[Cryptography] Intel SGX: Augean stables piled higher & deeper?

Steve Weis steveweis at gmail.com
Tue May 19 13:13:11 EDT 2015

On Tue, May 19, 2015 at 8:11 AM, Henry Baker <hbaker1 at pipeline.com> wrote:

> At 01:26 PM 5/18/2015, Steve Weis wrote:
> >For those who aren't familiar with SGX, see the links below.  Some pros
> and cons that I see:
> >+ You can run code in a "secure enclave" that is not accessible from
> either ring-0 code or SMM.
> Mathematical proof?

SGX is implemented through hardware mechanisms, not through cryptography or
anything with a mathematical proof that would satisfy you. Yes, you do need
to trust Intel to implement it correctly and yes, Intel certainly ships
hardware with hundreds of errata.

> >+ Secure enclaves are backed by physically encrypted memory, and thus not
> exposed to cold boot attacks or non-volatile RAM.
> Mathematical proof?

You want a mathematical proof that a physical attack against hardware is
impossible? Or that memory is actually being encrypted as advertised? The
latter is easy to verify.

The closest model I can think of is physically observable cryptography:

> >+ Enclaves should be remotely attestable with CPU-bound public keys using
> anonymized or pseudonymized signatures.
> Mathematical proof?

EPID paper is here: https://eprint.iacr.org/2009/095.pdf

I doubt that will satisfy you.

If Intel can't provide sound & complete & public proofs for their wet
> dreams, then these technologies are simply more BS for the pile.
> In the absence of such mathematical proofs, Intel SGX is providing more
> "security through obscurity" than true security.

You seem to be asking for formal proofs of both the correctness of the
architecture design and that a hardware implementation properly embodies
the design. I can't think of any hardware which would satisfy your criteria.

DARPA's TRUST and CRASH programs may be of interest:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150519/4b546148/attachment.html>

More information about the cryptography mailing list