[Cryptography] HSMs or Intel SGX? Which is harder to hack?

Bill Cox waywardgeek at gmail.com
Sun Feb 19 21:07:51 EST 2017


On Sun, Feb 19, 2017 at 12:00 AM, grarpamp <grarpamp at gmail.com> wrote:

>
> Note that some regard SGX
>
> https://github.com/kudelskisecurity/sgxfun
>
> as having already been broke


That seems pretty weak: extracting the publicly visible metadata from a
binary isn't a break.  That information was published.

 I actually am dropping SGX from the running because it cannot support what
I call "dynamic defense".  A software-only attacker can force all the SGX
secrets to be dumped to SRAM, though they are encrypted with the CPU's
symmetric key.  An attacker can do this, and come back later and take her
time extracting the secrets from the CPU.

This defeats any attempt to make secrets time-sensitive, meaning we want to
force hackers to complete their work in a short period of time, or fail.
An HSM does not seem to have this problem.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170219/354366d7/attachment.html>


More information about the cryptography mailing list