Roshan G. Ragel,Jude A. Ambrose,Sri Parameswaran

DOI: https://doi.org/10.48550/arXiv.1511.01946

2015-11-06

Abstract:Security of embedded computing systems is becoming of paramount concern as these devices become more ubiquitous, contain personal information and are increasingly used for financial transactions. Security attacks targeting embedded systems illegally gain access to the information in these devices or destroy information. The two most common types of attacks embedded systems encounter are code-injection and power analysis attacks. In the past, a number of countermeasures, both hardware- and software-based, were proposed individually against these two types of attacks. However, no single system exists to counter both of these two prominent attacks in a processor based embedded system. Therefore, this paper, for the first time, proposes a hardware/software based countermeasure against both code-injection attacks and power analysis based side-channel attacks in a dual core embedded system. The proposed processor, named SecureD, has an area overhead of just 3.80% and an average runtime increase of 20.0% when compared to a standard dual processing system. The overhead were measured using a set of industry standard application benchmarks, with two encryption and five other programs.

Hardware Architecture

Yajin Zhou,Xiaoguang Wang,Yue Chen,Zhi Wang

DOI: https://doi.org/10.1145/2660267.2660344

2014-01-01

Abstract:Software fault isolation (SFI) is an effective mechanism to confine untrusted modules inside isolated domains to protect their host applications. Since its debut, researchers have proposed different SFI systems for many purposes such as safe execution of untrusted native browser plugins. However, most of these systems focus on the x86 architecture. In recent years, ARM has become the dominant architecture for mobile devices and gains in popularity in data centers. Hence there is a compelling need for an efficient SFI system for the ARM architecture. Unfortunately, existing systems either have prohibitively high performance overhead or place various limitations on the memory layout and instructions of untrusted modules.In this paper, we propose ARMlock, a hardware-based fault isolation for ARM. It uniquely leverages the memory domain support in ARM processors to create multiple sandboxes. Memory accesses by the untrusted module (including read, write, and execution) are strictly confined by the hardware, and instructions running inside the sandbox execute at the same speed as those outside it. ARMlock imposes virtually no structural constraints on untrusted modules. For example, they can use self-modifying code, receive exceptions, and make system calls. Moreover, system calls can be interposed by ARMlock to enforce the policies set by the host. We have implemented a prototype of ARMlock for Linux that supports the popular ARMv6 and ARMv7 sub-architecture. Our security assessment and performance measurement show that ARMlock is practical, effective, and efficient.

Jules Drean,Miguel Gomez-Garcia,Fisher Jepsen,Thomas Bourgeat,Srinivas Devadas

DOI: https://doi.org/10.48550/arXiv.2306.14882

2024-05-09

Abstract:Hardware isolation primitives such as secure enclaves aim to protect sensitive programs, but remain vulnerable to transient execution attacks. Complete microarchitectural isolation is not a satisfactory defense mechanism as it leaves out public shared memory, critical for usability and application performance. Conversely, hardware-software co-designs for secure speculation can counter these attacks but are not yet practical, since they make assumptions on the speculation modes, the exposed microarchitectural state, and the software, which are all hard to support for the entire software stack. This paper advocates for processors to incorporate microarchitectural isolation primitives and mechanisms for controlled speculation, enabling different execution modes. These modes can restrict what is exposed to an attacker, effectively balancing performance and program-analysis complexity. We introduce two mechanisms to securely share memory between an enclave and an untrusted OS in an out-of-order processor. We show that our two modes are complementary, achieving speculative non-interference with a reasonable performance impact, while requiring minimal code annotation and simple program analysis doable by hand. Our prototype, Citadel, is a multicore processor running on an FPGA, booting untrusted Linux, and supporting comprehensive enclave capabilities, such as shared memory, and remote attestation. To our knowledge, Citadel is the first end-to-end enclave platform to run secure applications, such as cryptographic libraries or small private inference workloads, on a speculative out-of-order multicore processor while protecting against a significant class of side-channel attacks.

Cryptography and Security,Hardware Architecture

Shuai Wang,Yang Li,JunBao Liu,Jun Han,Xiaoyang Zeng

DOI: https://doi.org/10.1109/ASICON.2011.6157314

2011-01-01

Abstract:This paper presents a security processor based on MIPS 4KE architecture which extends security functions of AES and ECC. Due to the different features of AES and ECC encryptions, two dedicated hardware units are employed. One is the AES function unit which is integrated into the pipeline of this MIPS-like processor, and the other is the ECC unit which works as a coprocessor to implement asymmetric cryptographic algorithms. Moreover, the instruction set extensions(ISE) of MIPS for these security functions are developed. Therefore, our security processor is not only able to handle high-intensity encryption tasks, but also compatible to the leading software development tools of industry. At last, its functionality and high performance are verified by our experimental chip. © 2011 IEEE.

Mohammed Nabeel,Mohammed Ashraf,Satwik Patnaik,Vassos Soteriou,Ozgur Sinanoglu,Johann Knechtel

DOI: https://doi.org/10.1109/TC.2020.3020777

2020-09-30

Abstract:Dedicated, after acceptance and publication, in memory of the late Vassos Soteriou. For the first time, we leverage the 2.5D interposer technology to establish system-level security in the face of hardware- and software-centric adversaries. More specifically, we integrate chiplets (i.e., third-party hard intellectual property of complex functionality, like microprocessors) using a security-enforcing interposer. Such hardware organization provides a robust 2.5D root of trust for trustworthy, yet powerful and flexible, computation systems. The security paradigms for our scheme, employed firmly by design and construction, are: 1) stringent physical separation of trusted from untrusted components, and 2) runtime monitoring. The system-level activities of all untrusted commodity chiplets are checked continuously against security policies via physically separated security features. Aside from the security promises, the good economics of outsourced supply chains are still maintained; the system vendor is free to procure chiplets from the open market, while only producing the interposer and assembling the 2.5D system oneself. We showcase our scheme using the Cortex-M0 core and the AHB-Lite bus by ARM, building a secure 64-core system with shared memories. We evaluate our scheme through hardware simulation, considering different threat scenarios. Finally, we devise a physical-design flow for 2.5D systems, based on commercial-grade design tools, to demonstrate and evaluate our 2.5D root of trust.

Cryptography and Security,Hardware Architecture

Sizhong Xuan,Jun Han,Zhiyi Yu,Yi Ren,Xiaoyang Zeng

DOI: https://doi.org/10.1109/asicon.2015.7516998

2015-01-01

Abstract:This paper introduces a new SoC platform mainly integrated with AXI bus, OR1200, ROM, SRAM, 1Mb RRAM, UART and an 80,000-gate FPGA. OR1200 is the only master, and the others are slaves. The SoC boots from ROM, and then program to be run is sent to SRAM from PC by UART, and run by the processor OR1200. The custom RRAM, known as a potential ram, can store encryption/decryption algorithms and keys. The small FPGA can be configured to implement the algorithms partially, cooperating with the processor. We run the AES-128 algorithm (including encryption and decryption) on the SoC system. With the uart tool on PC, we can verify the results correctly. The total area of the configurable SoC is 10×5 mm2 with SMIC 0.13um CMOS technology.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yang Xiang,Yuxia Cheng,Abdulhameed Alelaiwi

DOI: https://doi.org/10.1007/s10586-017-0833-4

2017-01-01

Cluster Computing

Abstract:With the rapid development of Internet of Things technology and the promotion of embedded devices’ computation performance, smart devices are probably open to security threats and attacks while connecting with rich and novel Internet. Attracting lots of attention in embedded system security community recently, Trusted Execution Environment (TEE), allows for the execution of arbitrary code within environments completely isolated from the rest of a system. However, existing memory protection methods in a TEE are inadequate. In general, the software-based formal methods are not practical and the hardware-based implementation approaches lack of theoretical proof. To address the memory isolation and protection problems in TEE, in this paper, we propose a practical memory integrity protection method on an ARM-based platform, called MIPE, to defend against security threats including kernel data attacks and direct memory access attacks. MIPE utilizes TrustZone technique to create a isolated execution environment, which can protect the sensitive code and data against attacks. To present the integrity protection strategies, we provide the design of MIPE using B method, which is a practical formal method. We also implement MIPE on the Xilinx Zynq ZC702 evaluation board. The evaluation results show that the automatic proof rate of machines using B method is about 78.32%, and the proposed method is effective and feasible in terms of both load time and overhead.

Vasilios Mavroudis,Andrea Cerulli,Petr Svenda,Dan Cvrcek,Dusan Klinec,George Danezis

DOI: https://doi.org/10.48550/arXiv.1709.03817

2017-10-29

Abstract:The semiconductor industry is fully globalized and integrated circuits (ICs) are commonly defined, designed and fabricated in different premises across the world. This reduces production costs, but also exposes ICs to supply chain attacks, where insiders introduce malicious circuitry into the final products. Additionally, despite extensive post-fabrication testing, it is not uncommon for ICs with subtle fabrication errors to make it into production systems. While many systems may be able to tolerate a few byzantine components, this is not the case for cryptographic hardware, storing and computing on confidential data. For this reason, many error and backdoor detection techniques have been proposed over the years. So far all attempts have been either quickly circumvented, or come with unrealistically high manufacturing costs and complexity. This paper proposes Myst, a practical high-assurance architecture, that uses commercial off-the-shelf (COTS) hardware, and provides strong security guarantees, even in the presence of multiple malicious or faulty components. The key idea is to combine protective-redundancy with modern threshold cryptographic techniques to build a system tolerant to hardware trojans and errors. To evaluate our design, we build a Hardware Security Module that provides the highest level of assurance possible with COTS components. Specifically, we employ more than a hundred COTS secure crypto-coprocessors, verified to FIPS140-2 Level 4 tamper-resistance standards, and use them to realize high-confidentiality random number generation, key derivation, public key decryption and signing. Our experiments show a reasonable computational overhead (less than 1% for both Decryption and Signing) and an exponential increase in backdoor-tolerance as more ICs are added.

Cryptography and Security

Dan Meng,Rui Hou,Gang Shi,Bibo Tu,Aimin Yu,Ziyuan Zhu,Xiaoqi Jia,Yu Wen,Yun Yang

DOI: https://doi.org/10.1109/tc.2020.3011748

IF: 3.183

2020-11-01

IEEE Transactions on Computers

Abstract:Continually disclosed vulnerabilities reveal that traditional computer architecture lacks the consideration of security. This article proposes a security-first architecture, with an Active Security Processor (ASP) integrated to conventional computer architectures. To reduce the attack surface of ASP and improve the security of the whole system, the ASP is physically isolated from Computation Processor Units (CPU) with an asymmetric address space, which enables both ASP and CPU to run their operating system and applications independently in their own memory space. Furthermore, the ASP, which has the highest privilege (Super Root) of the whole system, possesses two advantageous features. First, the ASP can efficiently access all CPU resources and collect multi-dimensional information to monitor malicious behaviors, meanwhile, the CPU cannot access the ASP's private resources in any way. Second, instead of being scheduled by CPUs, the ASP can actively manage the security mechanisms employed in either CPUs or the ASP. Based on the security-first architecture, we introduce several typical security tasks running on ASP. With different considerations in terms of system overhead, complexity and performance, we also explore four typical system-level implementations for integrating the ASP to the security-first architecture. The first-generation ASP was designed and implemented based on the 40nm technology, and a security computer system was implemented based on it. Evaluations on this real hardware platform demonstrate that the security-first architecture can protect the system effectively with minor performance impacts on computing workloads.

engineering, electrical & electronic,computer science, hardware & architecture

Wei Huang,Jun Han,Shuai Wang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/ICSICT.2010.5667841

2010-01-01

Abstract:This paper presents a mobile security SoC to deal with intensive cryptography algorithms for different security protocols. A MIPS-like general processor, a dedicated package processor for fast data package, and multiple security processors for cryptography are integrated in the SoC. Moreover, the performance can be greatly enhanced by the well-designed DTU (Data Transfer Unit), memory architecture and synchronization units. With the help of our MIPS, software of the processors could be programmed flexibly to fulfill the requirements of the different security protocols. A test chip is implemented in SMIC 0.13μm standard CMOS technology, and its functionality and performance are well verified. It can achieve 565Mbps, 256Mbps, 19Kbps and 16Kbps throughput for AES (128), SHA-1, RSA (1024), ECC (192) respectively.

Pascal Nasahl,Robert Schilling,Mario Werner,Stefan Mangard

DOI: https://doi.org/10.1145/3433210.3453112

2021-05-24

Abstract:To ensure secure and trustworthy execution of applications in potentially insecure environments, vendors frequently embed trusted execution environments (TEE) into their systems. Applications executed in this safe, isolated space are protected from adversaries, including a malicious operating system. TEEs are usually build by integrating protection mechanisms directly into the processor or by using dedicated external secure elements. However, both of these approaches only cover a narrow threat model resulting in limited security guarantees. Enclaves nested into the application processor typically provide weak isolation between the secure and non-secure domain, especially when considering side-channel attacks. Although external secure elements do provide strong isolation, the slow communication interface to the application processor is exposed to adversaries and restricts the use cases. Independently of the used approach, TEEs often lack the possibility to establish secure communication to peripherals, and most operating systems executed inside TEEs do not provide state-of-the-art defense strategies, making them vulnerable to various attacks. We argue that TEEs, such as Intel SGX or ARM TrustZone, implemented on the main application processor, are insecure, especially when considering side-channel attacks. In this paper, we demonstrate how a heterogeneous multicore architecture can be utilized to realize a secure TEE design. We directly embed a secure processor into our HECTOR-V architecture to provide strong isolation between the secure and non-secure domain. The tight coupling of the TEE and the application processor enables HECTOR-V to provide mechanisms for establishing secure communication channels between different devices. We further introduce RISC-V Secure Co-Processor (RVSCP), a security-hardened processor tailored for TEEs. To secure applications executed inside the TEE, RVSCP provides hardware enforced control-flow integrity and rigorously restricts I/O accesses to certain execution states. RVSCP reduces the trusted computing base to a minimum by providing operating system services directly in hardware.

Ofir Shwartz,Yitzhak Birk

DOI: https://doi.org/10.48550/arXiv.1803.03951

2018-03-11

Abstract:In this work we present the Secure Machine, SeM for short, a CPU architecture extension for secure computing. SeM uses a small amount of in-chip additional hardware that monitors key communication channels inside the CPU chip, and only acts when required. SeM provides confidentiality and integrity for a secure program without trusting the platform software or any off-chip hardware. SeM supports existing binaries of single- and multi-threaded applications running on single- or multi-core, multi-CPU. The performance reduction caused by it is only few percent, most of which is due to the memory encryption layer that is commonly used in many secure architectures. We also developed SeM-Prepare, a software tool that automatically instruments existing applications (binaries) with additional instructions so they can be securely executed on our architecture without requiring any programming efforts or the availability of the desired program`s source code. To enable secure data sharing in shared memory environments, we developed Secure Distributed Shared Memory (SDSM), an efficient (time and memory) algorithm for allowing thousands of compute nodes to share data securely while running on an untrusted computing environment. SDSM shows a negligible reduction in performance, and it requires negligible and hardware resources. We developed Distributed Memory Integrity Trees, a method for enhancing single node integrity trees for preserving the integrity of a distributed application running on an untrusted computing environment. We show that our method is applicable to existing single node integrity trees such as Merkle Tree, Bonsai Merkle Tree, and Intel`s SGX memory integrity engine. All these building blocks may be used together to form a practical secure system, and some can be used in conjunction with other secure systems.

Cryptography and Security,Hardware Architecture,Distributed, Parallel, and Cluster Computing,Operating Systems

Dan Cao,Jun Han,Xiaoyang Zeng,ShiTing Lu

DOI: https://doi.org/10.1109/ICSICT.2008.4734938

2008-01-01

Abstract:The security processor proposed in this paper is composed by multiple cryptographic cores. And due to the use of embedded DMA and data burst transfer, the processor can act as a bus master. This architecture improves the efficiency of system bus and reduces the burden of host CPU. Additionally, the proposed processor is connected to the system bus via a GALS Wrapper. Thus, high throughput can be achieved by using faster clock than the host CPU utilizes. On the other hand, the clock of the security processor can also be slowed down if the low power application is desired.

Zhun Zhang,Xiang Wang,Qiang Hao,Dongdong Xu,Jinlei Zhang,Jiakang Liu,Jinhui Ma

DOI: https://doi.org/10.3390/mi12050560

IF: 3.4

2021-05-15

Micromachines

Abstract:Dynamic data security in embedded systems is raising more and more concerns in numerous safety-critical applications. In particular, the data exchanges in embedded Systems-on-Chip (SoCs) using main memory are exposing many security vulnerabilities to external attacks, which will cause confidential information leakages and program execution failures for SoCs at key points. Therefore, this paper presents a security SoC architecture with integrating a four-parallel Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) cryptographic accelerator for achieving high-efficiency data processing to guarantee data exchange security between the SoC and main memory against bus monitoring, off-line analysis, and data tampering attacks. The architecture design has been implemented and verified on a Xilinx Virtex-5 Field Programmable Gate Array (FPGA) platform. Based on evaluation of the cryptographic accelerator in terms of performance overhead, security capability, processing efficiency, and resource consumption, experimental results show that the parallel cryptographic accelerator does not incur significant performance overhead on providing confidentiality and integrity protections for exchanged data; its average performance overhead reduces to as low as 2.65% on typical 8-KB I/D-Caches, and its data processing efficiency is around 3 times that of the pipelined AES-GCM construction. The reinforced SoC under the data tampering attacks and benchmark tests confirms the effectiveness against external physical attacks and satisfies a good trade-off between high-efficiency and hardware overhead.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

Matteo Busi,Job Noorman,Jo Van Bulck,Letterio Galletta,Pierpaolo Degano,Jan Tobias Mühlberg,Frank Piessens

DOI: https://doi.org/10.48550/arXiv.2001.10881

2020-01-29

Abstract:Computer systems often provide hardware support for isolation mechanisms like privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken the isolation that these mechanisms offer. Extending a processor with new architectural or micro-architectural features, brings a risk of introducing new such side-channel attacks. This paper studies the problem of extending a processor with new features without weakening the security of the isolation mechanisms that the processor offers. We propose to use full abstraction as a formal criterion for the security of a processor extension, and we instantiate that criterion to the concrete case of extending a microprocessor that supports enclaved execution with secure interruptibility of these enclaves. This is a very relevant instantiation as several recent papers have shown that interruptibility of enclaves leads to a variety of software-based side-channel attacks. We propose a design for interruptible enclaves, and prove that it satisfies our security criterion. We also implement the design on an open-source enclave-enabled microprocessor, and evaluate the cost of our design in terms of performance and hardware size.

Cryptography and Security

Zhenliang An,Weike Wang,Wenxin Li,Senyang Li,Dexue Zhang

DOI: https://doi.org/10.3390/mi14081525

IF: 3.4

2023-07-30

Micromachines

Abstract:The growing prevalence of embedded systems in various applications has raised concerns about their vulnerability to malicious code reuse attacks. Current software-based and hardware-assisted security techniques struggle to detect or block these attacks with minor performance and implementation overhead. To address this issue, this paper presents a lightweight hardware-assisted scheme to enhance the security of embedded systems against code reuse attacks. We develop an on-chip lightweight hardware shadow stack to validate target addresses at runtime for backward-edge control flow integrity, which backs up valid return addresses during function calls and automatically verifies actual return addresses during the return phase. Additionally, we propose a lightweight stream cipher circuit that encrypts and decrypts critical stack data related to control flow manipulation, preventing attackers from analyzing or tampering with them. When designing and implementing the security mechanism for embedded systems, we fully consider the constraints of limited system resources and performance, optimizing both the architecture design and implementation of the proposed hardware. Finally, we integrate both the proposed lightweight hardware shadow stack and the runtime data encryption hardware into the OR1200 processor. We have verified the system security function on the Terasic DE1-SoC FPGA platform and evaluated the system performance as well as implementation overhead. The results show that the proposed lightweight hardware-assisted scheme can provide a dedicated defense capability against code reuse attacks for embedded systems, with an average system performance overhead of 0.39% and an area footprint of 0.316 mm2.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

Jinyu Gu,Bojun Zhu,Yubin Xia,Binyu Zang,Haibing Guan,Haibo Chen,Xinyu Wu

DOI: https://doi.org/10.1109/tc.2020.3019704

IF: 3.183

2020-01-01

IEEE Transactions on Computers

Abstract:The releases of Intel SGX and AMD SEV mark the transition of hardware-based enclaves from research prototypes to mainstream products. These two paradigms of secure enclaves are attractive to both the cloud providers and tenants, since security is one of the key pillars of cloud computing. However, it is found that current hardware-defined enclaves are not flexible and efficient enough for the cloud. For example, although SGX can provide strong memory protection with both confidentiality and integrity, the size of secure memory is tightly restricted. On the contrary, SEV enables enclaves to use more memory but has critical security flaws due to no memory integrity protection. Meanwhile, both types of enclaves have relatively long booting latency, which makes them not suitable for short-term tasks like serverless workloads. After an in-depth analysis, we find that there are some intrinsic tradeoffs between security and performance due to the limitation of architectural designs. In this article, we investigate a novel hardware-software co-design of enclaves to meet the requirements of cloud by placing a part of the logic of the enclave mechanism into a lightweight software layer, named Enclavisor, to achieve a balance between security, performance, and flexibility. Specifically, our implementation is based on AMD's SEV and, Enclavisor is placed in the guest kernel mode of SEV's secure virtual machines. Enclavisor inherently supports memory encryption with no memory limitation and also achieves efficient booting, multiple enclave granularities, and post-launch remote attestation. Meanwhile, we also propose hardware/software solutions to mitigate the security flaws caused by the lack of memory integrity. We implement a prototype of Enclavisor on an AMD SEV server. The experiments on both micro-benchmarks and application benchmarks show that enclaves on Enclavisor can have close-to-native performance.

engineering, electrical & electronic,computer science, hardware & architecture

genxian liu,xi zhang,dongsheng wang,zhenyu liu,haixia wang

DOI: https://doi.org/10.1007/978-3-662-43908-1_1

2014-01-01

Abstract:Security is a crucial element of information systems. Extensive research for cryptographic algorithms that provide the sound theoretical basis of security. Among them security and integrity of memory has been a longstanding issue in trusted system design. Main memory is a critical component of all computing systems. Most of those systems are vulnerable to memory attacks, in which an attacker gains physical accesses to the unattended hardware, obtains the decryption keys from memory. We propose a method for protecting memory systems against attacks with hardware authentication and full memory encryption. The method is secure against all known type of memory attack. We have tested the method with software simulator and Field Programmable Gate Array (FPGA) platform. The results show that the method can authenticate and encrypt the contents of DRAM with 2.5 % performance penalties.

Deniz Gurevin,Chenglu Jin,Phuong Ha Nguyen,Omer Khan,Marten van Dijk

DOI: https://doi.org/10.48550/arXiv.2201.01834

2022-01-06

Abstract:Recent years have witnessed a trend of secure processor design in both academia and industry. Secure processors with hardware-enforced isolation can be a solid foundation of cloud computation in the future. However, due to recent side-channel attacks, the commercial secure processors failed to deliver the promises of a secure isolated execution environment. Sensitive information inside the secure execution environment always gets leaked via side channels. This work considers the most powerful software-based side-channel attackers, i.e., an All Digital State Observing (ADSO) adversary who can observe all digital states, including all digital states in secure enclaves. Traditional signature schemes are not secure in ADSO adversarial model. We introduce a new cryptographic primitive called One-Time Signature with Secret Key Exposure (OTS-SKE), which ensures no one can forge a valid signature of a new message or nonce even if all secret session keys are leaked. OTS-SKE enables us to sign attestation reports securely under the ADSO adversary. We also minimize the trusted computing base by introducing a secure co-processor into the system, and the interaction between the secure co-processor and the attestation processor is unidirectional. That is, the co-processor takes no inputs from the processor and only generates secret keys for the processor to fetch. Our experimental results show that the signing of OTS-SKE is faster than that of Elliptic Curve Digital Signature Algorithm (ECDSA) used in Intel SGX.

Cryptography and Security,Hardware Architecture