[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] HSMs or Intel SGX? Which is harder to hack?



On Thu, Feb 16, 2017 at 8:57 AM, Bill Cox <waywardgeek AT gmail.com> wrote:
> If you wanted to store secrets so securely that you could never get them
> out, how would you do it? The secrets need to be usable for things like
> signing, but they should be unrecoverable.  In particular, is it better to
> buy an HSM, or use Intel's SGX mode on some of its newer processors?

Don't use a general purpose device.
Though certainly dedicated HSM's have their list of hacks too.

Note that some regard SGX

https://github.com/kudelskisecurity/sgxfun

as having already been broken

https://www.ibr.cs.tu-bs.de/users/weichbr/papers/esorics2016.pdf

and btw ASLR just got beat up again

https://www.vusec.net/projects/anc/
https://github.com/vusec/revanc
https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to
-make-drive-by-exploits-much-nastier/

Esorics 2016 freebies
http://link.springer.com/book/10.1007/978-3-319-45744-4
http://link.springer.com/book/10.1007/978-3-319-45741-3