exploring the use of intel sgx for secure many party
play

Exploring the use of Intel SGX for Secure Many-Party Applications - PowerPoint PPT Presentation

Exploring the use of Intel SGX for Secure Many-Party Applications SysTEX16 K. A. Kucuk University of Oxford, UK December 12, 2016 Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure


  1. Exploring the use of Intel SGX for Secure Many-Party Applications SysTEX’16 K. A. Kucuk University of Oxford, UK December 12, 2016 Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 1 /23

  2. Overview 1. Introduction 2. Trustworthy Remote Entity (TRE) 3. SGX-based TRE 4. Results Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 2 /23

  3. Yao’s Millionaires’ Problem Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 3 /23

  4. Multi Party Computation (MPC) Limited scalability, Cryptographic primitives Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 4 /23

  5. Ideal MPC Third Party, Trust Issues Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 5 /23

  6. Many Party Application: Road Pricing Location-based services ..diminishes the privacy Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 6 /23

  7. Many Party Application: Smart Grid aggregate measurements over multiple consumers Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 7 /23

  8. A Possible Solution ... Trustworthy Remote Entity (TRE) P 2 P 1 P n ICR TRE card ( ICR ) = n TRE ◮ Based on Trusted Computing ◮ Essentially a verifiable trusted third party (vTTP) ◮ Comparable to the idealised version (TTP) in the MPC world Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 8 /23

  9. TPM-based TRE Using TXT and TPM ◮ Final State Attestation (FSA) ◮ Bare-metal, event-driven ◮ Privacy Preserving ◮ Small TCB, Optimized Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 9 /23

  10. Other TRE possibilities Intel SGX; sgxTRE, Middlebox, Compute Provider ARM TrustZone Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 10 /23

  11. Contributions SGX-based TRE ◮ SGX Benchmarks ◮ Design and Prototype ◮ Comparison Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 11 /23

  12. Requirements Security and Performance Req. ◮ Secure Computation and Communication ◮ Secure Attestation ◮ Scalability and Latency Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 12 /23

  13. Adversary Model Malicious Operator of TRE ◮ Dolev-Yao Network Adv. ◮ SMM, BIOS, OS ◮ Physical Access Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 13 /23

  14. Benchmarking Functionalities Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 14 /23

  15. Implementation: Architecture Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 15 /23

  16. Implementation: Flow Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 16 /23

  17. Implementation: Abstract Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 17 /23

  18. Experiment Skylake SGX machine ◮ Dell Latitude E5570 ◮ June 2016 SGX SDK ◮ Basic Network ◮ Simulated SMDs ◮ DLMS-COSEM Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 18 /23

  19. Results: Comparison of TPM-based and SGX-based Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 19 /23

  20. Results: Performance of SGX-based TRE Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 20 /23

  21. Security Evaluation SGX-based TRE ◮ No Outside Calls ◮ No Secret dependent access patterns ◮ SGX features. Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 21 /23

  22. Conclusion SGX-based TRE ◮ Template for Many Party apps ◮ Comparison of approaches ◮ Smaller TCB ◮ Stronger Adversary Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 22 /23

  23. Questions Any comments? Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 23 /23

Recommend


More recommend