Skip to main content
SpringerLink
Log in

On the Suitability of Using SGX for Secure Key Storage in the Cloud

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12395))

Included in the following conference series:

Abstract

This paper addresses the need for secure storage in virtualized services in the cloud. To this purpose, we evaluate the security properties of Intel’s Software Guard Extensions (SGX) technology, which provides hardware protection for general applications, for securing virtual Hardware Security Modules (vHSM). In order for the analysis to be comparable with analyses of physical HSMs, the evaluation proceeds from the FIPS 140–3 standard, the successor to FIPS 140–2, which is commonly used to assess security properties of HSMs.

Our contribution is twofold. First, we provide a detailed security evaluation of vHSMs using the FIPS 140–3 standard. Second, after concluding that the standard is designed for stand-alone rather than virtual systems, we propose a supplementary threat model, which considers threats from different actors separately. This model allows for different levels of trust in actors with different capabilities and can thus be used to assess which parts of FIPS 140–3 that should be considered for a specific attacker.

Using FIPS 140–3 in combination with the threat model, we find that SGX enclaves provide sufficient protection against a large part of the potential actors in the cloud. Thus, depending on the threat model, SGX can be a helpful tool for providing secure storage for virtualized services.

This work was partially supported by the Wallenberg AI, Autonomous Systems and Software Program (WASP) and the Swedish Foundation for Strategic Research, grant RIT17-0035.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For some cache-based attacks the mitigation must be implemented in the software implementation since Intel has not considered such attacks as in-scope for SGX.

  2. 2.

    These attacks can leak secrets from VM and SGX boundaries. What is not clear however, is whether the combination of the two technologies would be a significant hindrance for an attacker. We have elected to use the most pessimistic interpretation.

References

  1. Arnautov, S., et al.: SCONE: secure Linux Containers with Intel SGX. In: OSDI, pp. 689–704 (2016)

    Google Scholar 

  2. Braz, F.A., Fernandez, E.B., VanHilst, M.: Eliciting security requirements through misuse activities. In: 2008 19th International Workshop on Database and Expert Systems Applications, pp. 328–333. IEEE (2008)

    Google Scholar 

  3. Callan, R., Popovic, N., Daruna, A., Pollmann, E., Zajic, A., Prvulovic, M.: Comparison of electromagnetic side-channel energy available to the attacker from different computer systems. In: IEEE International Symposium on Electromagnetic Compatibility, vol. 2015, pp. 219–223. IEEE, September 2015

    Google Scholar 

  4. Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive 2016 086, 1–118 (2016)

    Google Scholar 

  5. Genkin, D., Pipman, I., Tromer, E.: Get your hands off my laptop: physical side-channel key-extraction attacks on PCs: extended version. J. Cryptogr. Eng. 5(2), 95–112 (2015)

    Article  Google Scholar 

  6. Huo, T., et al.: BlueThunder: a 2-level directional predictor based side-channel attack against SGX. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(1), 321–347 (2019)

    Google Scholar 

  7. ISO/IEC 17825:2016: Information technology – security techniques – testing methods for the mitigation of non-invasive attack classes against cryptographic modules (2016)

    Google Scholar 

  8. ISO/IEC 19790:2012: Information technology – security techniques – security requirements for cryptographic modules (2012)

    Google Scholar 

  9. ISO/IEC 24759:2017: Information technology – security techniques – test requirements for cryptographic modules (2017)

    Google Scholar 

  10. Khan, M.A.: A survey of security issues for cloud computing. J. Netw. Comput. Appl. 71, 11–29 (2016)

    Article  Google Scholar 

  11. Lindell, Y.: The security of intel SGX for key protection and data privacy applications. Technical report (2018). https://cdn2.hubspot.net/hubfs/1761386/Unbound_Docs_/security-of-intelsgx-key-protection-data-privacy-apps.pdf

  12. Mokhtar, S.B., Boutet, A., Felber, P., Pasin, M., Pires, R., Schiavoni, V.: X-search: revisiting private web search using intel SGX. In: Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference, pp. 198–208 (2017)

    Google Scholar 

  13. National Institute of Standards and Technology: Fips 140–3: Security requirements for cryptographic modules (2018)

    Google Scholar 

  14. Nilsson, A., Nikbakht Bideh, P., Brorsson, J.: A survey of published attacks on intel SGX. Technical report (2020). http://lup.lub.lu.se/record/a6d6575f-ac4f-466f-8582-48e1fe48b50c

  15. NIST: SP 800–140F(draft): CMVP approved non-invasive attack mitigation test metrics: CMVP validation authority updates to ISO/IEC 24759:2014(E) (2019)

    Google Scholar 

  16. Priebe, C., Vaswani, K., Costa, M.: EnclaveDB: a secure database using SGX. In: Proceedings - IEEE Symposium on Security and Privacy, vol. 2018, pp. 264–278, May 2018

    Google Scholar 

  17. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM (2009)

    Google Scholar 

  18. Saab, S., Rohatgi, P., Hampel, C.: Side-channel protections for cryptographic instruction set extensions. IACR Cryptology ePrint Archive 2016, 700 (2016)

    Google Scholar 

  19. Schuster, F., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: 2015 IEEE Symposium on Security and Privacy, vol. 2015, pp. 38–54. IEEE, July 2015

    Google Scholar 

  20. Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. (CSUR) 48(3), 1–38 (2016)

    Article  Google Scholar 

  21. Shinde, S., Chua, Z.L., Narayanan, V., Saxena, P.: Preventing your faults from telling your secrets: defenses against pigeonhole attacks. arxiv.org (2015)

  22. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requir. Eng. 10(1), 34–44 (2005)

    Article  Google Scholar 

  23. Van Schaik, S., Minkin, M., Kwong, A., Genkin, D., Yarom, Y.: CacheOut: Leaking Data on Intel CPUs via Cache Evictions, p. 16 (2020). cacheoutattack.com

  24. Weisse, O., et al.: Foreshadow-NG: breaking the virtual memory abstraction with transient out-of-order execution. In: Proceedings of 27th USENIX Security Symposium (2018)

    Google Scholar 

  25. Xiong, W., Lagerström, R.: Threat modeling-a systematic literature review. Comput. Secur. 84, 53–69 (2019)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Information Technology, Lund University, Lund, Sweden

    Joakim Brorsson, Pegah Nikbakht Bideh, Alexander Nilsson & Martin Hell

  2. Combitech AB, Linköping, Sweden

    Joakim Brorsson

  3. Hyker Security AB, Linköping, Sweden

    Joakim Brorsson

  4. Advenica AB, Malmö, Sweden

    Alexander Nilsson

Authors
  1. Joakim Brorsson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pegah Nikbakht Bideh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexander Nilsson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Martin Hell
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joakim Brorsson .

Editor information

Editors and Affiliations

  1. School of Engineering, University of the Aegean, Karlovassi, Samos, Greece

    Stefanos Gritzalis

  2. SBA Research, Vienna, Wien, Austria

    Edgar R. Weippl

  3. Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Gabriele Kotsis

  4. Vienna University of Technology, Vienna, Wien, Austria

    A Min Tjoa

  5. Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

    Ismail Khalil

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brorsson, J., Bideh, P.N., Nilsson, A., Hell, M. (2020). On the Suitability of Using SGX for Secure Key Storage in the Cloud. In: Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2020. Lecture Notes in Computer Science(), vol 12395. Springer, Cham. https://doi.org/10.1007/978-3-030-58986-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58986-8_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58985-1

  • Online ISBN: 978-3-030-58986-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation