CISPA
Browse
cispa_all_3901.pdf (735.26 kB)

TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors

Download (735.26 kB)
conference contribution
posted on 2023-11-29, 18:25 authored by Dhiman Chakraborty, Michael SchwarzMichael Schwarz, Sven BugielSven Bugiel
Platforms are nowadays typically equipped with trusted execution environments (TEEs), such as Intel SGX or ARM TrustZone. However, recent microarchitectural attacks on TEEs repeatedly broke their confidentiality guarantees, including the leakage of long-term cryptographic secrets. These systems are typically also equipped with a cryptographic coprocessor, such as a TPM or Google Titan. These coprocessors offer a unique set of security features focused on safeguarding cryptographic secrets. Still, despite their simultaneous availability, the integration between these technologies is practically nonexistent, which prevents them from benefitting from each other’s strengths. In this paper, we propose TALUS , a general design and a set of three main requirements for a secure symbiosis between TEEs and cryptographic coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a hardware TPM. We show that with TALUS, the long-term secrets used in the SGX life cycle can be moved to the TPM. We demonstrate that our design is robust even in the presence of transient execution attacks, preventing an entire class of attacks due to the reduced attack surface on the shared hardware.

History

Preferred Citation

Dhiman Chakraborty, Michael Schwarz and Sven Bugiel. TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors. In: Financial Cryptography and Data Security (FC). 2023.

Primary Research Area

  • Secure Connected and Mobile Systems

Name of Conference

Financial Cryptography and Data Security (FC)

Legacy Posted Date

2023-02-09

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3901, title = "TALUS: Reinforcing TEE Confidentiality with Cryptographic Coprocessors", author = "Chakraborty, Dhiman and Schwarz, Michael and Bugiel, Sven", booktitle="{Financial Cryptography and Data Security (FC)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC