Secure Remote Computation and Trusted Execution Environments

by Javier de Vicente Gutiérrez, NEC Laboratories Europe

Secure remote computation [1] is the problem of executing software on a remote computer owned and maintained by an untrusted party, with some integrity and confidentiality guarantees. It can also be thought of as the problem of executing software in an area of our own system or device that is not fully trusted.

Different approaches to solve this issue (i.e., to gain integrity, confidentiality and to protect computational data and resources from external attacks) have been taken, many of them through the use of Trusted Execution Environments (TEE). TEE are, in short, a way to isolate code and data. TEE can create enclaves in which these selected code and data are protected from access and malicious modification.

Some popular flavors include ARM TrustZone (mainly used on mobile devices), Intel SGX (arguably the most popular TEE for workstations), and AMD SEV (a technology to protect Linux KVM virtual machines by transparently encrypting the memory of each VM with a unique key).

Of course, commercial vendors enable only a small portion of the possible design room to move across threat models, hardware requirements, management of resources, porting effort, and feature compatibility. This represents a future problem in most cases, even more with geographically distributed domains, customizable devices, and new forms of cyberattacks.

 

The case of REWIRE and Keystone

Keystone, on the contrary, is a highly customizable solution and is open source, which is great news if we intend to use it for a variety of use case scenarios like the ones at work in REWIRE.

Keystone is an open-source TEE framework for RISC-V processors, and can be tried on QEMU, FireSim (FPGA), or the SiFive HiFive Unleashed board. But the good news do not stop there, since one can migrate the Keystone enclave into an arbitrary RISC-V processor, with a very small modification on hardware to plant the silicon root of trust. A Keystone-capable system consists of several components in different privilege modes.

 

We already know what enclaves are: environments isolated from the untrusted OS and other enclaves, but it is the Security Monitor (SM) what is most interesting. The SM provides an interface for managing the lifecycle of enclave as well as for utilizing platform-specific features. The SM enforces most of Keystone’s security guarantees since it manages the isolation boundary between the enclaves and the untrusted OS. It also can expose APIs. In the case of REWIRE this opens a world of possibilities: remote attestation, key management, protection of critical services, even enclave migration is a possibility, to prevent the full system to stop its operations if one or more devices are compromised.

The design of our customized Keystone-capable system for REWIRE has only begun. Join us soon to learn about our progress.

 

The Security Group of NEC Laboratories Europe

The Security Group of NEC Laboratories Europe (SEC-NLE) is a pioneer in the field of security and data privacy. SEC-NLE carries out core and applied research in security, developing formal methods and advancing security technology. This team serves as the European competence center for NEC Blockchain.

Some of Europe’s leading researchers in the fields of decentralized trust, blockchain security, system security and applied cryptography work for the SEC-NLE group and are now members of the REWIRE project. In addition to progressing scientific knowledge, the group generates real commercial opportunities for the applied use of our research, which is then used to improve the digital security of NEC customers around the globe. The group expects to gain further experience in REWIRE that will be exploited after the project.

The Security Group of NEC Laboratories Europe regularly contributes to top-tier conference and journal publications, such as ACM CCS, Usenix Security, NDSS, CAV, Journal of the ACM, and various IEEE/ACM transactions. This avenue will also be explored leveraging the interesting results we expect to obtain in REWIRE.

In the field of system security, our research aims at ensuring a chain of trust – from resource-constrained IoT devices to cloud servers – where sensor data is stored and processed. The SEC-NLE group applies expertise to advancing state-of-the-art cryptographic techniques and highly scalable policy compliance checking, as well as hardware security modules such as Intel SGX and RISC-V. The technologies to develop in REWIRE must combine a high level of security without compromising the scalability and performance of real-time services.

Leave a Reply