CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks - NOTE TIME CHANGE
Speaker
Gabrielle De Micheli
University of Pennsylvania
Host
Professor Devadas
CSG - CSAIL - MIT
abstract : Intel Software Guard Extensions (SGX) allows users to perform secure computation on platforms that
run untrusted software. To validate that the computation is correctly initialized and that it executes on
trusted hardware, SGX supports attestation providers that can vouch for the user's computation.
Communication with these attestation providers is based on the Extended Privacy ID (EPID) protocol,
which not only validates the computation but is also designed to maintain the user's privacy. In particular,
EPID is designed to ensure that the attestation provider is unable to identify the host on which the
computation executes.
In this work we investigate the security of the Intel implementation of the EPID protocol. We identify an
implementation weakness that leaks information via a cache side channel. We show that a malicious
attestation provider can use the leaked information to break the unlinkability guarantees of EPID.
We analyze the leaked information using a lattice-based approach for solving the hidden number problem, which
we adapt to the zero-knowledge proof in the EPID scheme, extending prior attacks on signature schemes.
bio : Gabrielle De Micheli is a second year PHD student at the University of Pennsylvania working under the supervision of Nadia Heninger. Prior to her PhD, she got a Bachelor and Master degree from EPFL in Mathematics. Her work lies at the intersection of Mathematics and Cryptography, with particular research interests in lattice-based cryptography, computational number theory, and the Number Field Sieve algorithm. She is interested in both attacks and defenses with a particular interest in using mathematical techniques for obtaining a better understanding of the security properties of commonly used cryptographic primitives in real-world applications.
run untrusted software. To validate that the computation is correctly initialized and that it executes on
trusted hardware, SGX supports attestation providers that can vouch for the user's computation.
Communication with these attestation providers is based on the Extended Privacy ID (EPID) protocol,
which not only validates the computation but is also designed to maintain the user's privacy. In particular,
EPID is designed to ensure that the attestation provider is unable to identify the host on which the
computation executes.
In this work we investigate the security of the Intel implementation of the EPID protocol. We identify an
implementation weakness that leaks information via a cache side channel. We show that a malicious
attestation provider can use the leaked information to break the unlinkability guarantees of EPID.
We analyze the leaked information using a lattice-based approach for solving the hidden number problem, which
we adapt to the zero-knowledge proof in the EPID scheme, extending prior attacks on signature schemes.
bio : Gabrielle De Micheli is a second year PHD student at the University of Pennsylvania working under the supervision of Nadia Heninger. Prior to her PhD, she got a Bachelor and Master degree from EPFL in Mathematics. Her work lies at the intersection of Mathematics and Cryptography, with particular research interests in lattice-based cryptography, computational number theory, and the Number Field Sieve algorithm. She is interested in both attacks and defenses with a particular interest in using mathematical techniques for obtaining a better understanding of the security properties of commonly used cryptographic primitives in real-world applications.