2

How a client machine could put secrets into the sgx enabled server protecting from man in the middle considering server os as malicious and also I read somewhere on internet that you should not create secrets into enclave rather you should put secrets directly into enclave from your client considering client is not malicious.

When I say MIM I mean OS as man in the middle.

I know use of TLS connection.

I read about remote attestation, does the client needs to be an sgx enabled machine too and how could I directly put secrets into enclave if client is a non sgx machine while protecting from mim attack?

Kumar Roshan Mehta
  • 149
  • 1
  • 13

1 Answers1

1

The client does not need to support SGX to interface with a service using SGX. In fact, unless you plan to use remote attestation, there is no way the server would know whether or not the client supports SGX.

SGX allows running specialized code inside a "secure enclave" in the processor: the process state cannot be examined by a debugger, and the memory used by the secure enclave is protected against access by even the operating system.

A typical way to place data in the enclave is to generate a public/private keypair within the enclave, export the public key to outside the enclave, then have the client encrypt data with the public key. The (now-encrypted) data is copied to the enclave (including over the network, if necessary) and then decrypted within the SGX enclave. At this point, the enclave can do whatever operations are necessary on the data.

Note that SGX can also use the hardware sealing key to persist data that can only be recovered on the same host.

There was an excellent presentation on SGX at Black Hat USA 2016 that provides more implementation details on some of these aspects.

David
  • 15,814
  • 3
  • 48
  • 73
  • I plan to use remote attestation to provision secrets into server enclave. Do i still not require a sgx enabled client ? Isn't generating public/private key in enclave is unsafe as enclave code can be deassembled? – Kumar Roshan Mehta Jan 08 '18 at 11:50
  • Yes, if you're going to use remote attestation on the client, then you need SGX on the client. Being able to disassemble the code does not make the key generation unsafe -- the enclave has access to the hardware RNG to generate entropy for the key. – David Jan 08 '18 at 16:42
  • Thanks, I gave you the bounty, If you could answer this too: https://stackoverflow.com/questions/48130985/client-server-program-with-intel-sgx – Kumar Roshan Mehta Jan 13 '18 at 09:25
  • Isn't your approach is vulnerable to mim attack. Should I sign shared secret signed with enclave public with the private key of clien(user) ? – Kumar Roshan Mehta Feb 05 '18 at 08:27