██                                                                
              ██     ████                                                       
              ██     ████                                                       
                       ██                                                       
  ▒█████░   ████       ██      ██    ██   ██░████            ██▓█▒██▒   ░████▒  
 ████████   ████       ██      ██    ██   ███████            ████████  ░██████▒ 
 ██▒  ░▒█     ██       ██      ██    ██   ███░               ██░██░██  ██▒  ▒██ 
 █████▓░      ██       ██      ██    ██   ██                 ██ ██ ██  ████████ 
 ░██████▒     ██       ██      ██    ██   ██                 ██ ██ ██  ████████ 
    ░▒▓██     ██       ██      ██    ██   ██                 ██ ██ ██  ██       
 █▒░  ▒██     ██       ██▒     ██▒  ███   ██          ██     ██ ██ ██  ███░  ▒█ 
 ████████  ████████    █████   ▓███████   ██          ██     ██ ██ ██  ░███████ 
 ░▓████▓   ████████    ░████    ▓███░██   ██          ██     ██ ██ ██   ░█████▒ 

I don't believe in SGX and TEE

by silur

#So what I hear about Kerckhoff being bullied?

I see this new trend in research where some of my most feared topics in security and cryptography has been “solved” with a catchy whitepaper title, only to realize “it’s one of those SGX bullshits again”. So WTF is TEE and SGX and why I don’t consider it secure? Why do I say it lacks the rigorous requirements of a cryptographic scheme.

TEE is for Trusted Execution Environment, shortly an isolated blackbox from the CPU especially for security stuff. Intel introduced SGX in 2015 (still an opt-in feature) and made it even more of a blackbox with all the promised “anti-tamper” features.

I predict injecting malware into the enclave or bypassing all it’s security features with ROP are only two of many upcomming SGX hacks. The provisioning and a sealing master key is kept on the chip, and all subsequent keys are derived from these (they can’t access urandom). I expect the possibility of private key biases here but ofc not for sure, it’s still a freakin’ blackbox :) Even though it’s super hard and this kind of hardware hacking is out of my league, it’s definitely still possible to sidechannel with physical access and that’s enough for me to rather choose mathematical security assumptions.

Some of you may say “but if it comes to physical access to my machine, it’s the same with RSA keys and stuff”. Not really, that’s a very small subset of adversarial behaviour in the “TEE security model”, where you assume that an attacker cannot access the SGX because of…you. But what’s with the case of PoET? Game-theoretically the roles change and you become the adversary with physical access to your machine. Well very limited physical access for not everyone has a $60K electromicroscope home but hey as long as it’s possible before the heat death of the universe I’m out.

On defense of Kerckhoff, I feel like we fucked him over, because we put our money on blackboxes again. I mean LITERALLY, because intel is working on a joke called “Proof of Elapsed Time” consensus based on it’s TEE and is building a blockchain.

For the unfamiliar Kerckhoff’s principle states that the security of a system should not rely on incomplete knowledge about the system, only of the key. Methodologies and even message lengths in some cases are available for the adversary otherwise you are playing for obscurity.

I know that enterprises like Intel and it’s partners still inherently try to overarchitect securty and it’s intuitive to think obscurity == security for the laymen but please? It’s not like an advanced topic that you have to keep up on iacr for months…