Two Intel employees believe web services can be made more secure not only by performing calculations in Trusted Remote Execution Environments, or TEEs, but also verifying for customers that it has been done.
Software engineer Gordon King and Intel Labs researcher Hans Wang came up with the protocol to make this possible. In a document Distributed this month via ArXiv, they describe an HTTP protocol called HTTPS Attestable (HTTPA) to improve online security with remote attestation – a way for applications to gain assurance that data will be processed by software. trusted in secure execution environments.
Essentially, it is hoped that applications can verify through certificates and cryptography that the code executed in a server-side TEE is precisely the code that needs to be executed, unmodified by a malicious administrator, operating system, or hypervisor. hacked, network intruder, or malware. Ideally, the TEE should prevent or detect wrongdoers from spying on or modifying the code and data.
The threat model is fragile and has many requirements and caveats. If everything falls into place, “HTTPA provides assurance to confirm client workloads [will] run inside the expected enclave with the expected verified software, âas the duo put it in their article [PDF].
âWith HTTPA, we can provide security guarantees to establish the reliability of web services and ensure the integrity of the processing of requests for web users,â continued King and Wang. “We expect remote attestation to become a new trend adopted to reduce web services security risks, and offer HTTPA to unify web attestation and service access in a standard and efficient manner. “
Software services, back up the boffins, can be hijacked by network intruders, for example, and offer no real guarantees about the integrity of IT workloads or communication channels. HTTPS alone, they say, isn’t up to the challenge, but maybe HTTPA can do better.
HTTPA relies on a TEE and Intel offers just such a thing: Software Guard Extensions, or SGX.
SGX can be used by applications to form so-called in-memory enclaves in which calculations on sensitive information can occur privately from all other software through automatic in-memory encryption of data and code as well. than other protections. It should be possible to cryptographically verify that everything is going as planned in an enclave; essentially, SGX provides the ingredients for the remote attestation system offered by the pair.
The neutral zone
In an email to The register, King and Wang said that while their proposal focuses on how SGX could be used for more secure web interaction, the protocol accommodates TEEs from other vendors, such as Arm’s TrustZone.
“The protocol is neutral and open to all industrial players,” they wrote.
TEEs have been used in the past to protect web services, say King and Wang, but they have been deployed to address specific issues. âWe offer a general solution to standardize attestation over HTTPS and establish multiple trusted connections to protect and manage the requested data for selected HTTP domains,â they said.
HTTPA assumes the client is trusted and the server is not. Thus, the client can use HTTPA to obtain the guarantee that the server is trustworthy to handle the computation requested in a TEE. HTTPA, however, does not extend beyond the TEE to ensure the reliability of the server as a whole.
In other words, it leverages the security benefits of TLS – certificate-based server authentication, integrity guarantees, transmission confidentiality, and session replay prevention – and extends protection to data at rest and during the calculation.
HTTPA requires the extension of the HTTPS handshake process, the network back-and-forth through which the client and server talk to each other. The protocol calls three sets of HTTP methods: HTTP preflight request and response; HTTP attestation request and response; and HTTP secure session request and response.
“The preflight request verifies whether the attestation protocol is accepted by the server for using the ‘ATTEST’ method and headers,” the authors explain in their article. “It’s a ‘OPTIONS request “, using an HTTP request header:
The following HTTP attestation and secure session methods are new; HTTP preflighting is an existing mechanism used with Cross Origin Resource Sharing (CORS) to check whether a server can handle a specific protocol.
A two-way street
For scenarios where two-way attestation is required, the authors describe a variant called Mutual HTTPA, or mHTTPA. It’s a bit more complicated though, as the client and server must include two pre-session secrets to derive session keys in their own TEEs.
King and Wang said, âWe believe that [HTTPA] could potentially be beneficial for certain industries, for example, fintech and healthcare. “
When asked if the protocol could interfere with services that have strict bandwidth or latency requirements, they replied, âFurther exploration would be needed to confirm any performance impact; however, we do not anticipate any significant performance change from other HTTPS protocols. “
As to whether or when HTTPA could be adopted, it’s not clear. When asked if there were any plans to submit the specification as an RFC or undertake some other form of standardization, they replied, âWe have some discussions going on that need to be reviewed by [Intel’s] front legal team [disclosure]. “Â®