REVIEW 4 cited by
Integrating Remote Attestation with Transport Layer Security
Not yet reviewed by Pith; the record is open.
This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.
SPECIMEN: schema-true, not a live event
T0 review · schema-true
One-sentence machine reading of the paper's core claim.
pith:XXXXXXXX · record.json · timestamp
Integrating Remote Attestation with Transport Layer Security
read the original abstract
Intel(R) Software Guard Extensions (Intel(R) SGX) is a promising technology to securely process information in otherwise untrusted environments. An important aspect of Intel SGX is the ability to perform remote attestation to assess the endpoint's trustworthiness. Ultimately, remote attestation will result in an attested secure channel to provision secrets to the enclave. We seamlessly combine Intel SGX remote attestation with the establishment of a standard Transport Layer Security (TLS) connection. Remote attestation is performed during the connection setup. To achieve this, we neither change the TLS protocol, nor do we modify existing protocol implementations. We have prototype implementations for three widely used open-source TLS libraries: OpenSSL, wolfSSL and mbedTLS. We describe the requirements, design and implementation details to seamlessly bind attested TLS endpoints to Intel SGX enclaves.
Forward citations
Cited by 4 Pith papers
-
A TEE-Based Architecture for Confidential and Dependable Process Attestation in Authorship Verification
First TEE-based architecture for continuous process attestation with hardware tamper resistance, tiered assurance levels, Markov-chain dependability modeling, and resilient protocol achieving over 99.5% evidence chain...
-
TrustMee: Self-Verifying Remote Attestation Evidence
TrustMee enables self-verifying remote attestation evidence by embedding WebAssembly verification logic in attestation bundles for platform-independent validation of confidential VMs.
-
Two-Way Confidential VMs (2cVM): Collaborative Confidential Computing for Mutually Distrustful Parties
2cVM is a two-layer confidential VM using AMD SEV-SNP hardware protection plus WebAssembly isolation, governed by an immutable Commitment Manifest, with evaluation showing non-linear overhead from negligible to ~2x de...
-
Scanclave: Verifying Application Runtime Integrity in Untrusted Environments
Scanclave enables runtime integrity verification of applications in untrusted environments by combining TEE protections with a minimal trusted software stack and TEE-based memory access.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.