Expand on SGX

[dbosk]

From #8:

Signal's use of SGX to perform private contact discovery

Subject: Leveraging Intel SGX to Create a Nondisclosure Cryptographic library.
(arXiv:1705.04706v2 [cs.CR] UPDATED)

http://arxiv.org/abs/1705.04706

Authors: Mohammad Hasanzadeh-Mofrad[1], Adam Lee[2], Spencer L. Gray[3]

Enforcing integrity and confidentiality of users' application code and data is
a challenging mission that any software developer working on an online
production grade service is facing. Since cryptology is not a widely
understood subject, people on the cutting edge of research and industry are
always seeking for new technologies to naturally expand the security of their
programs and systems. Intel Software Guard Extension (Intel SGX) is an Intel
technology for developers who are looking to protect their software binaries
from plausible attacks using hardware instructions. The Intel SGX puts
sensitive code and data into CPU-hardened protected regions called enclaves.
In this project we leverage the Intel SGX to produce a secure cryptographic
library which keeps the generated keys inside an enclave restricting use and
dissemination of confidential cryptographic keys. Using enclaves to store the
keys we maintain a small Trusted Computing Base (TCB) where we also perform
computation on temporary buffers to and from untrusted application code. As a
proof of concept, we implemented hashes and symmetric encryption algorithms
inside the enclave where we stored hashes, Initialization Vectors (IVs) and
random keys and open sourced the code (https://goo.gl/x7cduK).

[dbosk]

There are videos on SGX:

• BlackHat intro: https://youtu.be/0ZVFy4Qsryc
• Stanford seminar: https://youtu.be/mPT_vJrlHlg