Trusted Hardware

Can we Hide Atoms?

(Or Electrons, or Subatomic Particles)

IC3 Blockchain Summer Camp 2021

Trusted HW or Manufacturer?

• Attestation is based on two secrets stored in e-fuses inside the processor’s die, and on a key received from Intel’s provisioning service
• Stored in e-fuses, encrypted with a global wrapping logic key (GWK). The GWK is a 128-bit AES key that is hard-coded in the processor’s circuitry, and serves to increase the cost of extracting the keys from an SGX-enabled processor
• Provisioning Secret is generated at the key generation facility - burned into the processor’s e- fuses & stored in Intel’s Provisioning Service DB
• Seal Secret is generated inside the processor chip, and therefore is not known to Intel.

Source: Costan & Devadas. Intel sgx explained.

Let’s consider MEV-SGX

Open questions (https://ethresear.ch/t/mev-sgx-a-sealed-bid-mev-auction-design/9677)

MEV-SGX problem

​

Searchers cannot tell if miners have broken into their sgx

Threat Model

in Intel SGX

​

• No physical attacks (targeting the CPU chip)
• No side-channel attacks

​

​

​

Refs: Intel SGX Explained, Star Wars Rogue One

• In a first, researchers extract secret key used to encrypt Intel CPU code
• Confidentiality and integrity of Intel SGX are primarily provided by a microcode extension of the memory management unit (MMU) and a hardware Memory Encryption Engine (MEE)
• The ability to execute arbitrary microcode inside the CPU may also be useful for attacks on cryptographic keys, such as those used in trusted platform modules

​

Refs: [Chip Red Pill, OPERA]

RISC-V to the rescue?

Chip Attacks

• For a 14 nanometer chip, ion beam microscopy is required
• https://www.thermofisher.com/us/en/home/semiconductors/nanoprobing.html

Can we trust a chip manufacturer?

DAMO

Decentralized Autonomous Manufacturing Organization

References

1. Intel SGX Explained: https://eprint.iacr.org/2016/086.pdf
2. MEV-SGX: https://ethresear.ch/t/mev-sgx-a-sealed-bid-mev-auction-design/9677
3. Survey of attacks on Intel SGX: https://arxiv.org/pdf/2006.13598.pdf
4. OPERA: https://dl.acm.org/doi/pdf/10.1145/3319535.3354220
5. Keystone Enclave: https://keystone-enclave.org/
6. https://opentitan.org/
7. https://opensource.googleblog.com/2019/11/opentitan-open-sourcing-transparent.html
8. http://www.grandideastudio.com/hardware-hacking-training/
9. Can we build Trustable Hardware?: https://www.bunniestudios.com/blog/?p=5706
10. Chip Red Piil: https://arstechnica.com/gadgets/2020/10/in-a-first-researchers-extract-secret-key-used-to-encrypt-intel-cpu-code/

Towards DAMO

An Exploration of Open Hardware

Resources

• A Trustworthy, Free (Libre), Linux Capable, Self-Hosting 64bit RISC-V Computer
• Run 64-bit Linux on LiteX + RocketChip: litex-hub/linux-on-litex-rocket
• A Python toolbox for building complex digital hardware: m-labs/migen
• Linux on Open Hardware with RISC V (youtube)
• Fully Open Source Manufacturable PDK for a 130nm Process (talk)
• Produce your own physical chips. For free. In the Open.
• google/skywater-pdk

A Trustworthy, Free (Libre), Linux Capable, Self-Hosting 64bit RISC-V Computer

TEE Hardware for RISC V

Talk: https://youtu.be/-KuE8NUcV6A

• Uses Keystone: https://keystone-enclave.org/
• https://github.com/uec-hanken/tee-hardware
• https://github.com/ucb-bar/chipyard

MiG-V: logic-encrypted processor

“Logic encryption hinders the insertion of hardware Trojans, giving HENSOLDT Cyber the full control of the design and production chain.” -- https://hensoldt-cyber.com/mig-v/

• Supply chain security / logic obfuscation: https://hensoldt-cyber.com/scientific-papers/
• Uses supply chain security / logic obfuscation on untrusted fabs
• See seL4 on RISC V ... Open source and Proved Bug free OS Kernel mentioned at ~15:20

​

​

sel4

• seL4 on RISC V Fast, Secure, Open source and Proved Bug free OS Kernel
• https://hensoldt-cyber.com/trentos/
• Translation validation (pg 9): https://sel4.systems/About/seL4-whitepaper.pdf
• https://sel4.systems/Learn/
• https://docs.sel4.systems/projects/sel4/documentation

​