Recognition: unknown
Integrating Remote Attestation with Transport Layer Security
read the original abstract
Intel(R) Software Guard Extensions (Intel(R) SGX) is a promising technology to securely process information in otherwise untrusted environments. An important aspect of Intel SGX is the ability to perform remote attestation to assess the endpoint's trustworthiness. Ultimately, remote attestation will result in an attested secure channel to provision secrets to the enclave. We seamlessly combine Intel SGX remote attestation with the establishment of a standard Transport Layer Security (TLS) connection. Remote attestation is performed during the connection setup. To achieve this, we neither change the TLS protocol, nor do we modify existing protocol implementations. We have prototype implementations for three widely used open-source TLS libraries: OpenSSL, wolfSSL and mbedTLS. We describe the requirements, design and implementation details to seamlessly bind attested TLS endpoints to Intel SGX enclaves.
This paper has not been read by Pith yet.
Forward citations
Cited by 2 Pith papers
-
A TEE-Based Architecture for Confidential and Dependable Process Attestation in Authorship Verification
First TEE-based architecture for continuous process attestation with hardware tamper resistance, tiered assurance levels, Markov-chain dependability modeling, and resilient protocol achieving over 99.5% evidence chain...
-
TrustMee: Self-Verifying Remote Attestation Evidence
TrustMee enables self-verifying remote attestation evidence by embedding WebAssembly verification logic in attestation bundles for platform-independent validation of confidential VMs.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.