Enabling Security-Enhanced Attestation With Intel SGX for Remote Terminal and IoT

Along with the advent and popularity of cloud computing, Internet of Things, and bring your own device, the trust requirement for terminal devices has increased significantly. An untrusted terminal, a terminal that runs in an untrustworthy execution environment, may cause serious security issues for enterprise networks. With the release of Software Guard Extension, Intel has provided a promising way to construct trusted terminals and services. Utilizing this technology, we propose a security-enhanced attestation for remote terminals, which can achieve shielded execution for measurements and attestation programs. Furthermore, we present a policy-based measurement mechanism where sensitive data, including secret keys and policy details are concealed using the enclave-specific keys. We implement our attestation prototype on real platform with Intel Skylake processor. Evaluation results show that our attestation system can provide much stronger security guarantees, yet incurs small performance overhead.