(2023) TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors.
![[img]](https://publications.cispa.saarland/style/images/fileicons/text.png) |
Text
samplepaper.pdf Download (752kB) |
Abstract
Platforms are nowadays typically equipped with trusted execution environments (TEEs), such as Intel SGX or ARM TrustZone. However, recent microarchitectural attacks on TEEs repeatedly broke their confidentiality guarantees, including the leakage of long-term cryptographic secrets. These systems are typically also equipped with a cryptographic coprocessor, such as a TPM or Google Titan. These coprocessors offer a unique set of security features focused on safeguarding cryptographic secrets. Still, despite their simultaneous availability, the integration between these technologies is practically nonexistent, which prevents them from benefitting from each other’s strengths. In this paper, we propose TALUS , a general design and a set of three main requirements for a secure symbiosis between TEEs and cryptographic coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a hardware TPM. We show that with TALUS, the long-term secrets used in the SGX life cycle can be moved to the TPM. We demonstrate that our design is robust even in the presence of transient execution attacks, preventing an entire class of attacks due to the reduced attack surface on the shared hardware.
| Item Type: | Conference or Workshop Item (A Paper) (Paper) |
|---|---|
| Divisions: | Sven Bugiel (Trusted Systems Group, TSG) Michael Schwarz (MS) |
| Conference: | FC Financial Cryptography and Data Security Conference |
| Depositing User: | Dhiman Chakraborty |
| Date Deposited: | 09 Feb 2023 13:36 |
| Last Modified: | 10 Feb 2023 21:03 |
| Primary Research Area: | NRA4: Secure Mobile and Autonomous Systems |
| URI: | https://publications.cispa.saarland/id/eprint/3901 |
Actions
Actions (login required)
 |
View Item |