembles (PATE), a general machine learning framework based on knowledge distillation, can provide a privacy guarantee for training data sets. However, this framework poses a number of security risks. First, PATE mainly focuses on the privacy of teachers' training data and fails to protect the privacy of their students' data. Second, PATE relies heavily on a trusted aggregator to count teachers' votes, which is not convincing enough to assume a third party would never leak teachers' votes during the knowledge transfer process. To address the abovementioned issues, we improve the original PATE framework and present a new one that combines secret sharing with Intel Software Guard Extensions in a novel way. In the proposed framework, teachers are trained locally, then uploaded and stored in two computing servers in the form of secret shares. In the knowledge transfer phase, the two computing servers receive shares of private inputs from students before collaboratively performing secure predictions. Thus neither teachers nor students expose sensitive information. During the aggregation process, we propose an effective masking technique suitable for the setting to keep the prediction results private and prevent the votes from being leaked to the aggregation server. Besides, we optimize the aggregation mechanism and add noise perturbations adaptively based on the posterior entropy of the prediction results. Finally, we evaluate the performance of the new framework on multiple data sets and experimentally demonstrate that the new framework allows highly efficient, accurate, and secure predictions.

A Blockchain-Based and SGX-Enabled Access Control Framework for IoT

With the rapid development of physical networks, tens of billions of Internet of Things (IoT) devices have been deployed worldwide. Access control is essential in the IoT system, which manages user access to vital IoT data. However, access control for the IoT is mainly based on centralized trusted servers, which face problems such as a single point of failure and data leakage. To tackle these challenges, we propose an access control framework for the IoT by combining blockchain and Intel software guard extension (SGX) technology. A blockchain validates both IoT devices and edge servers added to the network. The access control contract is deployed on the blockchain, which can manage attribute-based access control policies in a fine-grained manner and make access control decisions flexibly. SGX technology is introduced into the edge computing server to realize the confidentiality of data processing. Finally, we implemented the prototype of the framework on Quorum and conducted extensive experiments and theoretical analyses on the performance of the blockchain. The results of the experimental tests and theoretical analyses show that our framework has more advantages in computing costs and on-chain storage costs.

SGXDump: A Repeatable Code-Reuse Attack for Extracting SGX Enclave Memory

Intel SGX (Software Guard Extensions) is a hardware-based security solution that provides a trusted computing environment. SGX creates an isolated memory area called enclave and prevents any illegal access from outside of the enclave. SGX only allows executables already linked statically to the enclave when compiling executables to access its memory, so code injection attacks to SGX are not effective. However, as a previous study has demonstrated, Return-Oriented Programming (ROP) attacks can overcome this defense mechanism by injecting a series of addresses of executable codes inside the enclave. In this study, we propose a novel ROP attack, called SGXDump, which can repeat the attack payload. SGXDump consists only of gadgets in the enclave and unlike previous ROP attacks, the SGXDump attack can repeat the attack payload, communicate with other channels, and implement conditional statements. We successfully attacked two well-known SGX projects, mbedTLS-SGX and Graphene-SGX. Based on our attack experiences, it seems highly probable that an SGXDump attack can leak the entire enclave memory if there is an exploitable memory corruption vulnerability in the target SGX application.

Privacy-Preserving Location-Based Data Queries in Fog-Enhanced Sensor Networks

Fog computing has emerged as a promising framework with the rapid growth of the Internet of Things (IoT). In fog computing, the new entity, named fog device, can help the cloud process the large amount of data generated by IoT devices. Along with this trend, a location-based query scheme that collects IoT devices’ data from specific areas is an important application, especially in fog-enhanced sensor networks. However, in this application, the cloud and fog devices require the user’s query, sensors’ locations, and sensor data so that it raises critical privacy and security concerns. In this article, we devise a privacy-preserving-location-based data query scheme in fog-enhanced sensor networks, which allows the cloud and fog devices to collect sensor data from a query area without learning the three kinds of information. Specifically, we resort to a cryptographic primitive, named somewhat homomorphic encryption (SHE), with ciphertext packing to encrypt query, locations, and sensor data and efficiently calculate the distances between the user’s query and sensors. Then, we show how to build a hardware-assisted data query scheme to extract the matched data based on the distances. We formally analyze the security strengths and implement the system prototype. In order to implement secure processing within software guard extension (SGX), we make an effort to adapt the existing mathematical libraries to the advanced SGX trusted environment. Evaluation results demonstrate that our proposed design is secure and efficient.

SGXAP: SGX-Based Authentication Protocol in IoV-Enabled Fog Computing

With the maturity and popularization of the Internet of Things, we saw the emergence of the Internet of Vehicles. This collects and processes real-time traffic information, alleviates traffic congestion, and realizes intelligent transportation. However, sensitive information, such as real-time driving data of vehicles, are transmitted on public channels, which are easily to steal and manipulate for attackers. In addition, vehicle communications are vulnerable to malicious attacks. Therefore, it is essential to design secure and efficient protocols. Many studies have adopted asymmetric cryptosystems and fog computing to in this environment, but most of them do not reflect the advantages of fog nodes, which share the computational burden of cloud servers. Therefore, it is challenging to design a protocol that effectively uses fog nodes. In this paper, we design an authentication protocol based on a symmetric encryption algorithm and fog computing in the Internet of Vehicles. In this protocol, we first propose a four-layer architecture that significantly reduces the computational burden of cloud servers. To resist several well-known attacks, we also apply Intel software guard extensions to our protocol. This is because it can resist privileged insider attacks. We prove the security of the proposed protocol through the Real-Or-Random model and informal analysis. We also compare the performance of the proposed protocol with recent protocols. The results show better security and a lower computational cost.

An internet of secure and private things: A service-oriented architecture

Low-cost networked IoT devices are fast becoming commonplace. From implanted medical devices to motion-activated surveillance cameras and from driverless smart cars to voice-operated home management systems, IoT devices continue to permeate further and deeper into our lives. However, this widespread adoption of IoT devices has also given rise to a wide range of security, privacy and trust issues that are unique to the IoT ecosystem. Conventional solutions are ill-suited for the IoT domain due to limited resources, network dynamics, and evolving trust boundaries. Hence, novel mechanisms are needed to address the specific challenges of the IoT landscape. To this end, we propose a user-centric cloud-based service that allows device owners to have fine-grained control over what kind and how much data is shared through their IoT devices. Our scheme builds on top of Intel Software Guard Extensions (SGX) to instantiate secure virtual clones (shadows) of actual devices in the cloud, substantially reducing the attack surface for IoT networks. Furthermore, a scalable infrastructure in the cloud allows us to deploy sophisticated policy enforcement and data scrubbing mechanisms on a per application basis giving users explicit control over data sharing. The presented approach requires little effort on part of device vendors and users as the service provider handles the bulk of the work. We demonstrate the effectiveness of our approach empirically by implementing the service on SGX hardware and deploying advanced data cleansing policies on device-generated data.

Trusted Platform Module-Based Privacy in the Public Cloud: Challenges and Future Perspective

Public cloud providers offer ready-to-use, easily scalable servers on demand for a variety of applications. Storing and processing private and sensitive data in the cloud brings multiple security issues and indeed these concerns currently prevent many users from utilizing cloud resources. Improving both security and trust for users is increasingly important for cloud providers. In this context, we first investigate the classes of security threats encountered by cloud applications. We then analyze various software- and hardware-based solutions to handle these security challenges and provide the user with a chain of trust. Our analysis shows that pure software-based solutions do not sufficiently mitigate the challenges of the cloud environment. Hardware-based solutions utilizing the Trusted Platform Module (TPM) alleviate the issues; however, it is challenging to implement in the public cloud environment. Finally, we introduce our TPM-SGX-based approach that utilizes software TPM and Software Guard Extension (SGX) to provide similar security as the hardware-based approach.

A Secure Authentication Scheme for Wireless Sensor Networks Based on DAC and Intel SGX

Wireless sensor networks (WSNs) are widely implemented in military, intelligent medical, intelligent transportation, space exploration, and other fields. However, the authentication and communication of WSNs are carried out in the harsh external environment via a public channel, which is more vulnerable to various attacks than the traditional networks. Authentication is the key technology of security measures, but a common authentication scheme is not suitable for WSNs due to limitations of memory, computing, and energy consumption. Therefore, designing a secure and efficient authentication scheme is essential in WSNs. In recent years, several studies proved that the dynamic authentication credential (DAC) is efficient for enhancing the security of the authentication scheme. This article designs a secure authentication scheme for WSNs based on DAC and Intel software guard extensions (SGX). Compared with other DAC authentication schemes, our scheme provides the confirmation action of DAC rotation, which can effectively prevent the asynchronous update problem caused by packet loss. In order to resist the privileged user attack and the authentication table leakage attack, we choose the SGX, which can protect the data in use, as the trusted execution environment in the gateway node, and we adopt SGX to store the master key for protecting the authentication table. Finally, the security of our authentication scheme is verified by BAN logic, the simulation tool AVISPA, and informal security analysis. Through the consumption overhead analysis, the NS3 simulation result, and detailed comparison with other recent schemes, we conclude that our scheme is practical and achieves better security with less overhead.

Faulty Point Unit: ABI Poisoning Attacks on Trusted Execution Environments

This article analyzes a previously overlooked attack surface that allows unprivileged adversaries to impact floating-point computations in enclaves through the Application Binary Interface (ABI). In a comprehensive study across 7 industry-standard and research enclave shielding runtimes for Intel Software Guard Extensions (SGX), we show that control and state registers of the x87 Floating-Point Unit (FPU) and Intel Streaming SIMD Extensions are not always properly sanitized on enclave entry. We furthermore show that this attack goes beyond the x86 architecture and can also affect RISC-V enclaves. Focusing on SGX, we abuse the adversary’s control over precision and rounding modes as an ABI fault injection primitive to corrupt enclaved floating-point operations. Our analysis reveals that this is especially relevant for applications that use the older x87 FPU, which is still under certain conditions used by modern compilers. We exemplify the potential impact of ABI quality-degradation attacks for enclaved machine learning and for the SPEC benchmarks. We then explore the impact on confidentiality, showing that control over exception masks can be abused as a controlled channel to recover enclaved multiplication operands. Our findings, affecting 5 of 7 studied SGX runtimes and one RISC-V runtime, demonstrate the challenges of implementing high-assurance trusted execution across computing architectures.

Cooperative Detection Method for DDoS Attacks Based on Blockchain

Distributed Denial of Service (DDoS) attacks is always one of the major problems for service providers. Using blockchain to detect DDoS attacks is one of the current popular methods. However, the problems of high time overhead and cost exist in the most of the blockchain methods for detecting DDoS attacks. This paper proposes a blockchain-based collaborative detection method for DDoS attacks. First, the trained DDoS attack detection model is encrypted by the Intel Software Guard Extensions (SGX), which provides high security for uploading the DDoS attack detection model to the blockchain. Secondly, the service provider uploads the encrypted model to Inter Planetary File System (IPFS) and then a corresponding Content-ID (CID) is generated by IPFS which greatly saves the cost of uploading encrypted models to the blockchain. In addition, due to the small amount of model data, the time cost of uploading the DDoS attack detection model is greatly reduced. Finally, through the blockchain and smart contracts, the CID is distributed to other service providers, who can use the CID to download the corresponding DDoS attack detection model from IPFS. Blockchain provides a decentralized, trusted and tamper-proof environment for service providers. Besides, smart contracts and IPFS greatly improve the distribution efficiency of the model, while the distribution of CID greatly improves the efficiency of the transmission on the blockchain. In this way, the purpose of collaborative detection can be achieved, and the time cost of transmission on blockchain and IPFS can be considerably saved. We designed a blockchain-based DDoS attack collaborative detection framework to improve the data transmission efficiency on the blockchain, and use IPFS to greatly reduce the cost of the distribution model. In the experiment, compared with most blockchain-based method for DDoS attack detection, the proposed model using blockchain distribution shows the advantages of low cost and latency. The remote authentication mechanism of Intel SGX provides high security and integrity, and ensures the availability of distributed models.

A Novel Auction Blockchain System with Price Recommendation and Trusted Execution Environment

Online auctions are now widely used, with all the convenience and efficiency brought by internet technology. Despite the advantages over traditional auction methods, some challenges still remain in online auctions. According to the World Business Environment Survey (WBES) conducted by the World Bank, about 60% of companies have admitted to bribery and manipulation of the auction results. In addition, buyers are prone to the winner’s curse in an online auction environment. Since the increase in information availability can reduce uncertainty, easy access to relevant auction information is essential for buyers to avoid the winner’s curse. In this study, we propose an Online Auction Price Suggestion System (OAPSS) to protect the data from being interfered with by third-party programs based on Intel’s Software Guard Extensions (SGX) technology and the characteristics of the blockchain. Our proposed system provides a smart contract by using α-Sutte indicator in the final transaction price prediction as a bidding price recommendation, which helps buyers to reduce the information uncertainty on the value of the product. The amount spent on the smart contract in this study, excluding deployed contracts, plus the rest of the fees is less than US$1. Experimental results of the simulation show that there is a significant difference (p < 0.05) between the recommended price group and the actual price group in the highest bid. Therefore, we may conclude that our proposed bidder’s price recommendation function in the smart contract may mitigate the loss of buyers caused by the winner’s curse.

The evidence beyond the wall: Memory forensics in SGX environments

Software Guard eXtensions (SGX) is a hardware-based technology that introduces unobservable portions of memory, called enclaves, that physically screens software components from system tampering. Enclaves can be used to run arbitrary programs (including malicious code), but their actual impact on digital forensics and incident response remains unknown. In our work, we propose a methodical study of what information can be retrieved from an SGX machine and how to use this information to infer the enclaves interfaces and structure layout.We tested our techniques over a dataset of 45 SGX applications and we showed the practicality of our techniques in a real-product use-case and on two malware-enclaves.

Blockchain and SGX-Enabled Edge-Computing-Empowered Secure IoMT Data Analysis

The Internet of Medical Things (IoMT) is an important application of the Internet of Things (IoT) in the health field, including remote health monitoring and remote medical diagnosis. This not only brings convenience to the patient but also reduces the cost of the patient. However, the surge of data brought by mobile health monitoring equipment challenges the traditional centralized data processing model. In particular, medical data are closely related to patient privacy. Therefore, only part of the specific medical data should be provided to the medical institutions in need, rather than all the data, to ensure the confidentiality of the data to the greatest extent. But curious data processing centers can easily lead to data leakage. To tackle these challenges, we use edge computing and blockchain to build a new framework. In particular, the trusted execution environment, namely, software guard extension (SGX) technology, is introduced into edge computing to ensure the confidentiality of the data analysis process. The blockchain authenticates the IoMT devices and cloud service providers that are added to the network and provides an access policy management mechanism for IoMT data. Moreover, a prototype of the proposed framework is implemented using Hyperledger Fabric and Intel SGX, and the analysis of the blockchain and SGX performance are also presented.

HySec-Flow: Privacy-Preserving Genomic Computing with SGX-based Big-Data Analytics Framework.

Trusted execution environments (TEE) such as Intel's Software Guard Extension (SGX) have been widely studied to boost security and privacy protection for the computation of sensitive data such as human genomics. However, a performance hurdle is often generated by SGX, especially from the small enclave memory. In this paper, we propose a new Hybrid Secured Flow framework (called "HySec-Flow") for large-scale genomic data analysis using SGX platforms. Here, the data-intensive computing tasks can be partitioned into independent subtasks to be deployed into distinct secured and non-secured containers, therefore allowing for parallel execution while alleviating the limited size of Page Cache (EPC) memory in each enclave. We illustrate our contributions using a workflow supporting indexing, alignment, dispatching, and merging the execution of SGX- enabled containers. We provide details regarding the architecture of the trusted and untrusted components and the underlying Scorn and Graphene support as generic shielding execution frameworks to port legacy code. We thoroughly evaluate the performance of our privacy-preserving reads mapping algorithm using real human genome sequencing data. The results demonstrate that the performance is enhanced by partitioning the time-consuming genomic computation into subtasks compared to the conventional execution of the data-intensive reads mapping algorithm in an enclave. The proposed HySec-Flow framework is made available as an open-source and adapted to the data-parallel computation of other large-scale genomic tasks requiring security and scalable computational resources.

Practical hybrid confidentiality-based analytics framework with Intel SGX

Massive cloud infrastructure capabilities, including efficient, scalable, and elastic computing resources, have led to a widespread adoption of Internet of Things (IoT) cloud-enabled services. This involves giving complete control to cloud service providers (CSPs) of sensitive IoT data by moving data storage and processing in cloud. An efficient and lightweight advanced encryption standard (AES) cryptosystem can play a major role in protecting IoT data from exposure to CSPs by protecting the privacy of outsourced data. However, AES lacks computation capabilities, which is a critical factor that prevents individuals and organizations from taking full advantage of cloud computing services. When Intel software guard extensions (SGX) is used with AES cryptosystem, the developing framework can provide a practical solution to build a confidentiality-based data analytics framework for IoT-enabled applications in various domains. In this paper, a privacy-preserving data analytics framework is developed that relies on a hybrid-integrated approach, in which both software- and hardware-based solutions are applied to ensure confidentiality and process-sensitive outsourced data in the cloud environment.

Security Vulnerabilities of SGX and Countermeasures

Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.

Architectural Protection of Trusted System Services for SGX Enclaves in Cloud Computing

Data security and privacy are of great concern for users of cloud computing. In order to provide such guarantees in public clouds, hardware manufacturers have designed trusted execution environments such as Intel’s Software Guard eXtensions (SGX). Intel SGX supports privacy-preserving, tamper-proof containments called enclaves. Regrettably, an SGX enclave has to rely on the untrusted operating system or hypervisor for underlying services, which contradicts the threat model of Intel SGX. Whereas much of the previous work concentrates on protecting trusted applications by means of modifying a hypervisor, we tackle the problem by reusing existing drivers and leveraging processor-enforced protection. We propose a novel approach, named SMK, to provide trusted system services for SGX enclaves. SMK leverages existing Intel architecture features, i.e., System Management Mode (SMM) and Uniform Extensible Firmware Interface (UEFI). Specifically, we retrofit UEFI firmware and design an isolated micro-kernel inside SMM to securely provision critical system services for enclaves. To highlight the effectiveness and extensibility of SMK, we implement two system services: trusted clock and trusted network. Furthermore, we harden two real-world security-sensitive applications, OpenSSL and OpenVPN, with SMK’s system services. Our evaluation indicates that SMK can supply trusted system services for enclaves with modest runtime overheads.

Trust Hardware Based Secured Privacy Preserving Computation System for Three-Dimensional Data

Three-dimensional (3D) data are easily collected in an unconscious way and are sensitive to lead biological characteristics exposure. Privacy and ownership have become important disputed issues for the 3D data application field. In this paper, we design a privacy-preserving computation system (SPPCS) for sensitive data protection, based on distributed storage, trusted execution environment (TEE) and blockchain technology. The SPPCS separates a storage and analysis calculation from consensus to build a hierarchical computation architecture. Based on a similarity computation of graph structures, the SPPCS finds data requirement matching lists to avoid invalid transactions. With TEE technology, the SPPCS implements a dual hybrid isolation model to restrict access to raw data and obscure the connections among transaction parties. To validate confidential performance, we implement a prototype of SPPCS with Ethereum and Intel Software Guard Extensions (SGX). The evaluation results derived from test datasets show that (1) the enhanced security and increased time consumption (490 ms in this paper) of multiple SGX nodes need to be balanced; (2) for a single SGX node to enhance data security and preserve privacy, an increased time consumption of about 260 ms is acceptable; (3) the transaction relationship cannot be inferred from records on-chain. The proposed SPPCS implements data privacy and security protection with high performance.

Practical and Efficient in-Enclave Verification of Privacy Compliance.

A trusted execution environment (TEE) such as Intel Software Guard Extension (SGX) runs attestation to prove to a data owner the integrity of the initial state of an enclave, including the program to operate on her data. For this purpose, the data-processing program is supposed to be open to the owner or a trusted third party, so its functionality can be evaluated before trust being established. In the real world, however, increasingly there are application scenarios in which the program itself needs to be protected (e.g., proprietary algorithm). So its compliance with privacy policies as expected by the data owner should be verified without exposing its code. To this end, this paper presents Deflection, a new model for TEE-based delegated and flexible in-enclave code verification. Given that the conventional solutions do not work well under the resource-limited and TCB-frugal TEE, we come up with a new design inspired by Proof-Carrying Code. Our design strategically moves most of the workload to the code generator, which is responsible for producing easy-to-check code, while keeping the consumer simple. Also, the whole consumer can be made public and verified through a conventional attestation. We implemented this model on Intel SGX and demonstrate that it introduces a very small part of TCB. We also thoroughly evaluated its performance on micro- and macro- benchmarks and real-world applications, showing that the design only incurs a small overhead when enforcing several categories of security policies.