Towards attack-tolerant trusted execution environments: Secure remote attestation in the presence of side channels
dc.contributor | Aalto-yliopisto | fi |
dc.contributor | Aalto University | en |
dc.contributor.advisor | Liljestrand, Hans | |
dc.contributor.advisor | Gunn, Lachlan | |
dc.contributor.author | Crone, Max | |
dc.contributor.school | Perustieteiden korkeakoulu | fi |
dc.contributor.supervisor | Asokan, N | |
dc.date.accessioned | 2021-08-29T17:07:34Z | |
dc.date.available | 2021-08-29T17:07:34Z | |
dc.date.issued | 2021-08-23 | |
dc.description.abstract | In recent years, trusted execution environments (TEEs) have seen increasing deployment in computing devices to protect security-critical software from run-time attacks and provide isolation from an untrustworthy operating system (OS). A trusted party verifies the software that runs in a TEE using remote attestation procedures. However, the publication of transient execution attacks such as Spectre and Meltdown revealed fundamental weaknesses in many TEE architectures, including Intel Software Guard Exentsions (SGX) and Arm TrustZone. These attacks can extract cryptographic secrets, thereby compromising the integrity of the remote attestation procedure. In this work, we design and develop a TEE architecture that provides remote attestation integrity protection even when confidentiality of the TEE is compromised. We use the formally verified seL4 microkernel to build the TEE, which ensures strong isolation and integrity. We offload cryptographic operations to a secure co-processor that does not share any vulnerable microarchitectural hardware units with the main processor, to protect against transient execution attacks. Our design guarantees integrity of the remote attestation procedure. It can be extended to leverage co-processors from Google and Apple, for wide-scale deployment on mobile devices. | en |
dc.format.extent | 64 | |
dc.format.mimetype | application/pdf | en |
dc.identifier.uri | https://aaltodoc.aalto.fi/handle/123456789/109304 | |
dc.identifier.urn | URN:NBN:fi:aalto-202108298540 | |
dc.language.iso | en | en |
dc.programme | Master’s Programme in Security and Cloud Computing (SECCLO) | fi |
dc.programme.major | Security and Cloud Computing | fi |
dc.programme.mcode | SCI3113 | fi |
dc.subject.keyword | trusted execution environment | en |
dc.subject.keyword | remote attestation | en |
dc.subject.keyword | sel4 microkernel | en |
dc.subject.keyword | intel sgx | en |
dc.subject.keyword | arm trustzone | en |
dc.subject.keyword | side channels | en |
dc.title | Towards attack-tolerant trusted execution environments: Secure remote attestation in the presence of side channels | en |
dc.type | G2 Pro gradu, diplomityö | fi |
dc.type.ontasot | Master's thesis | en |
dc.type.ontasot | Diplomityö | fi |
local.aalto.electroniconly | yes | |
local.aalto.openaccess | yes |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- master_Crone_Max_2021.pdf
- Size:
- 1009.02 KB
- Format:
- Adobe Portable Document Format