This article is part of the Technology Insight series, made possible with funding from Intel.
________________________________________________________________________________________
Three years ago, the NotPetya ransomware wreaked over $10 billion in damage. Crafted by the Russian military, the malware relied on a nearly decade-old code named Mimikatz. It highlighted an ongoing Windows flaw that could expose users’ passwords left as cleartext in system memory. Even today, any exploitable system that hosts multiple users stands ready to expose those passwords to hackers, who can then seize that data and use it to log into adjacent exploitable systems.
One lasting lesson of NotPetya rings truer than ever: In the entire system stack, from foundational hardware to top-level applications, there’s very little space left for data to stay secure. Hackers can reach well beyond software and storage drives, probing into the BIOS and chipset for weakness. Keeping data private and secure, especially when exchanged between systems, means digging into even deeper levels within the hardware.
Key points
- Hackers continue to devise more insidious ways of burrowing inside of previously safe hardware.
- Intel SGX technology uses hardware-based attestation to create secure, encrypted zones (enclaves) within system memory to execute confidential applications and data.
- Adoption continues to expand to blockchain, content protection, and analysis of cloud-based databases.
Finding safety in system memory
Ten years ago, according to Intel and McAfee, 25 new cyber threats emerged daily. Now, that number stands at a staggering 500,000, targeting every thing connected to the internet. IoT and persistent connectivity means that threats are also persistent. Gartner predicts that through 2024, most businesses will underestimate the amount of risk in using the cloud; e.g., they will unintentionally leave their most sensitive data unguarded and for hackers to find and exploit.
June 5th: The AI Audit in NYC
Join us next week in NYC to engage with top executive leaders, delving into strategies for auditing AI models to ensure fairness, optimal performance, and ethical compliance across diverse organizations. Secure your attendance for this exclusive invite-only event.
To better understand the deep-level risk, recall from above how Mimikatz was able to pull unencrypted passwords from RAM. This follows a long line of malware able to deploy from within resources commonly not associated with application- and OS-level malware in regular systems.
Think of ransomware that hides within the system BIOS (which is software executing before the OS on a dedicated chip). Appliances are vulnerable, as QNAP acknowledged last November in response to the QSnatch exploit against its NAS boxes. Even simple IoT devices aren’t safe. German researchers published findings in 2019 showing how attackers can manipulate analog-to-digital conversion (ADC) chips, very common in IoT devices, to manipulate the CPU and expose AES encryption keys.
In short, if a component can possibly contain malware, hackers will find a way to get it there.
A long march
In response to the long-rising tide of malware threats, Intel created SGX (Software Guard Extensions), a set of instruction codes that debuted in 2015 with Intel’s Skylake-generation CPUs. It builds on the prior secure computing methods of technologies such as the Trusted Platform Module (TPM) and Intel Trusted Execution Technology (TXT). In turn, SGX has provided much of the foundation behind subsequent security efforts, including confidential computing. SGX remains widely available. Many systems come with it disabled by default, but by understanding what SGX has to provide and putting it to use, businesses can take serious steps to protect their data assets.
Most anti-malware measures work to keep threats out. However, in a way, SGX presumes that the system is already compromised. SGX uses trusted hardware within the CPU to create an encrypted area within system memory known as an enclave, which is locked with a CPU-generated encryption key. Anything within an enclave is encrypted and cannot be accessed by any function outside of the enclave. It’s like being a kid who develops a secret language with his or her best friend, and they only use that language in one locked room, ever. If someone listens at the door — or even figures out a way to bug the room — no one is ever going to understand the contents of the communication.
How it works
More technically, SGX relies on a system of key-based software attestation, which allows a program to authenticate itself to another set of resources. A user can load any given data set into a secure container, but if that data’s hash doesn’t match the value expected by the container, the container will be rejected. As a result, SGX makes applications that have been coded to take advantage of SGX even more secure. In situations where a bad actor has bypassed other layers of application, OS, or even BIOS security, SGX keeps secret data nestled safely away and out of sight because the hardware resources containing that data are non-addressable.
SGX comes standard on select Intel Skylake chips (Core i7, Core i9, and Xeon E processors). The feature must be exposed and enabled by the developer. With SGX enabled in the BIOS, two areas can be established within RAM: trusted and untrusted. SGX-compatible applications first create an enclave for “secrets” in trusted RAM. The application then calls in a trusted function for working within the enclave.
Once that trusted part of the application is running within the enclave, the application sees the secret, encrypted data as clear text. The CPU denies all other attempts to see this data. At that stage, the application can then leave the enclave, but the sensitive data stays behind. The important part to remember here is that not even the application can access the secret data once the application’s trusted routine has effectively left the building.
Also note that enclaves are destroyed when the system goes to sleep or the application exits. Further, data can only be decrypted/unsealed on the same trusted system. This is one reason why SGX has such great potential in analytics, where remote data needs to be processed on a certain server. That data will only open and process on the specific, authenticated machine, making interception by a third party irrelevant.
Expanding use cases
Fortanix, a Mountain View-based company whose business is modeled around key management and whose SDKMS (Self-Defending Key Management System) is built on SGX, provides trusted environments for sensitive data in public settings. After three years of deploying SGX, Fortanix announced that the technology “allows for a variety of enterprise use cases, including securing data-centric workloads such as blockchain, databases, AI/machine learning and analytics.” IBM, for example, puts Fortanix and SGX at the heart of its IBM Cloud Data Shield for more secure cloud and container-based computing. Google and Fortanix joined hands to integrate SDKMS with Google Cloud’s External Key Manager. Fortanix SDKMS also now operates in Alibaba Cloud to secure cloud data for clients.
Other use cases, Intel says, can include:
- Key management, wherein enclaves help manage crypto keys and provide hardware security module-like support.
- Content protection, to help ensure that streams are unaltered and thus guarding the sender’s intellectual property.
- Edge computing, with devices gathering data from source devices more securely.
- Digital wallets, to keep payment transactions protected.
- Communications, with data beginning securely in the system before it gets encrypted for transmission.
No security is perfect
We know that as more compute and storage migrates into public cloud-based settings, increased connectivity means increased vulnerability. The best way to create safe environments in the IoT/edge and cloud model is with multiple layers of security. But no security measure can stop all attacks. It’s why the industry relies on a community of researchers and developers to discover weaknesses before hackers and malicious offenders do.
As a case in point, researchers discovered a hitch in SGX’s implementation they called the Plundervolt exploit. The attack introduces subtle undervoltage and frequency changes to the CPU in order to corrupt SGX’s integrity. The research was shared first with Intel and then quickly patched. To date, no other SGX exploits have surfaced.
Laying a secure foundation
Growing connectivity and reliance on cloud infrastructures demands a layered approach to network security. Addressing weaknesses at each level of the system means implementing strategies upward and outward from the core system components. Businesses might intend to deploy SGX tomorrow, but that means having systems based on SGX-supporting CPUs in place today. Buyers should plan accordingly and double check on Intel’s ARK site (under the CPU’s Security features) that their processors support the technology.
The more systems an organization has running, the larger the attack surface. SGX can offer another plate in the armor.
