Skip to content Skip to footer

What are TEEs and how do they keep data secure?

Sapphire is the world’s first EVM compatible privacy preserving blockchain utilizing TEE’s to secure smart contracts.  What are TEEs and how do they keep data secure?

Trusted Execution Environments (TEEs) are secure enclaves 

A secure enclave is a secure and isolated execution environment within a computing system, typically implemented in hardware, where sensitive code and data can be executed and stored with a high level of security. Secure enclaves aim to protect against various threats, including unauthorized access, tampering, and disclosure of sensitive information as well as being protected from unauthorized access or interference by other components of the CPU or the system.

that provide a secure and isolated space for executing sensitive code and processing confidential data.. 

 Secure Isolation

   TEEs create a secure and isolated environment

an isolated region of memory within the CPU where sensitive code and data can be executed and stored securely

 within a computing system, typically within the CPU.

Many CPUs incorporate specialized instruction sets or extensions to support TEEs. For example, Intel’s Software Guard Extensions (SGX)s.

Intel’s Software Guard Extensions (SGX) is a set of security-related instruction codes that are built into Intel’s modern CPU architectures. SGX aims to enhance the security of application code and data by enabling the creation of secure enclaves, which are isolated regions of memory that are protected from unauthorized access even by privileged software, such as the operating system or hypervisor.

and ARM’s TrustZone are hardware-based security features that provide support for TEE

This isolation ensures that the contents of the TEE are protected from unauthorized access or interference.

Hardware-Based Security

   TEEs leverage hardware-based security features, such as secure enclaves or trusted execution environments built into modern CPUs, to provide robust protection against various threats.

   Hardware-based security ensures that critical security functions, such as encryption, decryption, and access control, are enforced at the hardware level, making them resistant to attacks targeting software vulnerabilities or weak encryption.

Simple Explanation:

Imagine your toy box is like a computer, and your toys are like the programs and data stored inside it. Now, let’s say you have a special lock on your toy box that only lets you open it with a magic key. This magic key is like hardware-based security.

With the magic key, you can keep your favorite toys safe from anyone who doesn’t have the key. Even if someone tries really hard to open your toy box without the key, they won’t be able to because the lock is super strong and only responds to the magic key.

In a computer, hardware-based security is like having special locks and keys built right into the computer’s chips. These locks and keys help keep all the important stuff inside the computer safe from bad people who might try to sneak in and take it.

So, just like how your magic key keeps your toys safe, hardware-based security helps keep the computer safe from bad guys who want to take or mess with its important stuff.

Confidentiality and Integrity

   TEEs ensure the confidentiality and integrity of sensitive code and data by encrypting and authenticating their contents.

   Encryption prevents unauthorized parties from accessing or tampering with the data, while authentication ensures that the data has not been altered or compromised.

Remote Attestation

   TEEs support remote attestation, which allows a trusted party to verify the integrity of the enclave running on a remote system.

   Remote attestation enables secure communication and collaboration between trusted parties, even in untrusted environments such as cloud computing platforms.

    Remote attestation, while providing a powerful tool for verifying the integrity of a remote system’s enclave, is not immune to certain attacks. Here are some types of attacks that remote attestation may be vulnerable to which is why securing and encrypting data is important:

1. Man-in-the-Middle (MitM) Attacks:

    MitM attacks involve intercepting and potentially modifying communications between two parties without their knowledge. In the context of remote attestation, an attacker could intercept attestation messages exchanged between the remote enclave and the verifier, altering them to mislead the verifier about the enclave’s integrity status.

Man-in-the-Middle (MitM) Attacks:

Imagine you’re passing a secret note to your friend in class, but someone sneaky intercepts the note before it reaches your friend. They read the note, maybe even change the message, and then pass it along to your friend. That sneaky person is like the “man in the middle.” They’re getting in between you and your friend to mess with your communication.

2. Replay Attacks:

   Replay attacks involve capturing and retransmitting previously sent messages in an attempt to deceive a system. In remote attestation, an attacker could capture attestation messages sent from a genuine enclave and replay them to a verifier, falsely asserting the integrity of a compromised enclave.

Replay Attacks:

Have you ever played with a tape recorder or a video game where you can press “replay” to see or hear the same thing again? In a replay attack, a sneaky person records something you did, like saying a secret password, and then plays it back later to trick someone else into thinking it’s you saying it again

3. Forgery Attacks:

   Forgery attacks involve creating counterfeit messages or credentials to impersonate a legitimate entity. In the context of remote attestation, an attacker could forge attestation messages claiming to be from a genuine enclave, misleading the verifier into trusting a compromised enclave.

Forgery Attacks:

Imagine you’re drawing a really cool picture and you want to put your name on it to show everyone you made it. Now, imagine someone else copying your name and putting it on their own ruined drawing, pretending you made it. That’s like a forgery attack, where someone tries to pretend to be someone else by copying their signature or identity.

4. Side-Channel Attacks:

   Side-channel attacks exploit unintended information leakage from a system’s physical implementation, such as power consumption or electromagnetic emissions. While remote attestation itself may not directly expose sensitive information, side-channel attacks targeting the implementation of the attestation process or the enclave itself could potentially compromise its security.

Side-Channel Attacks:

Let’s say you’re trying to guess what someone’s thinking by watching their body language or listening to the sound of their voice. In a side-channel attack, a sneaky person tries to learn secret information about a computer by watching things like how much electricity it uses or listening to the sounds it makes while working. They use these “side channels” to figure out what’s going on inside the computer, even if they can’t see the screen

5. Denial-of-Service (DoS) Attacks:

   DoS attacks aim to disrupt or degrade the availability of a system or service. In the context of remote attestation, an attacker could launch a DoS attack against either the enclave or the verifier, preventing legitimate attestation attempts from completing successfully.

Denial-of-Service (DoS) Attacks:

Have you ever been waiting in line to go on a ride at an amusement park, but someone keeps cutting in line in front of you, making you wait longer? In a denial-of-service attack, a sneaky person tries to make a computer or a website really busy or slow down so other people can’t use it. It’s like cutting in line to stop others from having fun.

6. Bypass Attacks:

   Bypass attacks attempt to circumvent or bypass the attestation process altogether, either by exploiting vulnerabilities in the enclave or its surrounding infrastructure. For example, an attacker could exploit a software vulnerability in the enclave to gain unauthorized access without triggering the attestation process.

Bypass Attacks:

Imagine you’re trying to get into a super-secret clubhouse, but there’s a big gate in front of it. Instead of trying to open the gate, a sneaky person finds a way to climb over the fence or dig under it to get inside without using the gate. That’s like a bypass attack, where someone finds a way to get around the usual security measures to get into a computer or system.

7. Time-of-Check to Time-of-Use (TOCTOU) Attacks:

   TOCTOU attacks exploit timing differences between the verification of a system’s integrity and its subsequent use. In the context of remote attestation, an attacker could compromise the enclave’s integrity after it has been attested, but before it is used for sensitive operations, exploiting the time gap between attestation and usage.

Time-of-Check to Time-of-Use (TOCTOU) Attacks:

Have you ever played a game where you have to press a button at just the right time to win? In a TOCTOU attack, a sneaky person waits until just the right moment to change something after it’s been checked but before it’s actually used. It’s like someone quickly switching a card in a magic trick after you’ve already looked at it but before you can use it. They’re trying to trick you by changing things at the last moment.

These are just a few examples of potential attacks that remote attestation may be vulnerable to. Implementers of remote attestation systems must be aware of these risks and employ appropriate countermeasures to mitigate them, such as cryptographic protections, secure communication channels, and secure enclave designs.

Simplified:

Imagine you have a secret club where only your closest friends are allowed. You all have special badges that show you’re part of the club. Now, imagine one day a new kid comes to the clubhouse and says they’re your friend, but you’re not sure if you can trust them.

Remote attestation is like asking your friends to vouch for the new kid. You send a message to each friend asking them to check if the new kid has a special badge like yours. If all your friends say, “Yes, they have the badge,” then you can trust the new kid and let them join the club.

In computer terms, remote attestation is a way for one computer to check if another computer is trustworthy before they share secrets or work together. It’s like asking for a special badge or signal to make sure they’re who they say they are and haven’t been tampered with by bad guys.

Application Scenarios

TEEs have various applications in areas such as cloud computing, data privacy, digital rights management, blockchain, and confidential computing.

 For example, TEEs can be used to protect sensitive user data in cloud-based applications, ensure the integrity of cryptographic operations in blockchain networks, or enable secure execution of proprietary algorithms in third-party environments.

Limitations and Challenges

   While TEEs provide strong security guarantees, they are not immune to all types of attacks. For example, side-channel attacks targeting the hardware implementation of TEEs have been demonstrated in research settings.

  The performance overhead of using TEEs and the complexity of enclave development pose challenges for widespread adoption but are improving with research and implementation.

Trusted Execution Environments represent a significant advancement in hardware-based security, offering developers a powerful tool for protecting sensitive code and data in a wide range of applications. Despite some limitations and challenges, TEEs continue to evolve, with ongoing research and development efforts aimed at further enhancing their security and usability. TEEs in addition to SGX can help secure data privacy, digital rights management, blockchain, and confidential computing.