Exploring the use of Intel SGX for Secure Many-Party Applications - - PowerPoint PPT Presentation

exploring the use of intel sgx for secure many party
SMART_READER_LITE
LIVE PREVIEW

Exploring the use of Intel SGX for Secure Many-Party Applications - - PowerPoint PPT Presentation

Dec 08, 2023 369 likes •612 views

Exploring the use of Intel SGX for Secure Many-Party Applications SysTEX16 K. A. Kucuk University of Oxford, UK December 12, 2016 Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure

slide-1
SLIDE 1

Exploring the use of Intel SGX for Secure Many-Party Applications

SysTEX’16

  • K. A. Kucuk

University of Oxford, UK

December 12, 2016

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 1 /23

slide-2
SLIDE 2

Overview

  • 1. Introduction
  • 2. Trustworthy Remote Entity (TRE)
  • 3. SGX-based TRE
  • 4. Results

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 2 /23

slide-3
SLIDE 3

Yao’s Millionaires’ Problem

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 3 /23

slide-4
SLIDE 4

Multi Party Computation (MPC) Limited scalability, Cryptographic primitives

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 4 /23

slide-5
SLIDE 5

Ideal MPC Third Party, Trust Issues

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 5 /23

slide-6
SLIDE 6

Many Party Application: Road Pricing Location-based services ..diminishes the privacy

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 6 /23

slide-7
SLIDE 7

Many Party Application: Smart Grid aggregate measurements

  • ver multiple consumers

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 7 /23

slide-8
SLIDE 8

A Possible Solution ...

Trustworthy Remote Entity (TRE) ICR

card(ICR) = n

TRE TRE P1 P2 Pn

◮ Based on Trusted Computing ◮ Essentially a verifiable trusted third party (vTTP) ◮ Comparable to the idealised version (TTP) in the MPC world

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 8 /23

slide-9
SLIDE 9

TPM-based TRE Using TXT and TPM

◮ Final State Attestation (FSA) ◮ Bare-metal, event-driven ◮ Privacy Preserving ◮ Small TCB, Optimized

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 9 /23

slide-10
SLIDE 10

Other TRE possibilities Intel SGX; sgxTRE, Middlebox, Compute Provider ARM TrustZone

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 10 /23

slide-11
SLIDE 11

Contributions SGX-based TRE

◮ SGX Benchmarks ◮ Design and Prototype ◮ Comparison

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 11 /23

slide-12
SLIDE 12

Requirements Security and Performance Req.

◮ Secure Computation and Communication ◮ Secure Attestation ◮ Scalability and Latency

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 12 /23

slide-13
SLIDE 13

Adversary Model Malicious Operator of TRE

◮ Dolev-Yao Network Adv. ◮ SMM, BIOS, OS ◮ Physical Access

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 13 /23

slide-14
SLIDE 14

Benchmarking Functionalities

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 14 /23

slide-15
SLIDE 15

Implementation: Architecture

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 15 /23

slide-16
SLIDE 16

Implementation: Flow

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 16 /23

slide-17
SLIDE 17

Implementation: Abstract

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 17 /23

slide-18
SLIDE 18

Experiment Skylake SGX machine

◮ Dell Latitude E5570 ◮ June 2016 SGX SDK ◮ Basic Network ◮ Simulated SMDs ◮ DLMS-COSEM

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 18 /23

slide-19
SLIDE 19

Results: Comparison of TPM-based and SGX-based

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 19 /23

slide-20
SLIDE 20

Results: Performance of SGX-based TRE

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 20 /23

slide-21
SLIDE 21

Security Evaluation SGX-based TRE

◮ No Outside Calls ◮ No Secret dependent access patterns ◮ SGX features.

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 21 /23

slide-22
SLIDE 22

Conclusion SGX-based TRE

◮ Template for Many Party apps ◮ Comparison of approaches ◮ Smaller TCB ◮ Stronger Adversary

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 22 /23

slide-23
SLIDE 23

Questions Any comments?

Kubilay Ahmet Kucuk, kucuk@cs.ox.ac.uk, University of Oxford Exploring the use of Intel SGX for Secure Many-Party Applications slide 23 /23