Secure Remote Attestation with Strong Key Insulation Guarantees

TL;DR

This paper proposes a new cryptographic primitive, OTS-SKE, to enhance remote attestation security against powerful side-channel attackers, and demonstrates its efficiency over traditional schemes like ECDSA.

Contribution

It introduces OTS-SKE, a novel signature scheme secure under secret key exposure, and designs a minimal trusted computing base with a secure co-processor for remote attestation.

Findings

OTS-SKE is faster than ECDSA in signing operations.

OTS-SKE remains secure even if all secret keys are leaked.

The system reduces trusted computing base by using a unidirectional secure co-processor.

Abstract

Recent years have witnessed a trend of secure processor design in both academia and industry. Secure processors with hardware-enforced isolation can be a solid foundation of cloud computation in the future. However, due to recent side-channel attacks, the commercial secure processors failed to deliver the promises of a secure isolated execution environment. Sensitive information inside the secure execution environment always gets leaked via side channels. This work considers the most powerful software-based side-channel attackers, i.e., an All Digital State Observing (ADSO) adversary who can observe all digital states, including all digital states in secure enclaves. Traditional signature schemes are not secure in ADSO adversarial model. We introduce a new cryptographic primitive called One-Time Signature with Secret Key Exposure (OTS-SKE), which ensures no one can forge a valid signature of a new message or nonce even if all secret session keys are leaked. OTS-SKE enables us to sign attestation reports securely under the ADSO adversary. We also minimize the trusted computing base by introducing a secure co-processor into the system, and the interaction between the secure co-processor and the attestation processor is unidirectional. That is, the co-processor takes no inputs from the processor and only generates secret keys for the processor to fetch. Our experimental results show that the signing of OTS-SKE is faster than that of Elliptic Curve Digital Signature Algorithm (ECDSA) used in Intel SGX.