Secure enclaves are becoming a popular way to separate and protect sensitive code and data from other processes running on a system. A FIPS 140-2 validated cryptographic software module is currently required to run power-on self tests when loaded, but security of the module can be taken one step further by validating the module inside a secure enclave, such as Intel SGX.
wolfSSL has been working on FIPS 140-2 validating the wolfCrypt library running inside an Intel SGX enclave. This session will discuss the advantages, challenges, and process of FIPS 140-2 validating a cryptographic software module inside Intel SGX and how the same process could be applied to other secure enclave environments.
The Ultimate Guide to Choosing WordPress Pros and Cons
FIPS 140-2 Validations in a Secure Enclave
1. FIPS 140-2 Validations
In a Secure Enclave
Chris Conlon
ICMC18, May 8-11, 2018
Shaw Centre | Ottawa, Ontario, Canada
2. A. Overview of wolfSSL and wolfCrypt FIPS
B. Secure Enclaves
C. FIPS 140-2 Enclave Validations
a. Advantages
b. Challenges
D. Validation Process inside Intel SGX
Outline
5. Introduction to wolfSSL - Open Source
● Dual Licensed - source code available as open source GPLv2 or commercial
● Available for download at:
○ wolfSSL website: www.wolfssl.com/download
○ GitHub: www.github.com/wolfSSL
● Professional support direct from engineers
● Consulting services for validations, integration, or new features
6. What is a Secure Enclave?
● A secure enclave can also be referred to as
“Trusted Execution Environment (TEE)”
● Can be implemented through software or
hardware, depending on the implementation
● Enclave is a protected area in the
application’s address space
○ Separates and protects sensitive code / data
from other processes
○ Provides a secure area where code can be
stored and executed
7. What is a Secure Enclave?
● Intel Technologies
○ TXT (Trusted Execution Technology) uses a TPM and
cryptographic algorithms to permit a verifiably secure
installation, launch, and use of a hypervisor or
operating system (OS)
■ Launched on Xeon 5600 series processors in 2010
○ SGX (Software Guard Extensions) extensions allow
an application to instantiate a protected container,
which provides confidentiality and integrity
■ Launched on Intel 6th generation Skylake processors in 2015
8. What is a Secure Enclave?
● Other TEE Technologies
○ ARM TrustZone
○ AMD SME/SEV
○ Qualcomm QSEE/SecureMSM
○ Apple iPhone Secure Enclave
○ ...
9. Why would you want to FIPS
140-2 validate inside an TEE?
10. Traditional FIPS 140-2 Validations
● When software module is first loaded, two things happen:
1. Power-On Integrity Check
■ Guarantee object files have not changed between compile time and run
time
2. Known Answer Tests
■ Verifies algorithm implementation is operating correctly
● Shared library default entry point is used to execute these
#define INITIALIZER(f) static void __attribute__((constructor)) f(void)
12. Traditional FIPS 140-2 Validations
● Traditional validation checks and tests work well, unless a malicious user
or privileged process has physical access to the system’s memory
● Malicious actor could then potentially do any number of things:
■ Modify object files and change the comparison hash for the In-Core
Integrity check
■ Modify the object code responsible for KAT’s
■ Modify the memory areas containing the core crypto code
14. Advantages of Enclave-Based Validations
● Doing a validation INSIDE a secure enclave / TEE:
✓ Adds layer of protection for cryptographic module against privileged
users (OS, BIOS, drivers, etc)
✓ Provides confidentiality of code and data - unable to view or
analyze running cryptographic module memory
✓ Provides integrity assurance for the duration of the executable /
enclave lifetime
✓ Allows use of enclave in government and DoD projects, since FIPS
140-2 is commonly a requirement
15. Advantages of Enclave-Based Validations
✓ Provides a more secure environment when running in an untrusted
environment (cloud server, etc)
?
?
?
17. Challenges of Enclave-Based Validations
● Determining best enclave entry point structure
○ Where should untrusted code call into the enclave at?
● Passing data and files TO/FROM the enclave
○ Needed to run CAVP vector files through crypto module
● Limiting crypto module dependencies external to the enclave
○ Source of entropy?
○ System calls not available in enclave
19. Intel SGX Overview
● Intel SGX Overview
○ Creates a protected container (enclave) where legitimate software can
be sealed inside
( image source: https://software.intel.com/en-us/sgx/details )
20. Intel SGX
● Intel SGX Overview
○ Provides memory protection through
encryption
○ Provides integrity of the enclave contents
○ Can generate enclave specific keys
○ Protects sensitive operations against outside
inspection
( image source: https://software.intel.com/en-us/sgx/details )
21. Intel SGX
● Intel SGX Hardware Support
○ Hardware added in Intel’s 6th generation (Skylake) processors or
later
○ To use the SGX feature it must be enabled in the BIOS
○ One Intel CPU can have multiple secure enclaves
○ Enclave physical memory is encrypted by processor
22. Current wolfCrypt FIPS OE List
Operating System Processor Platform
1 Linux 3.13 (Ubuntu) Intel® Core™ i7-3720QM CPU @2.60GHz x 8 HP EliteBook
2 iOS 8.1 Apple™ A8 iPhone™ 6
3 Android 4.4 Qualcomm Krait 400 Samsung Galaxy S5
4 FreeRTOS 7.6 ST Micro STM32F uTrust TS Reader
5 Windows 7 (64-bit) Intel® Core™ i5 Sony Vaio Pro
6 Linux 3.0 (SLES 11 SP4, 64-bit) Intel® Xeon® E3-1225 Imprivata OneSign
7 Linux 3.0 (SLES 11 SP4, 64-bit) on
Microsoft Hyper-V 2012R2 Core
Intel® Xeon® E5-2640 Dell® PowerEdge™ r630
8 Linux 3.0 (SLES 11 SP4, 64-bit) on
VMWare ESXi 5.5.0
Intel® Xeon® E5-2640 Dell® PowerEdge™ r630
9 Windows 7 (64-bit) on VMWare ESXi 5.5.0 Intel® Xeon® E5-2640 Dell® PowerEdge™ r630
Certificate #2425
23. Current wolfCrypt FIPS OE List
Operating System Processor Platform
10 Android Dalvik 4.2.2 NXP i.MX6 MXT-700-NC 7” touch panel
11 Linux 4.1.15 NXP i.MX5 NX-1200 NetLinx NX Integrated
Controller
12 Debian 8.8 Intel Xeon 1275v3 CA PAM 304L Server
13 Windows Server 2012R2 Intel Xeon E5335 Physical x64 Server(s)
14 Windows 7 Professional SP1 Intel Core i7-2640M Dell Latitude E6520
15 Debian 8.7.0 Intel Xeon E3 Family with SGX support Intel x64 Server System R1304SP
16 Windows 10 Pro Intel Core i5 with SGX support Dell Latitude 7480
17 NET+OS v7.6 Digi International NS9210 Sigma IV infusion pump
Certificate #2425 - New OE’s in 2017-2018
25. ● Independent of SSL/TLS
● Design simplifies updates
● Most bugs and
vulnerabilities happen in
SSL/TLS, not crypto
wolfCrypt FIPS Object Module
26. ● SGX enclave structure with
wolfCrypt only
● FIPS 140-2 boundary only
around “wolfCrypt FIPS”
wolfCrypt FIPS Object Module in SGX
27. ● SGX enclave structure with
wolfCrypt and wolfSSL
SSL/TLS Library
● FIPS 140-2 boundary only
around “wolfCrypt FIPS”
wolfCrypt FIPS Object Module in SGX
28. Intel SGX OE Validation Process
● Unique steps to SGX OE Validation:
○ Port wolfCrypt to run inside Intel SGX
○ Map system calls as SGX trusted entry points
○ Map wolfSSL and wolfCrypt API as SGX trusted entry points
○ Modify CAVP test harness to read vector files in untrusted section,
pass via buffer into trusted enclave
29. Intel SGX OE Validation Process
● Port wolfSSL / wolfCrypt to run inside Intel SGX enclave
○ Modify random.c to get entropy from Intel SGX API
■ sgx_read_rand()
■ /dev/random, /dev/urandom would have been outside enclave
○ Use Intel intrinsics by default
■ _lrotr()
■ _lrotl()
30. Intel SGX OE Validation Process
● Map system calls as SGX trusted entry points (OCALLs)
○ printf() - for logging/debugging
■ ocall_print_string()
○ gettimeofday() - get the current time in seconds since Epoch
■ ocall_current_time()
○ get struct timeval seconds
■ ocall_low_res_time()
○ send() - network send function
■ ocall_send()
○ recv() - network recv function
■ ocall_recv()
31. Intel SGX OE Validation Process
● Map wolfSSL and wolfCrypt API as SGX trusted entry points
○ Add wrapper functions exposing wolfSSL and wolfCrypt API:
■ public int enc_wolfSSL_Init(void);
■ public WOLFSSL_METHOD* enc_wolfTLSv1_2_client_method(void);
■ public WOLFSSL_METHOD* enc_wolfTLSv1_2_server_method(void);
■ public int enc_wc_InitRng([user_check] WC_RNG* rng);
■ public int enc_wc_FreeRng([user_check] WC_RNG* rng);
■ public int enc_wc_InitRsaKey([user_check] RsaKey* key, [user_check]
void* ptr);
■ etc...
32. Intel SGX OE Validation Process
● Modify CAVP test harness to read vector files in untrusted section,
pass via buffer into trusted enclave
33. Intel SGX OE Demo!
● Demo of wolfSSL’s test app inside an SGX Enclave
$ ./App
Usage:
-t Run wolfCrypt tests only
-b Run wolfCrypt benchmarks in enclave
-c Run a TLS client in enclave
-s Run a TLS server in enclave
Operating System Processor Platform
15 Debian 8.7.0 Intel Xeon E3 Family with SGX support Intel x64 Server System R1304SP
34. Intel SGX OE Demo!
● Demo of wolfSSL’s test app inside an SGX Enclave
$ ./App -t
Crypt Test:
error test passed!
base64 test passed!
asn test passed!
MD5 test passed!
MD4 test passed!
SHA test passed!
SHA-256 test passed!
...
ECC test passed!
ECC buffer test passed!
logging test passed!
mutex test passed!
memcb test passed!
Crypt Test: Return code 0
$ ./App -b
Benchmark Test:
wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each)
RNG 130 MB took 1.016 seconds, 127.979 MB/s
AES-128-CBC-enc 255 MB took 1.004 seconds, 253.880 MB/s
AES-128-CBC-dec 285 MB took 1.013 seconds, 281.257 MB/s
AES-192-CBC-enc 225 MB took 1.013 seconds, 222.205 MB/s
AES-192-CBC-dec 245 MB took 1.000 seconds, 244.950 MB/s
AES-256-CBC-enc 200 MB took 1.015 seconds, 196.992 MB/s
…
ECC 256 key gen 1155 ops took 1.000 sec, avg 0.866 ms, 1154.727 ops/sec
ECDHE 256 agree 1200 ops took 1.022 sec, avg 0.852 ms, 1173.816 ops/sec
ECDSA 256 sign 1200 ops took 1.048 sec, avg 0.873 ms, 1145.563 ops/sec
ECDSA 256 verify 600 ops took 1.023 sec, avg 1.705 ms, 586.548 ops/sec
Benchmark Test: Return code 0
35. What’s up for the Future?
● Possibilities for the future, depending on customer demand:
○ More SGX Operating Environments
○ Expanded FIPS 140-2 algorithm boundary
○ FIPS 140-2 validations in other TEE environments
○ What do you want to see?
36. wolfSSL Library Makefile for SGX
● wolfSSL SGX Static Library Project
○ Creates a static wolfSSL library for use with SGX enclaves
○ Assumes user has already:
■ Enabled SGX in BIOS
■ Installed necessary software from Intel
○ Distributed with wolfSSL:
■ https://github.com/wolfSSL/wolfssl/tree/master/IDE/LINUX-SGX
37. wolfSSL SGX Examples
● Non-FIPS Examples Available on GitHub
○ Examples include:
■ TLS Client in an enclave
■ TLS Server in an enclave
■ wolfCrypt tests in an enclave
■ wolfCrypt benchmarks in an enclave
○ For Linux and Windows
■ https://github.com/wolfSSL/wolfssl-examples/tree/master/SGX_Linux
■ https://github.com/wolfSSL/wolfssl-examples/tree/master/SGX_Windows
38. A. Overview of Secure Enclaves
a. Advantages
b. Challenges
B. FIPS 140-2 inside Intel SGX
a. Intel SGX
b. Changes required
c. Validation Process
Summary