Trusted Execution Environments (TEEs) have been widely used in many security-critical applications. The popularity of TEEs derives from its high security and trustworthiness supported by secure hardware. Intel Software Guard Extensions (SGX) is one of the most representative TEEs that creates an isolated environment on an untrusted operating system, thus providing run-time protection for the execution of security-critical code and data. However, Intel SGX is far from the acme of perfection. It has become a target of various attacks due to its security vulnerabilities. Researchers and practitioners have paid attention to the security vulnerabilities of SGX and investigated optimization solutions in real applications. Unfortunately, existing literature lacks a thorough review of security vulnerabilities of SGX and their countermeasures. In this article, we fill this gap. Specifically, we propose two sets of criteria for estimating security risks of existing attacks and evaluating defense effects brought by attack countermeasures. Furthermore, we propose a taxonomy of SGX security vulnerabilities and shed light on corresponding attack vectors. After that, we review published attacks and existing countermeasures, as well as evaluate them by employing our proposed criteria. At last, on the strength of our survey, we propose some open challenges and future directions in the research of SGX security.
Mobile and wireless communication continues its rapid development. Beyond 5G, heterogeneous networks (HetNets) will be merged with the integration of various networking technologies. Unique characteristics of such an integrated converged network cause new security challenges, such as difficulty of key agreement and theft of communication contents, especially when crossing network domains happens. In order to ensure secure and reliable communications, end-to-end (E2E) communication security is highly expected, especially for cross-trust-domain communications in HetNets. Unfortunately, few existing researches touch this issue and the literature lacks a deep-insight review on the current state of arts. In this paper, we summarize current E2E secure communication scenarios and basic techniques. We propose a number of requirements based on security threat analysis and employ them as a measure to evaluate existing works. Through review and analysis, we finally figure out open issues to highlight future research directions.
Privacy preservation is highly expected in the Bitcoin Network. However, only applying pseudonyms cannot completely ensure anonymity/unlinkability between payers and payees. Current approaches mainly depend on a mixer service, which obfuscates payer-payee relationships of transactions. While the mixer service improves transaction privacy, it still suffers from some severe security threats (e.g., DoS attack and collusion attack), and does not support effective and reliable off-chain payment in a parallel mode. In this paper, we propose a mixing protocol for the Bitcoin Network based on zero-knowledge proof, called SofitMix. It is the first mixing protocol that can effectively resist both the DoS attack and the collusion attack. It can also support a set of parallel off-chain payments in a reliable way no matter whether some payers abort a transaction. We analyze and prove SofitMix security following the Universal Composability model with regard to fair exchange, unlinkability, collusion-resistance, DoS-resistance and Sybil-resistance. Through a proof-of-concept implementation, we demonstrate its validity and fairness. We also show its advance on off-chain payment reliability and DoS attack resistance, compared to TumbleBit.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.