Hardware-based Integrity Protection Flashcards
1
Q
What are the three layers of the protection pyramid?
A
Secure Execution, Secure Storage, Attestation
2
Q
What are the two main security models in relation to HW based integrity protection?
A
Static protection -> TPM: software components (BIOS, boot loader, OS, etc.) constitute a hash chain. Idea: if system starts secure, it stays secure
Dynamic protection -> Intel SGX:
Security enforced on CPU-level protects programs throughout execution
3
Q
How does Attestation with a TPM work?
A
- TPM has platform configuration registers (PCR)
- registers store hashes of parts of the running software stack
- TPM can later report hashes by signing them with a specific key -> can be used as means for authentication
4
Q
Name 3 important TPM keys
A
- Endorsement key: Constitutes identity of TPM, generated and certified upon production, used for “taking ownership”
- Storage root key: root of trust for protecting secrets stored on the TPM
- Attestation Identity Keys: used for signing PCR values without directly using the endorsement key (privacy!)
5
Q
What are some limitations of TPM?
A
- TPM chip required
- hashes of all versions of software have to be known and maintained
- third party verifier has to attest system (single point of failure!)
- Starting secure does not necessarily mean staying secure
6
Q
How does Intel SGX realize Secure Execution?
A
- Hardware enforced protection of program memory: so called Enclave
- Enclaves are signed and signatures are verified at startup time
- Enclave memory can never be read / written from outside
- Production enclaves cannot be debugged
7
Q
How does Intel SGX realize Secure Storage?
A
- CPU-enforced data encryption
- memory is encrypted with replay protection
- encryption keys rotate in every power cycle
8
Q
How does Intel SGX realize Attestation?
A
- SGX generates unforgeable proofs of the enclave in question
- proofs carry information about the enclave’s code and execution environment
- proofs can be requested by local or remote processes
9
Q
What are some limitations of SGX?
A
- doesn’t address issues like buffer overflows
- SGX targets integrity, not confidentiality: code is retrievable
- side-channel attacks possible
- remote attestation requires subscription to intel