Spectre and Meltdown
The recent discovery of Spectre and Meltdown has once again highlighted the fact that we have a huge trust problem in our systems. In an idealized view of the world, software provides isolation between different processes, VMs and so on, and this isolation can ensure the privacy of one’s data. Furthermore, in cases where the operating system itself may be compromised (or where there is fear of software bugs that enable an attacker to takeover a system), one can use a trusted execution environment like Intel SGX to protect secrets. Unfortunately, this idealized view does not at all reflect the real world that we live in. This is due to the fact that not only doesn’t software provide isolation, but modern hardware essentially makes it impossible to achieve such isolation. This is because the hardware actually introduces dependencies between different processes via shared cache, speculative execution, and more. As a result, even perfect software sandboxing cannot prevent one process from stealing the secrets from another. To make this even worse, the above holds even if one of the processes is executed within a trusted execution environment like SGX, since secure enclaves also share resources and thus are not truly isolated.
Trusted Execution Environments Aren’t Sufficient for Today’s Environment
Although the above all sounds very theoretical, over the past few years we have seen a massive explosion in the number and sophistication of software side-channel attacks (see here for a comprehensive list). These attacks successfully extract secrets from other processes running on the same physical machine, without breaching the victim process. Spectre and Meltdown are the two most recent attacks of this kind, and they are extremely effective at extracting private memory from another process. To make it worse, the Spectre attack has no software mitigation whatsoever (a patch issued for Meltdown mitigates – but does not completely solve – that attack, but Spectre currently has no mitigation at all). Thus, this is a problem that the hardware manufacturers have to fix, and that’s a long and difficult process. It is important to note as with other software side-channel attacks, trusted execution environment also suffer from these attacks. In fact, just a few days after Spectre was announced, a successful Spectre attack against a secure enclave running on SGX was also released. Thus, trusted execution environments are not sufficient to protect secrets in today’s environment.
Multiparty Computation (MPC) Provides an Alternative to HSMs
The bottom line is that computation leaks and isolation is not achievable, without having a separate dedicated processor (e.g., like the iPhone secure enclave). HSMs provide a strong level of security for cryptographic secrets since they have a completely isolated boundary, and no other code can run inside them. However, in modern virtualized environments, HSMs are often highly undesirable for management and cost reasons. Unbound uses MPC technology to offer an HSM alternative that splits secrets between two or more machines and uses the secret information without ever bringing it together. All of Unbound’s MPC protocols have a mathematical proof of security, guaranteeing that an attacker must compromise both machines simultaneously in order to learn anything about the secret. This can be made very hard by introducing strong separation between the machines running the MPC protocol. Although an idealized world with trust is a world that we would like to live in, our reality dictates that we cannot trust that secrets will not be stolen from any process running without complete isolation – even if that process is running in is a so-called trusted environment.
For more information about software side channel attacks against SGX and their consequences, see the following white paper, entitled The Security of Intel SGX for Key Protection and Data Privacy Applications.