Towards Formalization of Enhanced Privacy ID (EPID)-based Remote Attestation in Intel SGX

2020 23rd Euromicro Conference on Digital System Design (DSD) Pub Date : 2020-08-01 DOI:10.1109/DSD51259.2020.00099

Muhammad Usama Sardar, D. Quoc, C. Fetzer

{"title":"Towards Formalization of Enhanced Privacy ID (EPID)-based Remote Attestation in Intel SGX","authors":"Muhammad Usama Sardar, D. Quoc, C. Fetzer","doi":"10.1109/DSD51259.2020.00099","DOIUrl":null,"url":null,"abstract":"Vulnerabilities in privileged software layers have been exploited with severe consequences. Recently, Trusted Execution Environments (TEEs) based technologies have emerged as a promising approach since they claim strong confidentiality and integrity guarantees regardless of the trustworthiness of the underlying system software. In this paper, we consider one of the most prominent TEE technologies, referred to as Intel Software Guard Extensions (SGX). Despite many formal approaches, there is still a lack of formal proof of some critical processes of Intel SGX, such as remote attestation. To fill this gap, we propose a fully automated, rigorous, and sound formal approach to specify and verify the Enhanced Privacy ID (EPID)-based remote attestation in Intel SGX under the assumption that there are no side-channel attacks and no vulnerabilities inside the enclave. The evaluation indicates that the confidentiality of attestation keys is preserved against a Dolev-Yao adversary in this technology. We also present a few of the many inconsistencies found in the existing literature on Intel SGX attestation during formal specification.","PeriodicalId":128527,"journal":{"name":"2020 23rd Euromicro Conference on Digital System Design (DSD)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 23rd Euromicro Conference on Digital System Design (DSD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSD51259.2020.00099","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

Vulnerabilities in privileged software layers have been exploited with severe consequences. Recently, Trusted Execution Environments (TEEs) based technologies have emerged as a promising approach since they claim strong confidentiality and integrity guarantees regardless of the trustworthiness of the underlying system software. In this paper, we consider one of the most prominent TEE technologies, referred to as Intel Software Guard Extensions (SGX). Despite many formal approaches, there is still a lack of formal proof of some critical processes of Intel SGX, such as remote attestation. To fill this gap, we propose a fully automated, rigorous, and sound formal approach to specify and verify the Enhanced Privacy ID (EPID)-based remote attestation in Intel SGX under the assumption that there are no side-channel attacks and no vulnerabilities inside the enclave. The evaluation indicates that the confidentiality of attestation keys is preserved against a Dolev-Yao adversary in this technology. We also present a few of the many inconsistencies found in the existing literature on Intel SGX attestation during formal specification.

查看原文本刊更多论文

Intel SGX中基于增强隐私ID (EPID)的远程认证的正规化研究

特权软件层中的漏洞已经被利用，造成了严重的后果。最近，基于可信执行环境(tee)的技术已经成为一种很有前途的方法，因为它们声称具有强大的机密性和完整性保证，而不管底层系统软件的可信度如何。在本文中，我们考虑最突出的TEE技术之一，称为Intel Software Guard Extensions (SGX)。尽管有许多正式的方法，但是对于Intel SGX的一些关键过程仍然缺乏正式的证明，例如远程认证。为了填补这一空白，我们提出了一种完全自动化，严格和健全的正式方法来指定和验证英特尔SGX中基于增强隐私ID (EPID)的远程认证，假设在飞地内没有侧信道攻击和漏洞。评估表明，在该技术中，对于Dolev-Yao对手，证明密钥的保密性得到了保护。在正式规范期间，我们还提出了在现有的Intel SGX认证文献中发现的许多不一致之处。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 23rd Euromicro Conference on Digital System Design (DSD)

自引率

0.00%

发文量