Author:

Keywords:

Science & Technology, Technology, Computer Science, Software Engineering, Computer Science, Theory & Methods, Computer Science, Intel SGX, attestation, trusted channel, Transport Layer Security, Trusted Execution Environment, Artificial Intelligence & Image Processing, 46 Information and computing sciences

Abstract:

We present TC4SE, a trusted channel mechanism suitable for secure enclave-based trusted execution environments, such as Intel SGX, that leverage on the existing security properties provided by the TEE remote attestation scheme and Transport Layer Security (TLS) protocol. Unlike previous works that integrate attestation into the TLS handshake, TC4SE separates these two processes and binds the trust to the authentication primitives used by the TLS protocol. TC4SE avoids modifying the TLS protocol itself, thereby avoiding extra overhead, dependencies, and inadvertent introduction of security vulnerabilities. We argue that TC4SE provides the same level of security assurance as related works, while offering superior performance and implementation advantages, comparable to the regular TLS protocol.