An Open-source Implementation and Security Analysis of Triad's TEE Trusted Time Protocol

TL;DR

This paper presents a security analysis of Triad's TEE Trusted Time Protocol, revealing vulnerabilities to clock manipulation attacks and proposing protocol improvements for enhanced resilience.

Contribution

We provide an open-source implementation of Triad and empirically demonstrate its vulnerabilities to malicious clock manipulations in TEEs.

Findings

Attacker-controlled OS can arbitrarily manipulate TEE clocks.

Malicious clock speeds can cause honest machines to skip forward in time.

Proposed protocol modifications improve resilience against clock manipulation attacks.

Abstract

The logic of many protocols relies on time measurements. However, in Trusted Execution Environments (TEEs) like Intel SGX, the time source is outside the Trusted Computing Base: a malicious system hosting the TEE can manipulate that TEE's notion of time, e.g., jumping in time or affecting the perceived time speed. Previous work like Triad propose protocols for TEEs to maintain a trustworthy time source. However, in this paper, based on a public implementation of Triad that we contribute, we empirically showcase vulnerabilities to this protocol. For example, an attacker controlling the operating system, and consequently the scheduling algorithm, may arbitrarily manipulate their local TEE's clock speed. What is worse, in case of faster malicious clock speeds, an attacker on a single compromised machine may propagate the attack to honest machines participating in Triad's Trusted Time protocol, causing them to skip to timestamps arbitrarily far in the future. Then, infected honest machines propagate time-skips themselves to other honest machines interacting with them. We discuss protocol changes to Triad for higher resilience against such attacks.