Towards attack-tolerant trusted execution environments: Secure remote attestation in the presence of side channels

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.advisorLiljestrand, Hans
dc.contributor.advisorGunn, Lachlan
dc.contributor.authorCrone, Max
dc.contributor.schoolPerustieteiden korkeakoulufi
dc.contributor.supervisorAsokan, N
dc.date.accessioned2021-08-29T17:07:34Z
dc.date.available2021-08-29T17:07:34Z
dc.date.issued2021-08-23
dc.description.abstractIn recent years, trusted execution environments (TEEs) have seen increasing deployment in computing devices to protect security-critical software from run-time attacks and provide isolation from an untrustworthy operating system (OS). A trusted party verifies the software that runs in a TEE using remote attestation procedures. However, the publication of transient execution attacks such as Spectre and Meltdown revealed fundamental weaknesses in many TEE architectures, including Intel Software Guard Exentsions (SGX) and Arm TrustZone. These attacks can extract cryptographic secrets, thereby compromising the integrity of the remote attestation procedure. In this work, we design and develop a TEE architecture that provides remote attestation integrity protection even when confidentiality of the TEE is compromised. We use the formally verified seL4 microkernel to build the TEE, which ensures strong isolation and integrity. We offload cryptographic operations to a secure co-processor that does not share any vulnerable microarchitectural hardware units with the main processor, to protect against transient execution attacks. Our design guarantees integrity of the remote attestation procedure. It can be extended to leverage co-processors from Google and Apple, for wide-scale deployment on mobile devices.en
dc.format.extent64
dc.format.mimetypeapplication/pdfen
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/109304
dc.identifier.urnURN:NBN:fi:aalto-202108298540
dc.language.isoenen
dc.programmeMaster’s Programme in Security and Cloud Computing (SECCLO)fi
dc.programme.majorSecurity and Cloud Computingfi
dc.programme.mcodeSCI3113fi
dc.subject.keywordtrusted execution environmenten
dc.subject.keywordremote attestationen
dc.subject.keywordsel4 microkernelen
dc.subject.keywordintel sgxen
dc.subject.keywordarm trustzoneen
dc.subject.keywordside channelsen
dc.titleTowards attack-tolerant trusted execution environments: Secure remote attestation in the presence of side channelsen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.ontasotMaster's thesisen
dc.type.ontasotDiplomityöfi
local.aalto.electroniconlyyes
local.aalto.openaccessyes
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
master_Crone_Max_2021.pdf
Size:
1009.02 KB
Format:
Adobe Portable Document Format