Skip to main content

What are Trusted Execution Environments?

The following is a high level overview of TEEs and Intel Software Guard Extensions (SGX). Refer to Intel's official documentation for more info.

Terminology​

TermDefinition
Trusted Execution Environment (TEE)A secure environment isolated from the rest of the system, where sensitive code can be executed and sensitive data can be processed with additional protection against unauthorized access or modification. Intel SGX is an example of a TEE.
Intel SGX (Software Guard Extensions)A set of security-related instruction codes built into Intel processors that provide a hardware-based method to create secure enclaves within the application's memory to protect sensitive data and code from unauthorized access or modification.
EnclaveA protected memory region within an application that is created and managed by Intel SGX. Enclaves provide a secure execution environment for sensitive code and data, ensuring their confidentiality and integrity.
MRENCLAVEMRENCLAVE is a unique identifier in Intel SGX technology that represents the identity and integrity of a specific enclave. It is a 256-bit hash value that is derived from the enclave's code and initial data during the enclave's creation process. The main purpose of MRENCLAVE is to enable remote attestation and ensure that the enclave running on a remote system is indeed the intended and genuine enclave.
MRSIGNERA measurement of the signer identity of an enclave. It is a 256-bit hash value derived from the public key used to sign the enclave during the build process. MRSIGNER is used during remote attestation to verify the identity of the party who created and signed the enclave.
Remote AttestationA process that allows a remote party to verify the identity, integrity, and authenticity of an enclave running on another system. Remote attestation involves generating a cryptographic report that includes MRENCLAVE and MRSIGNER values, which are then verified by the remote party.
SealingThe process of encrypting data with a key that is tied to the enclave's identity, ensuring that the data can only be accessed by the same enclave or an enclave with the same identity. Sealed data is stored outside the enclave and can be used for persistent storage or data sharing between different enclaves.
Quoting Enclave (QE)A special enclave provided by Intel that is responsible for generating quotes for remote attestation. The quoting enclave signs the enclave report with the Intel Enhanced Privacy ID (EPID) private key, which is only accessible to the QE.

What are Trusted Execution Environments and SGX?​

A Trusted Execution Environment (TEE) is a secure area within a device's hardware or software that isolates sensitive data and code from the rest of the system. Intel Software Guard Extensions (SGX) is a hardware-based technology that provides TEE capabilities. It allows developers to create secure enclaves within the processor where sensitive information can be processed without the risk of being accessed or modified by unauthorized parties. TEEs and Intel SGX play a crucial role in securing sensitive data and code, ensuring privacy and integrity in various applications.

What problem does SGX solve?​

In today's interconnected world, ensuring the security, privacy, and verifiability of data and code has become increasingly important. However, traditional security methods have struggled to keep up with the evolving threat landscape. SGX addresses these challenges by providing a hardware-based solution that protects sensitive information from unauthorized access and tampering, even in the presence of a compromised operating system or other privileged software. By offering a secure and isolated environment for running applications, SGX enables developers to build trust in their systems and ensure the integrity of their data and code.

SGX Overview​

Intel SGX is a set of hardware-based security features that are built into Intel processors. It allows developers to create secure enclaves within the processor, which are isolated from the rest of the system. These enclaves provide a secure environment where sensitive data and code can be processed without the risk of being accessed or modified by unauthorized parties. The key components of SGX include:

  • Processor support: Intel processors with SGX capabilities have specific hardware features that enable the creation and management of secure enclaves.
  • Enclave Page Cache (EPC): A protected memory area within the processor that stores the data and code associated with secure enclaves.
  • Memory Encryption Engine (MEE): A hardware component that encrypts and decrypts data as it is read from or written to the EPC.
  • Attestation: A process that allows a remote party to verify the authenticity and integrity of an enclave and its contents.

Enclaves​

Enclaves are the central concept in Intel SGX technology. They are secure, isolated execution environments within the processor that protect sensitive data and code from unauthorized access and modification. Enclaves are created and managed by the processor, ensuring that even privileged software, such as the operating system or hypervisor, cannot access or tamper with the data and code within the enclave.

An enclave can only be accessed via specific entry points, and all data entering or leaving the enclave is encrypted and decrypted by the Memory Encryption Engine (MEE). This ensures that the contents of the enclave remain confidential and protected, even if the rest of the system is compromised.

Attestation​

Attestation is a critical process in Intel SGX technology that allows a remote party to verify the authenticity and integrity of a secure enclave and its contents. The attestation process involves the following steps:

  • The enclave generates a report that contains a measurement of the enclave's contents (code and data) and a unique identifier.
  • The report is signed by the enclave's private key, which is only accessible within the enclave itself.
  • The signed report is sent to a remote party, who then verifies the signature using the enclave's public key

Quote Verification​

Quote verification is an essential step in the remote attestation process to ensure that the code running within the enclave is genuine and un-tampered. The enclave provides several components as part of the measurement that forms the basis for the quote.

  1. Measurement: The enclave produces a measurement of its code and data, which is a cryptographic hash (usually SHA-256) that represents the enclave's initial state. This measurement includes the enclave's identity, version, and any additional metadata required for attestation.
  2. Report: The enclave generates a report containing the measurement, its state, and platform information. This report is specific to the local platform and cannot be used for remote attestation directly.
  3. Target Info: The target info is provided by the quoting enclave, which is another secure enclave responsible for generating quotes. This information helps the enclave creating the report to target a specific quoting enclave for the attestation process.
  4. Report Data: The report data is an optional field that can be used to include additional information or a custom payload, such as a public key or a nonce, which can be used during the quote verification process.

The quote generated by the quoting enclave primarily verifies the integrity and authenticity of the enclave's measurement, ensuring that the code running within the enclave has not been tampered with or altered. The quote also verifies the identity and version of the enclave, providing the verifier with the necessary information to establish trust in the remote enclave.

Lifecycle​

The following steps outline the remote attestation sequence:

  • Enclave creation: The application creates an enclave using the SGX SDK, allocating memory and loading the code to be executed within the enclave.
  • Enclave initialization: The enclave is initialized, and its secure memory regions are prepared for use.
  • Remote attestation process initiation: The application requests a challenge from the remote party, which will be used during the attestation process.
  • Report generation: The enclave generates a report containing its state, the code being executed, and the platform information.
  • Quote generation: The report is converted into a quote by the quoting enclave, which includes the report's cryptographic signature.
  • Quote verification: The remote party verifies the quote, either independently or using a trusted attestation service like Intel Attestation Service.
  • Secure communication: If the quote is verified successfully, a secure communication channel is established between the remote party and the enclave.

Is SGX Secure?​

Intel's SGX has had vulnerabilities in the past but its use in secure communications and credit card privacy show its not going anywhere. Switchboard mitigates active vulnerabilities by requiring oracles to verify their quote once a week, allowing the protocol to enforce patches and upgrades for vulnerability reports. Think of Switchboard as the management layer for managing Attestation quotes.

Switchboard also relies on economic incentives like staking and slashing to persuade honest behavior from participants. Economic incentives paired with TEEs provides a high level of security for smart contracts to rely on for off-chain computation.

What about Secret Network?

Secret Network is a privacy, layer 1 blockchain that uses secure enclaves for encrypting transactions. Researchers were able to exploit a vulnerability in SGX to leak the consensus seed and decrypt all past transactions. The fatal mistake was not rotating the decryption key to prevent machines running with known vulnerabilities from attesting their quote. Switchboard mitigates this by requiring weekly verification of oracles quotes to prevent a past vulnerability from affecting future performance.

Conclusion​

Intel SGX and other trusted execution environments significantly enhance the security of computing systems by providing isolated environments for executing sensitive code and protecting data. Through the use of attestation and quote verification, these technologies enable external parties to establish trust in the integrity and authenticity of the enclave, paving the way for secure communication and computation even in potentially hostile environments. By leveraging hardware-based isolation and cryptographic techniques, SGX and TEEs can play a critical role in safeguarding sensitive information and ensuring the privacy and security of modern computing systems.