MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties

08/21/2020
by   Guoxing Chen, et al.
0

Intel Software Guard Extensions (SGX) local and remote attestation mechanisms enable an enclave to attest its identity (i.e., the enclave measurement, which is the cryptographic hash of its initial code and data) to an enclave. To verify that the attested identity is trusted, one enclave usually includes the measurement of the enclave it trusts into its initial data in advance assuming no trusted third parties are available during runtime to provide this piece of information. However, when mutual trust between these two enclaves is required, it is infeasible to simultaneously include into their own initial data the other's measurements respectively as any change to the initial data will change their measurements, making the previously included measurements invalid. In this paper, we propose MAGE, a framework enabling a group of enclaves to mutually attest each other without trusted third parties. Particularly, we introduce a technique to instrument these enclaves so that each of them could derive the others' measurements using information solely from its own initial data. We also provide a prototype implementation based on Intel SGX SDK, to facilitate enclave developers to adopt this technique.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/01/2022

Towards Decentralized Identity Management in Multi-stakeholder 6G Networks

Trust-building mechanisms among network entities of different administra...
research
08/09/2022

Bottom-up Trust Registry in Self Sovereign Identity

Self sovereign identity is a form of decentralised credential management...
research
03/01/2019

TEEvil: Identity Lease via Trusted Execution Environments

We investigate identity lease, a new type of service in which users leas...
research
06/08/2022

Attestation Mechanisms for Trusted Execution Environments Demystified

Attestation is a fundamental building block to establish trust over soft...
research
01/16/2021

T-Lease: A Trusted Lease Primitive for Distributed Systems

A lease is an important primitive for building distributed protocols, an...
research
03/28/2019

An Approach to Identity Management in Clouds without Trusted Third Parties

The management of sensitive data, including identity management (IDM), i...
research
03/30/2023

Fuzzified advanced robust hashes for identification of digital and physical objects

With the rising numbers for IoT objects, it is becoming easier to penetr...

Please sign up or login with your details

Forgot password? Click here to reset