experiences in intel sgx research - sigcomm...experiences in intel sgx research dongsu han and...
TRANSCRIPT
![Page 1: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/1.jpg)
ExperiencesinIntelSGXresearch
DongsuHanandSeongminKimKAIST
Jointworkwith:
ChanghoChoi,SohamDesai*,JuhyengHan,JaehyungHa,PreritJain*,JaeHyukLee,YoujungShin,BrentByounghoonKangandTaesooKim*
1APNet2017*
![Page 2: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/2.jpg)
Trend1:SecurityandPrivacyCriBcalFactorsinTechnologyAdopBon
• Demandsfor“security”and“privacy”areincreasing– WidespreaduseofTransportLayerSecurity(TLS)– Popularityofanonymitynetworks(e.g.,Tor)– UseofstrongauthenTcaTon/encrypToninWiFi
• ExpectaTononsecurityandprivacyimpactsdesigndecisions:– OperaTngsystem(iOS,Android)– Apps/services(e.g.,messenger,adblocker)– Networkinfrastructure(inter-domainSDN)
2APNet2017
![Page 3: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/3.jpg)
• Demandsfor“security”and“privacy”areincreasing– WidespreaduseofTransportLayerSecurity(TLS)– Popularityofanonymitynetworks(e.g.,Tor)– UseofstrongauthenTcaTon/encrypToninWiFi
• ExpectaTononsecurityandprivacyimpactsdesigndecisions:– OperaTngsystem(iOS,Android)– Apps/services(e.g.,messenger,adblocker)– Networkinfrastructure(inter-domainSDN)
Trend1:SecurityandPrivacyCriBcalFactorsinTechnologyAdopBon
3APNet2017
![Page 4: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/4.jpg)
Trend2:CommodiBzaBonofTrustedExecuBonEnvironment
• TrustedExecuTonEnvironment(TEE)– IsolatedexecuTon:integrityofcode,confidenTality– Remotea_estaTon
• CommodiTzaTonofTEE– TrustedPlaaormModule(TPM):Slowperformance– ARMTrustZone:Onlyavailableforembeddeddevices– IntelSodwareGuardExtension(SGX)1.NaTveperformance2.CompaTbilitywithx86
4
The commoditization of TEE brings new opportunities for networking.
APNet2017
![Page 5: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/5.jpg)
SGX:IsolatedExecuBon
• ApplicaTonkeepsitsdata/codeinsidethe“enclave”– Smallesta_acksurfacebyreducingTCB(App+processor)– Protectapp’ssecretfromuntrustedprivilegesodware(e.g.,OS,VMM)
5
CPUPackage
SystemMemory
Enclave
MemoryEncrypTonEngine(MEE)
Snooping
AccessfromOS/VMMEncrypted
code/data
APNet2017
![Page 6: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/6.jpg)
Challenger
SGX:RemoteALestaBon
• A_estanapplicaTononremoteplaaorm• ChecktheidenTtyofenclave(hashofcode/datapages)
• Canestablisha“securechannel”betweenenclaves6
TargetEnclave
QuoBngEnclave
SGXCPU
HostplaaormRemoteplaaorm1.Request
2.CalculateMAC
3.SendMAC
6.Sendsignature
CMAC
Hash
4.Verify 5.Signwithgroupkey[EPID]
APNet2017
![Page 7: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/7.jpg)
SGXResearch:CurrentStatusandChallenges
• SGXspecificaTonreleasedin2013.– SGXavailableinIntel’sSkylakemicroarchitecture(2015)– HardwareandsodwareimplementaTonsforSGXlagbehindtheirspecificaTons.
7
SGXCPUandSDKisnowavailable!But..• SpecificaTonforSGX[revision1&2]isnotfullyavailableontheSGXhardware(onlyfuncTonaliTesinrevision1)
• SGXtechnologyhasacomplexlicensemodel– Hardtoobtainfulllicense.
BarrierstoSGXresearch
APNet2017
![Page 8: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/8.jpg)
Ourwork1. Open-sourceemulatorplaaormforSGXresearch
-OpenSGX[NDSS16]
2. WhatimpactdoesSGXhaveonnetworking?-AfirstStepTowardsLeveragingCommodityTrustedexecuTonEnvironmentsforNetworkApplicaTons[HotNets15] -EnhancingSecurityandPrivacyofTor’sEcosystembyusingTrustedExecuTonEnvironment[NSDI17]-SGX-Box:EnablingVisibilityonEncryptedTrafficusingaSecureMiddleboxModule[APNet17]
8
![Page 9: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/9.jpg)
NetworkApplicaBons+TEE=?
• WhatimpactdoesTEEhaveonnetworking?[HotNets15]
• Previousefforts:AdopTngTEEtocloudplaaorm– Haven[OSDI’14]:ProtectsapplicaTonsfromanuntrustedcloud– VC3[S&P’15]:TrustworthydataanalyTcsinthecloud
9
NetworkApplicaBons
TEE
IntelSGX
Enhancedsecurity
Newdesignspace
NewfuncBonality
![Page 10: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/10.jpg)
CaseStudies:ThreeApplicaBons
1. Networkinfrastructure:Sodware-definedinter-domainrouTng[HotNets2015]
2. Peer-to-peersystems:Toranonymitynetwork[NSDI2017]
3. Middlebox:SecureMiddlebox[APNet2017]10
NetworkApplicaBons
TEE
IntelSGX
Enhancedsecurity
Newdesignspace
NewfuncBonality
![Page 11: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/11.jpg)
Ourwork1. OpenSGX[NDSS16]:Open-sourceemulatorplaaorm
forSGXresearch
2. WhatimpactdoesSGXhaveonnetworking?-AfirstStepTowardsLeveragingCommodityTrustedexecuTon
EnvironmentsforNetworkApplicaTons[HotNets15] -
-EnhancingSecurityandPrivacyofTor’sEcosystembyusingTrustedExecuTonEnvironment[NSDI17]-SGX-Box:EnablingVisibilityonEncryptedTrafficusingaSecureMiddleboxModule[APNet17]
11
![Page 12: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/12.jpg)
VirtualAddressSpace PhysicalAddressSpace
1.ECREATECreateanenclave
EPC
Memory(Untrusted)
PlaintextCode/Data
2.EADDAddpages
Code/Data
PlaintextCode/Data
Code/Data
PlaintextCode/Data
PlaintextCode/Data
4.EENTEREnterstheenclave 5.EEXITLeavestheenclave
Code/Data Code/Data
Background:EnclaveLifeCycle
13
3.EINITFinalizetheenclave
Enclave
ApplicaToncode
![Page 13: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/13.jpg)
OpenSGX:DesignGoal
13
• OfferacompleteplaaormforSGXresearch– ToexploresodwareandhardwaredesignspaceofSGX– TodevelopandevaluateSGX-enabledapplicaTons
• Solvenon-trivialissuesonSGXsodwarecomponents– Supportforsystemsodwareanduser-levelAPIs– Familiarprogrammingmodelandinterface– SecuredesigntodefendagainstpotenTala_ackvectors(e.g.,Iagoa_acks)
APNet2017
![Page 14: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/14.jpg)
OpenSGX:ComponentOverview
14
• EmulatedSGXhardware • Enclaveloaderü ü ü
SGXOSEmulaBon
SGXQEMU(HWemulaBon)
EnclaveProgram
OpenSGXtoolchain
Enclaveloader
SGXLibraries Trampoline
Stub
RunBmelibrary
EnclaveDebugger
PerformanceMonitor
• OSemulaTonlayer
• OpenSGXuserlibrary• OpenSGXtoolchain
• Enclavedebugger• Performancemonitor
APNet2017
![Page 15: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/15.jpg)
BinaryTranslaTon
OpenSGX:Approach
15
• Usinguser-spaceemulaTonofQEMU– BinarytranslaTontosupportSGXinstrucTons– QEMUhelperrouTnetoimplementcomplexinstrucTons
HelperrouTne-Setregisters-OperatesSGXinstrucBons
QEMU Host(singleaddressspace)
Wrapper
Lib
Stack Heap
Enclave
Code
Data
EPC EPC
EPC
EPC EPC
…
…
enclu(){…
asm(“.byte0x0f”
“.byte0x01”
“.byte0xd7”
“rax=entry”
…}
Entrypoint
…if(opcode==0x0f01d7){helper_enclu();}
…
RIP
EENTER
![Page 16: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/16.jpg)
HardwareEmulaBon
16
• EmulatesSGXdatastructuresandSGXprocessorkey• Enclavepagecache(EPC)memorymanagement– Directmappingonvirtualmemory– AccessprotecTon:Instrumentmemoryaccess
EPC_begin
EPC_end
enclave_begin
enclave_end
QEMU’stranslaTonrouTne
…Case(Load|Store){}
…
Virtualaddressspace
2.Prohibitothersenclaves’EPCtocurrentenclave’sEPC
1.ProhibitaccessfromhosttoEPC
![Page 17: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/17.jpg)
InstrucBonSupport
17
• OpenSGXsupportsmostinstrucTonsinthespecificaTon– ExceptfordebuggingrelatedinstrucTons(e.g.,EDBGRD)– Instead,itoffersrichenvironmentfordebuggingsinceitisa“so_wareemulator”(e.g.,GDBstub)
• ProvidessimpleCAPIswhichwrapsassemblycode– User-levelinstrucTons(ENCLU):accessibletouser-levelAPIs– Super-levelinstrucTons(ENCLS):Requiressystemsupport
APNet2017
![Page 18: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/18.jpg)
OSEmulaBonLayer
18
• EmulateOStoexecutetheprivilegedSGXinstrucTons• OS-neutralinterfacefor:
– Bootstrapping(EPCallocaTon)– EnclaveiniTalizaTon&pagetranslaTon– DynamicEPCpageallocaTon
Systemcall DescripBonsys_sgx_init() AllocateEPCmemoryregion
sys_init_enclave() Createanenclave,AddandmeasureEPCpagessys_add_epc() AllocatesanewEPCpagetotherunningenclave
sys_stat_enclave() ObtainstheenclaveperformancestaTsTcs
APNet2017
![Page 19: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/19.jpg)
NarrowinterfaceforSGXuserlib:TrampolineandStub
…
“Astrictandnarrowinterfacetohandleenclave-hostcommunicaTonusingshareddata/code”
19Enclave
Code
Heap
Lib
EmulatedOS Wrapper
Trampoline
(Shared)
…if(fcode==FUNC_MALLOC)alloc_tramp();…
fcodemcode
argument1
heap_end Stub:ShareddatatospecifythefuncBoncodeandarguments
Trampoline:Sharedcodetocalluser-levelAPIsinthewrapper
Heap
…malloc(100);…
malloc(){…sgx_exit(tram);…}
<SpecificaBon>fcode:FUNC_MALLOCmcode:EAUGsize:100
Stub
FULL!
![Page 20: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/20.jpg)
TrampolineandStubInterface
Stub…
“Astrictandnarrowinterfacetohandleenclave-hostcommunicaTonusingshareddata/code”
20Enclave
Code…malloc(100);…
Heap
Libmalloc(){…sgx_exit(tram);…}
EmulatedOS
intsys_add_epc(){encls(EAUG,…);…
Trampoline
(Shared)
CallEAUG
heap_end
ERESUME
EEXIT
heap_end+4KFUNC_MALLOC
EAUG100
…if(fcode==FUNC_MALLOC)alloc_tramp();…
Wrapper
alloc_tramp(){…sys_add_epc();…}
User-levelAPIstorequestsystemcalls
SystemCall
![Page 21: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/21.jpg)
OpenSGX:UsageExample
21
• SimilartobuildingaCprogram– Compile(Similartogcc)– Sign(Usingprogrammer’skey)– ExecuTon(Compiledenclavebinaryisloadedandexecuted)
APNet2017
voidenclave_main(){char*hello=“hellosgx!\n”;sgx_enclave_write(hello,strlen(hello));sgx_exit(NULL);}
$opensgx–chello.c$opensgx–shello.sgx–keysign.key$opensgxhello.sgxhello.confhellosgx!
Codeenclave_main()
Data“hellosgx\n”
0x0000EPC1
0x1000EPC2
Entrypoint:SigStruct:…
![Page 22: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/22.jpg)
OpenSGX:CurrentStatus
22
• Availableatgithub,releasedinMay2015– 14kLoC– h_ps://github.com/sslab-gatech/opensgx– 11Contributors(Gatech,KAIST,Twosigma,MITRE,…)– 31uniquecloners,1,645Views(January,2016)– Usedinacademia:S-NFV[SDN-NFVSecurity16],EdgefuncTons[SEC16],
SGX-enabledVMmigraTon[IEEESERVICES16],System-levelOpenSGX[Computers&Security17],…
• Ourcurrentcommunity
APNet2017
![Page 23: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/23.jpg)
Ourwork1. OpenSGX[NDSS16]:Open-sourceemulatorplaaorm
forSGXresearch
2. WhatimpactdoesSGXhaveonnetworking?-AfirstStepTowardsLeveragingCommodityTrustedexecuTon
EnvironmentsforNetworkApplicaTons[HotNets15] -
-EnhancingSecurityandPrivacyofTor’sEcosystembyusingTrustedExecuTonEnvironment[NSDI17]-SGX-Box:EnablingVisibilityonEncryptedTrafficusingaSecureMiddleboxModule[APNet17]
23
![Page 24: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/24.jpg)
Toranonymitynetwork
24
• Tor:themostpopularanonymitynetworkforInternetusers– Helpsuserstodefendagainsttrafficanalysisandkeepuser’sprivacy(e.g.,whatsitesyouvisit,IPaddress)[fromTorproject,www.torproject.org]– Freelyavailableasanopensource– 1.8millionusersonadailybasis
*fromOnionview,h6ps://onionview.codeplex.com/
APNet2017
ThegeographiclocaTonofTorrelays*
![Page 25: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/25.jpg)
Tornetwork:Threatmodel
25
• Tor’sThreatmodel– Torisavolunteer-basednetwork:Torrelaysarenottrusted
CanobservesomefracBonofnetworktraffic
CanrunaTorrelaysofhisown
CancompromisesomefracBonofTorrelays
Entry Middle Exit Torclient DesTnaTon
Plain-text
TLSchannel TLSchannel TLSchannel
• 3-hoponionrouTng:asingleTorenTtycannotknowbothclientandserver
ProcessingUnit:Cell(512Bytes)
APNet2017
![Page 26: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/26.jpg)
LimitaBonsofTor
26
Entry Middle Exit Torclients
DesTnaTon
Plain-text
TLSchannel TLSchannel TLSchannel
ALackerscanmodifythebehavior
GivefalseinformaTontoothers
Modifyorinjectthecell
Bandwidth20MB/s150MB/s
Inflated!
ProcessingUnit:Cell(512Bytes)
InformaBonvisibletoaLackers
Cell: header
DemulTplexandidenTfyacircuit
Cell
Cell
APNet2017
![Page 27: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/27.jpg)
SGX-Tor:LeveragingIntelSGXonTor
27
IntelSGX
Improvedtrustmodel
OperaBonalprivacy
PracBcalityTornetwork
Middle
Improvedtrustmodel OperaBonalprivacy PracBcality• SpellsoutwhatuserstrustinpracTce
• ProvidesulTmateprivacy
• ProtectssensiTvedataandToroperaTons
• PreventsmodificaTonsonTorrelays
• Thechanceofhavingmorehardwareresourcesdonated
• Incrementallydeployable
• CompaTbility
SGX-Tor
APNet2017
![Page 28: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/28.jpg)
Userprocess(TorapplicaBon)
SGX-Tor:DesignandImplementaBon
28
Enclavememory
SSLLibrary
ALestaBonModule
SealingModule
Seals/unsealsprivatedata
Integritycheck
Torcode/data(Core)-CircuitEstablishment-Hiddenservice-VoTng-EncrypTon/DecrypTon-Cell/ConsensuscreaTon
Crypto/TLSoperaTonsSecurelyobtainstheentropyandTmevalue
EncryptsandstoresthesensiTvedataoutsidetheenclave
ValidatestheenclavehashoftheTorprogram
APNet2017
![Page 29: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/29.jpg)
Userprocess(TorapplicaBon)
SGX-Tor:DesignandImplementaBon
29
Enclavememory
SSLLibrary
ALestaBonModule
SealingModule
Seals/unsealsprivatedata
Integritycheck
Torcode/data(Core)-CircuitEstablishment-Hiddenservice-VoTng-EncrypTon/DecrypTon-Cell/ConsensuscreaTon
Crypto/TLSoperaTons
SystemCall
EnclaveCreaTon
Trusted Untrusted
EnclaveiniTalizaTon
StandardLibrary(glibc)
Torcode/data(Untrusted)
SGXRunBmeLibrary
Applica0on
ECALL
OCALLRequestsystem
services
OCALL/ECALLWrapper
![Page 30: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/30.jpg)
Userprocess(TorapplicaBon)
SGX-Tor:DesignandImplementaBon
30
Enclavememory
SSLLibrary
ALestaBonModule
SealingModule
Seals/unsealsprivatedata
Integritycheck
Torcode/data(Core)-CircuitEstablishment-Hiddenservice-VoTng-EncrypTon/DecrypTon-Cell/ConsensuscreaTon
Crypto/TLSoperaTons
SystemCall
EnclaveCreaTon
Trusted Untrusted
EnclaveiniTalizaTon
StandardLibrary(glibc)
Torcode/data(Untrusted)
SGXRunBmeLibrary
Applica0on
ECALL
OCALLRequestsystem
services
OCALL/ECALLWrapper
Narrowinterface
Sanitychecking1. Argumentlength2. Addressrange
![Page 31: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/31.jpg)
ALacksdefeatedbyusingSGX-Tor
31
Replay CellcounBng
DirectoryauthoriBes
Maliciousrelay(modifiedTor)
1.BWscanning 2.Detectscanning 3.ReportfakeBW 4.Create
consensusdocument
AdverTsedBWInflated!
2.BandwidthinflaBon
1.TaggingaLack
APNet2017
Entry Middle Exit Torclients
DesTnaTon
Plain-text
TLSchannel TLSchannel TLSchannel
![Page 32: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/32.jpg)
ALacksdefeatedbyusingSGX-Tor
32
Replay CellcounBng
DirectoryauthoriBes
Maliciousrelay(modifiedTor)
1.BWscanning 2.Detectscanning 3.ReportfakeBW 4.Create
consensusdocument
AdverTsedBWInflated!
2.BandwidthinflaBon
1.TaggingaLack
APNet2017
Entry Middle Exit Torclients
DesTnaTon
Plain-text
TLSchannel TLSchannel TLSchannel
ALractmoreclients!
![Page 33: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/33.jpg)
ALacksdefeatedbyusingSGX-Tor(Cont.)
33
-accesssensiBvedata -modifythecodeALackerscannot
ALacksdefeated/miBgatedbySGX-Tor• CircuitdemulTplexing[S&P06]• BandwidthinflaTon[PETS07,S&P13]• Tagginga_ack[TON12,CCS12,S&P13]
…
Entry Middle Exit Torclients DesTnaTon
Plain-text
TLSchannel TLSchannel TLSchannel
Enclave
Circuitestablishment
CellcreaTonEncrypTon/DecrypTon
Onion/SSLkeycreaTon
Enclave EnclaveEnclave
Cell
Circuitdescriptor
Privatekeys
SGX-Torisanopensource:h_ps://github.com/KAIST-INA/SGX-Tor
![Page 34: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/34.jpg)
PerformanceevaluaBon
34
• SGX-Torperformance:WANse�ng– EstablishaprivateTornetwork– FortherealisTcscenario,weconsiderthe“localityofrelays”(Asia,EU,U.S.West,U.S.East)
00.20.40.60.81
0 250 500 750 1000
CummulaT
veProb.
Time-to-first-byte(ms)
10MB
100M
B
0 30 60 90 120
HTTPSHTTP
HTTPSHTTP
Throughput(Mbps)
FileSize
(MB)
client
server
Entry(KAIST)
Middle(Cloud)1.EU2.U.S.West3.U.S.East
Exit(Gatech)
<EvaluaBonenvironment>
:SGX-Tor :OriginalTor
11.9%degradaTon 3.9%addiTonallatency
Enclave Enclave
![Page 35: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/35.jpg)
OurEarlyLessonsonSGXresearch
• PerformanceoverheadscausedbyusingSGX– EPCPaging(limitedmemoryspace:<200MB)– Contextswitch(foreachOCALL)
• WhilebuildingSGX-basedsystem,weshould– Reduceenclavesizeasmuchaspossible– MinimizecopyingalreadyencrypteddatatoEPC(e.g.,SSL-encryptedpacket)
– Seallargedatastructuresthatareusedinfrequently
35APNet2017
![Page 36: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/36.jpg)
OurEarlyLessonsonSGXresearch(Cont.)
• SecurityissueswhilebuildingSGXsystems– Narrowinginterfacetoreducea_acksurfaceandsanitycheckingforinput/outputarguments
– Newa_ackscenarioscausedbyassumingmalicioussystemsodware(e.g.,bandwidthinflaTonbyOSinSGX-Tor)
• Asaresultofourexperience,wereleaseSGX-portedOpenSSLasanopensource– h_ps://github.com/sparkly9399/SGX-OpenSSL
36APNet2017
![Page 37: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/37.jpg)
Conclusion• WedesignandimplementOpenSGX,fullyfuncTonalandinstrucTon-compaTbleSGXemulator
• CommodiTzaTonofTEEbringsnewopportuniTesfornetworkapplicaTons
• Ongoingwork:ApplySGXtoNetworkFuncTonVirtualizaTon– BuildingasecuremiddleboxbyleveragingSGX– WillbepresentedinAPNet2017(SGX-Box)
37APNet2017
![Page 38: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/38.jpg)
38APNet2017
![Page 39: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/39.jpg)
OurEarlyLessonsonSGX
39
• MisconcepBonsonSGX– SGXfordesktop-likeenvironment:NeedssecureI/Ochannel(integraTonwithhardwaretechnologysuchasIntelIPT)
– NeedEPIDsupportforremotea_estaTon
• MalicioususeofIntelSGX– MalwaremightbepossiblebyabusingtheisolaTonproperty– FailsontradiTonalsignature-basedAVprograms
APNet2017
![Page 40: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/40.jpg)
Comparison:IntelSGXvsOpenSGX
40
IntelSGX OpenSGX Type Hardware SodwareEmulator
InstrucTons 16ENCLS,8ENCLU 13ENCLS,8ENCLU(Exceptdebugging)
Datastructures Specified ○
Paging Pagetable Directmapping
Systemsodware Notspecified UserlevelemulaTon
UserlevelAPIs SDKisavailable(OnlyforWindows) ○
![Page 41: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/41.jpg)
Enclave
DefenseagainstIagoaLacks
41
• Iagoa_acks[ASPLOS’13]:MaliciousOStriestosubverttrustedapplicaTonbyincorrectbehaviorex)addsincorrectEPCpageforheap
…malloc();
…
ApplicaTon In-enclaveLib
EmulatedOS
Wrapper Stubheap_endcur_heap_ptrvoid*malloc(intsize){
if(cur_heap_ptr==heap_end){stub->mcode=EAUG;exit(trampoline);}
Trampolinemalloc_tramp(){sys_add_epc();}
enclu(EACCEPT,…); intsys_add_epc(){…}
BadEPCpage
Detect!
![Page 42: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/42.jpg)
MemoryStateofOpenSGXProgram
42
SGXOSEmulaBon
QEMUSGX
Userprocess(singleaddressspace)
ENCLS(e.g.,EINIT)
PackageInfoEntrypointMeasurementKey…
SGXLib Trampoline
Stub Wrapper
Lib
Stack Heap
EnclaveProgram
Code
Data
EPC EPC
EPC
EPC EPC
…
…
Privilegeboundary
Systemcallsboundary
ENCLU(e.g.,EENTER)
ENCLU(e.g.,EEXIT)
Systemcall(e.g.,sys_sgxinit())
![Page 43: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/43.jpg)
Conclusion
43
• WedesignandimplementOpenSGX,fullyfuncTonalandinstrucTon-compaTbleSGXemulator
• AsashowcasingapplicaTon,wedevelopSGX-enabledTortoenhancethesecurityandprivacy
• OpenSGXoffersopportunitytoleverageallcomponentsofSGXfortheresearch– HardwaresemanTcs(e.g.,encrypTonschemeofMEE)– Systemsodware,enclaveloaderanduser-levelAPIs– RedesigningunforeseensecurityapplicaTons(e.g.,Tor)
APNet2017
![Page 44: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/44.jpg)
Trend:CommodiBzaBonofTEE
44
• TrustedExecuTonEnvironment(TEE):HardwaretechnologyfortrustedcompuTng
OS(untrusted)
ApplicaTon(untrusted)
Securecontainer IntegritycheckingàPreventsbehaviormodificaTon
Modified Torcode
• IntelSGX:apromisingTEEtechnologyforgenericapplicaTons– NaTveperformanceinthesecuremode– AvailableonIntelSkylakeandKabylakeCPU
Cannotaccessdata,flowcontrolXàProtectsthesecrecyoftheprogram
edit
Original
APNet2017
![Page 45: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/45.jpg)
Tornetwork:Threatmodel(Cont.)
45
DirectoryauthoriBes
• Carefuladmission• Behaviormonitoring
Torclient DesTnaTon AnonymityBroken!
APNet2017
![Page 46: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/46.jpg)
Tornetwork:Threatmodel(Cont.)
46
Torclient DesTnaTon AnonymityBroken!
… • Havingalargenumberofrelays
Out-of-scope:network-leveladversary(controlsalargefracTonofnetwork)
1. Currentlyruns~10,000relays
2. Large-scaletrafficcorrelaTonisbelievedtobeverifydifficultinpracTce
APNet2017
DirectoryauthoriBes
• Carefuladmission• Behaviormonitoring
![Page 47: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/47.jpg)
Tornetwork:Threatmodel(Cont.)
47
Out-of-scope:network-leveladversarywhocancontrolsalargefracBonofTor
network
1. Currentlyruns~10000relays
2. Large-scaletrafficcorrelaBonarebelievedtobeverifydifficultinpracBce
However, Tor is still vulnerable to many types of attacks under its traditional threat model
APNet2017
Torclient DesTnaTon AnonymityBroken!
… • Havingalargenumberofrelays
DirectoryauthoriBes
![Page 48: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/48.jpg)
LimitaBonsofTor
48
Problem1.Torrelaysaresemi-trusted– AuthoriTescannotfullyverifythebehaviorsofthem
Problem2.EvenaLackerscontrolafewTorrelays,theycan– AccessinternalinformaTon(circuitidenTfier,cellheader,…)– Modifythebehaviorofrelays(DDoS,packettampering,…)
Modifyingthebehavior
AccessinginternalinformaBon
• MaliciouscircuitcreaTon[Security09,CCS11]• Snipera_ack[NDSS15]• Badapplea_ack[LEET11]
• HarvesTnghiddenservicedescriptors[S&P13]
• CircuitdemulTplexing[S&P06]• WebsitefingerprinTng
[Security15]
Both
<Low-resourceaLacks> • tagginga_ack[ICC08,TON12,
CCS12,S&P13]• BandwidthinflaTon[PETS07,
S&P13]• ControllingHSDir[S&P13]
![Page 49: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/49.jpg)
LimitaBonsofTor(Cont.)
49
ToaddresstheproblemsonTor,1)Fundamentaltrustbootstrappingmechanism2)AdvancedtrustmodeltoverifyuntrustedremoteparTesarerequired
APNet2017
Entry Middle Exit Torclients
DesTnaTon
Plain-text
TLSchannel TLSchannel TLSchannel
![Page 50: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/50.jpg)
SGX-Tor:LeveragingIntelSGXonTor
50
IntelSGX
Improvedtrustmodel
OperaBonalprivacy
PracBcalityTornetwork
Middle
Improvedtrustmodel OperaBonalprivacy PracBcality• SpellsoutwhatuserstrustinpracTce
• ProvidesulTmateprivacy
• ProtectssensiTvedataandToroperaTons
• PreventsmodificaTonsonTorrelays
• Thechanceofhavingmorehardwareresourcesdonated
• Incrementallydeployable
• CompaTbility
SGX-Tor
APNet2017
àReducesthepowerofana_ackerwhocurrentlygetsthesensiTveinformaTonbyrunningTorrelays
àRaisesthebarforToradversarytoatradiTonalnetwork-leveladversary(onlypassivelyseetheTLSbytestream)
![Page 51: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/51.jpg)
SGX-Tor:ThreatModel
51
• OnlytruststheunderlyingSGXhardware&Torcodeitself• Donotaddressnetwork-leveladversaries:whocanperformlarge-
scaletrafficanalysis• Outofscope:VulnerabiliTesinTorcodes,SGXsidechannela_acksàMiTgatedbyrecentSGXresearch:Moat[CCS16],SGX-Shield[NDSS17],T-SGX[NDSS17]
OS(untrusted)
ApplicaTon(untrusted)
Enclave
CPU
Powerfulnetwork-leveladversary:out-of-scopeTCB:Enclave+CPUpackage
<SGXThreatmodel> <TorThreatmodel>
![Page 52: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/52.jpg)
NewfuncBonality:AutomaBcadmission
52
• IntegrityverificaBonofrelays(DirectoryauthorityàOnionRouter)– AutomaTcallyadmits“unmodified”and“SGX-enabled”relays– Improvedtrustmodel:currentimplicittrustmodelturnsintotheexplicittrust
model
Directoryauthority
Torrelays
Expectedhash Admit(matchsuccess)
A_estaTonfail(notSGX-enabled)
A_estaTonfail(badhash)
Enclave
EnclaveRemote
A_estaTon
Enclave
Nickname:OR1
Nickname:OR2
Nickname:OR3
Consensusdocument
(modified)
name:OR1BW:20MB/sfingerprint:….
NOTE:TorusesthesamebinaryfordirectoryauthoriTes,Torrelays,andclientproxies
APNet2017
![Page 53: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/53.jpg)
Incrementaldeployability
53
• SGX-Tor’sbasicassumpBon:“AllrelaysandauthoriTesareSGX-enabled”
• SGX-Torsupportsinteroperability– Allowsadmissionofnon-SGXrelayswithoutremotea_estaTon– SGX-enabledclientscangetthelistofSGX-TorrelaysfromSGX-enabledauthoriTes
Entry Middle Exit Torclient DesTnaTon
Enclave Enclave Enclave
Enclave … Enclave EnclaveDirectoryauthoriTes
RemoteA_estaTon
Enclave
Enclave
APNet2017
![Page 54: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/54.jpg)
ImplementaBondetail
54
• Engineeringefforts– SupportforWindows/Linux(basedonIntelSGXSDK)– SGX-portedlibraries:OpenSSL,libevent,zlibc– SGX-Torisanopensource:Availableath_ps://github.com/KAIST-INA/SGX-Tor
• TrustedCompuTngBase(TCB)size– TCBsizeofHaven:Morethan200MB(maximumenclavesize:128MBinWindows)
– 3.8xsmaller(320KLoCvs1,228KLoC)thanGraphene(opensourcelibraryOSforSGX)
APNet2017
![Page 55: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/55.jpg)
EvaluaBon
55
1)WhatkindofsensiBvedataofTorisprotectedbySGX-Tor?2)WhatistheperformanceoverheadofrunningSGX-Tor?3)HowcompaBbleandincrementallydeployableisSGX-TorwiththecurrentTornetwork?
• Environmentalsetup– SGXCPUs:IntelCorei7-6700(3.4GHz)andIntelXeonCPUE3-1240(3.5GHz)– ConfiguraTon:128MBEnclavePageCache(EPC)– RunningTorinWindows,FirefoxasaTorbrowser(intheclientproxy)– EstablishaprivateTornetworkusingchutney
APNet2017
![Page 56: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/56.jpg)
WhatisprotectedbySGX-Tor?
56
CurrentTor Network-leveladversary SGX-Tor
TCP/IPheader Visible Visible Visible TLS-encryptedbytestream Visible Visible Visible
Cell Visible Notvisible Notvisible CircuitID Visible Notvisible Notvisible
VoTngresult Visible Notvisible Notvisible Consensusdocument Visible Notvisible Notvisible
Hiddenservicedescriptor Visible Notvisible Notvisible Listofrelays Visible Notvisible Notvisible Privatekeys Visible Notvisible Notvisible
APNet2017
![Page 57: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/57.jpg)
00.20.40.60.81
0 1 2 3Cu
mmulaT
ve
Prob
. HiddenServiceThroughput
PerformanceevaluaBon(Cont.)
57
• End-to-endclientperformanceofSGX-Tor(usingTorbrowser)– Weblatency:VisiTngAlexaTop50websites– Hiddenservice:HTTPfileserver(downloading10MB)
00.20.40.60.81
0 50 100 150
CummulaT
ve
Prob
.
WebpageLoadingTime(s)
:SGX-Tor :OriginalTor
3.3%degradaTon 7.4%addiTonallatency
SGX-Tor:13.2sOriginal:12.2s
SGX-Tor:1.30MbpsOriginal:1.35Mbps
APNet2017
![Page 58: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/58.jpg)
CompaBbilitywithvanillaTor
58
• Long-running:AdmitSGX-TorrelaysinthevanillaTor– Collectedresultsfortwoweeks
AdverBsedbandwidth* MiddleselecBonProbability NetworkI/Obandwidthpersecond
:SGX-Tor :OriginalTor
Fast Stable
*Fromh_ps://collector.torproject.org/
ServesTortrafficwell ActuallyselectedbymulTpleTorusers
Listedintheconsensusdocument
APNet2017
![Page 59: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/59.jpg)
Conclusion
59
• WedesignandimplementSGX-TorbyleveragingcommodityTEEanddemonstrateitsviability– Givesmoderateperformanceoverhead– ShowsitscompaTbilityandpossibilityofincrementaldeployment
• SGX-TorenhancesthesecurityandprivacyofTorby– DefendingagainstexisTnga_acksonTor– BringingchangestothetrustmodelofTor– ProvidingnewproperTes:automaTcadmission
• Availableatgithub!(h_ps://github.com/KAIST-INA/SGX-Tor)
APNet2017
![Page 60: Experiences in Intel SGX research - SIGCOMM...Experiences in Intel SGX research Dongsu Han and Seongmin Kim KAIST Joint work with: Changho Choi, Soham Desai*, Juhyeng Han, Jaehyung](https://reader033.vdocuments.net/reader033/viewer/2022050611/5fb28a781d74db3d3f53b53a/html5/thumbnails/60.jpg)
On-GoingWork
• ApplySGXtoNetworkFuncTonVirtualizaTon– RunningmiddleboxesonactualSGX-enabledCPU– WillbepresentedinAPNet2017(SGX-Box)
• Enhancingthesecurityandprivacyofsodware-definedinter-domainrouTng
60APNet2017