intel sgx chip security

Intel SGX Security Vulnerability Raises Concerns

Overview of the Intel SGX Vulnerability

Intel has spoken up following a cybersecurity researcher’s report of major inroads in hacking its Intel SGX (Software Guard Extensions). This technology works by allowing for the storage of sensitive data and code within a trusted execution environment, (in this case an enclave) which is basically a secure region in every Intel processor with encrypted memory protection.

Key Findings on Cryptographic Keys

This good news dropped after security expert Mark Ermolov at Positive Technologies said his team managed to extract cryptographic keys related to the root provisioning key of Intel SGX. These keys are integral to the remote attestation process and in general, for platform security as they include edges like FK0 & FK1 (also known as Root Sealing Key).

Consequences of the Breach Keys

One of the most alarming things, said Pratyush Ranjan Tiwari, a cryptography student at Johns Hopkins University. Compromising these keys could result in attackers decrypting protected data, or fabricating enclave attestation reports and bypassing the Intel SGX security model. While the most affected processors are Apollo Lake, Gemini Lake and Gemini Lak Refresh having already reached end-of-life in some cases they still get deployed for years due to their use as embedded systems.

Advertisement Know Tech News

Intel's Response and Clarifications

Intel responded by pointing out that the researchers had physical access to unpatched systems. The vendor said the campaign targeted vulnerabilities that had already been patched in 2017. It also said the cryptographic keys that were extracted remained encrypted. Nevertheless, Ermolov did seem sure in his ability to crack them himself revealing he had only cracked the same types of encryption various times over earlier research.

Concerns About Global Wrapping Key

One of the crucial concerns is that Global Wrapping Key GWK (that protects an extracted Root Provisioning key) isn’t unique. You see, if someone managed to get into the GWK they could work out how to replicate all of those root keys on every Intel processor using that architecture.

Advertisement Know Tech News

Conclusion

The cybersecurity issues circuitous Intel SGX, which are discovered are on the alarming side concerning Apollo Lake and Gemini Lake processors. Intel notes the affected machines were not correctly configured and patches had yet to be applied, however until further improvements are made in securing vulnerable systems, it should be noted that encrypted data is still crackable thanks to remote attestation reports can also forge.

FAQs

Intel SGX (Software Guard Extensions) is a security feature of the Intel architecture that provides trusted code execution through protected enclaves.

The root provisioning key is very important to the security of Intel SGX as it makes sure (among other things) that remote attestation reports are authentic and confidentially encrypted data remains secure.

The affected processors include Apollo Lake, Gemini Lake and Gemini Material Refresher are end-of-life (EOL) but still deployed in embedded systems.

Intel has said the research was done on systems that were not patched with updated mitigations, additionally recording extracted keys being enciphered reduced exploitation risks.

Remote attestation is the procedure where we can attest that our software indeed runs in an Intel SGX enclave on a secure, up-to-date host.

Loading

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x