SGX-Cube: An SGX-Enhanced Single Sign-On System Against Server-Side Credential Leakage

Liu, Songsong; Song, Qiyang; Sun, Kun; Li, Qi

doi:10.1007/978-3-030-63095-9_18

Cited by 3 publications

(1 citation statement)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It tags on each control flow with an identifier sequence to record execution paths. With hardware-based protection like Intel SGX [11,12] or ARM Trustzone [13], it provides a secure control flow recording module on every prover to ensure that the record of control flow could not be forged. It operates in a challenge-response pattern to make the verifier determine the validity of remote control flow through the records in response.…”

Section: Control Flow Attestationmentioning

confidence: 99%

CFRV: A Decentralized Control-Flow Attestation Schema Using Mutual Secret Sharing

Zhou

et al. 2022

Sensors

View full text Add to dashboard Cite

Control-flow attestation (CFA) is a mechanism that securely logs software execution paths running on remote devices. It can detect whether a device is being control-flow hijacked by launching a challenge–response process. In the growing landscape of the Internet of Things, more and more peer devices need to communicate to share sensed data and conduct inter-operations without the involvement of a trusted center. Toward the scalability of CFA mechanisms and mitigating the single-point failure, it is important to design a decentralized CFA schema. This paper proposed a decentralized schema (CFRV) to verify the control flow on remote devices. Moreover, it introduces a token (asymmetric secret slices) into peer devices to make the attestation process mutual. In this case, CFRV can mitigate a particular kind of man-in-the-middle attack called response defraud. We built our prototype toolbox on Raspberry-Pi to formulate our proof of concept. In our evaluation, CFRV protects the verification process from malicious verifiers and the man-in-the-middle attack. The proposed mechanism can also limit the PKI (Public Key Infrastructure) usage to a single stage to save the peer devices’ computational cost. Compared to related decentralized schemes, the cryptographic operation’s duration is reduced by 40%.

show abstract

Section: Control Flow Attestationmentioning

confidence: 99%