1

I have a situation:

I have a scenario that I must connect to a web server and I need to keep the response data safe: I connect to a REST API that will return credit card data. I sign the key in the trusted code and I sent the HTTP request in the untrusted part using the signature via and OCALL. The app receives the HTTP response in the untrusted part and is sent to the trusted part immediately to the enclave via an ECALL. However, from my point of view, I have a security leak in the app: the user credit data should be received in the untrusted part.

From my research, and also because of some posts in here I think there is no way to do an HTTP call from the enclave. @JesusG_Intel wrote at https://community.intel.com/t5/Intel-Software-Guard-Extensions/Rest-API-or-HTTP-API-call-from-inside...:

"It is not possible to make calls directly to the outside world from inside an enclave. You must create ocalls from the enclave to your application, then the application can make the REST API or HTTP requests on behalf of the enclave."

I am new to sgx technology and I know if this is a real security leak or not. I think intel won't allow this security risk. What I am missing? Can you guide me on how to make a safe HTTP request using sgx tech?

Thanks

GrailsBeginner98
  • 101
  • 6

2 Answers2

1

The whole point of having a Trusted Execution environment (i.e. SGX in your case) is to keep the data encrypted outside the enclave and only decrypt it inside the enclave.

I'm not aware of what exactly you are trying to achieve, and if I understood your requirements correctly, the REST API is sending the credit card (CC) information to your app in plaintext. If so, then the REST API should encrypt the CC information first, send it to your app (untrusted part), the untrusted part marshalls the encrypted data to your trusted part (enclave), then the enclave decrypts the CC information inside the enclave.

Kassem
  • 1,481
  • 3
  • 20
  • 42
0

I might be a bit late, but I think this question deserves a bit more details.

When using Imte; SGX to create a TEE, your app is divided into two parts:

  • the untrusted part, aka the app itself
  • the trusted part, aka the enclave.

The latter is the most secure. Due to its limited resources (128/256Mb of RAM), it should be reserved for processes requiring a great amount of security: encryption, anonymization, and such.

To be clearer: the enclave is NOT the place to make HTTP calls.

For example, let's say your app calls an API, retrieves encrypted data, and decrypts it. The process would be the following (T = trusted = the enclave, U = untrusted = the app)

  • U: make the API call, retrieve the data
  • U: launch the enclave
  • U: pass the encrypted data to the enclave
  • T: receive the encrypted data, process it

In other words, the enclave must be reserved for the sensitive part of the process, leaving the rest to the untrusted part of the app.

X99
  • 905
  • 10
  • 24