A trusted execution environment, or TEE, is a secure area of a computer’s hardware or software that is used to store and execute sensitive data and code, protecting the sensitive information and code from being accessed by unauthorized parties or modified in any way.
A security enclave is a similar concept, but specifically refers to a hardware-based isolation technology, such as Intel SGX or AMD SEV, that provides a way for applications to run in a protected environment, that is separate from the rest of the system. This allows the application to securely store and process data without fear of interference from other processes or the operating system itself.
One of the main differences between a TEE and a security enclave is the way that they are implemented. A TEE can be implemented using either hardware-based or software-based approaches, such as virtualization or containers, whereas a security enclave is specifically a hardware-based technology.
In software-based approaches, the secure section is created using software mechanisms, that isolate the application from the rest of the system, providing a similar level of protection.
Another difference is that a TEE can provide a wider range of security features beyond just isolation, such as encryption and authentication. A security enclave, on the other hand, primarily focuses on providing isolation for applications.
Intel SGX and AMD SEV
Intel SGX, or Software Guard Extensions, is a technology developed by Intel that provides a way for applications to run in a secure, isolated area of memory called — enclave. This allows the application to protect sensitive data and code from being accessed by other processes or by the operating system itself.
SGX works by creating a secure area of memory, called an enclave, where an application can run. This enclave is protected by a set of cryptographic keys that are unique to the application and the system it is running on. When an application is executed, it is sealed inside the enclave, where it can run securely without fear of interference from other processes or the operating system.
SGX is considered to be a highly secure technology, as it uses strong cryptography and hardware-based isolation to protect the enclave from external threats. However, like any security technology, it is not completely invulnerable and there have been some criticisms of its security.
One potential disadvantage of SGX is that it is only available on Intel processors, which means that it is not an option for users of other processor architectures, such as AMD. However, AMD has also introduced a solution of its own — Secure Encrypted Virtualization (SEV). SEV is a similar technology, that also provides hardware-based isolation for applications.
One of the main differences between the two technologies is the way that they provide isolation for applications. SGX uses a hardware-based approach, where the enclave is protected by cryptographic keys that are unique to the application and the system it is running on. SEV, on the other hand, uses a software-based approach, where the virtual machine is isolated using encryption.
Overall, both SGX and SEV provide similar functionality and can be used to securely isolate applications. However, the specific details of their implementation and the hardware they are available on can vary.
Security
Enclaves are extremely safe environments for working with data. Access control is imposed inside these trusted memory parts, and not even physical access is sufficient to get hold of the protected data.
What makes enclaves secure is the automatic hardware encryption. For instance, the SGX technology uses the CPU to encrypt the information and store the key inside it. Hence, an external party cannot acquire the key and compromise the data.
This means that not even the cloud provider can gain access. Moreover, once the application exits or instructs the destruction of an enclave, all the information is lost with it.
Remote attestation
Additionally, TEEs include a feature called remote attestation, which allows a remote party to verify the integrity and security of an enclave. Remote attestation works by allowing the remote party to send a request to the enclave, asking it to provide proof of its identity and integrity. The enclave then responds by providing a cryptographic signature that is based on the enclave’s unique identity and a set of measurements of the enclave’s code and data.
The remote party can then verify the signature using a public key provided by the enclave. If the signature is valid, it indicates that the enclave is authentic and has not been tampered with, allowing the remote party to trust the enclave and its data.
The benefits of remote attestation include the ability to verify the authenticity and integrity of an enclave, as well as providing a way for the remote party to trust the enclave and its data. This can help to improve the security of TEE-based systems, particularly in cases where the remote party needs to trust the enclave but does not have direct control over it.
One potential limitation of remote attestation is that it relies on the security of the enclave itself. If the enclave has been compromised in some way, such as by a hardware or software vulnerability, it may not be able to provide a valid signature and the remote party may not be able to trust the enclave.
Memory encryption
One of the features of TEE-based processors is memory encryption, which provides a way for the processor to encrypt the memory of a server to protect it from unauthorized access. Memory encryption works by using a hardware-based encryption engine to encrypt the data in a server’s memory. This encryption engine is integrated into the processor itself, and uses a set of cryptographic keys that are unique to the processor to encrypt and decrypt the data in memory.
When data is written to memory, it is automatically encrypted by the encryption engine. When the data is later read from memory, it is automatically decrypted by the engine, allowing it to be accessed by the processor in its original form.
The use of memory encryption in processors provides a number of benefits, including improved security and better protection against memory-based attacks.
By encrypting the data in memory, it becomes much harder for attackers to access or tamper with the data, even if they are able to gain physical access to the server’s memory modules.
How it works
When developing a TEE-supported application, the programmer can choose what to enclave. Every TEE application has two parts — untrusted part and trusted part.
The untrusted part is responsible for the enclave creation and system-wide communication. From here, an application calls only the specific trusted functions to access the data.
The trusted part stores the enclave created for processing sensitive data. The code and data are shown in clear text exclusively inside the enclave. The data that a trusted function returns stays in this secure memory area. The CPU rejects all external requests, and the enclave remains protected. The application then resumes working in the untrusted part where it no longer has the insight into the sensitive data.
The application part that receives the secured data is in the untrusted section. An application can store the data outside the enclave once the CPU encrypts it. The encryption key stays in the enclave that contains the decrypting code and necessary algorithm. Therefore, the decryption is only possible on the same system where the data was sealed.
The communication between the trusted and untrusted parts of a trusted execution environment, or TEE, is typically handled using a secure communication channel. This channel is used to transfer data and messages between the trusted and untrusted parts of the TEE, allowing them to interact with each other while still maintaining the security of the TEE. The specific details of the communication channel will depend on the implementation of the TEE.
In some cases, the communication channel may be implemented using a dedicated hardware component, such as a secure communication module or a trusted platform module (TPM).
In other cases, the communication channel may be implemented using software, such as a secure communication protocol. This can provide a flexible and scalable way to transfer data between the trusted and untrusted parts of the TEE.
Use cases
Since the data is protected while in use, TEE is suitable for sharing information across multiple organizations. This model improves the control over which data to share, who can see it, for how long, and for what purpose.
TEEs are commonly used in a variety of domains, that require a high level of security and privacy, including military and healthcare. For example, the University of California-San Francisco used an Intel SGX-based service to validate AI-enhanced medical device algorithms with multiple third-party data sets, while preserving patient privacy and protecting the AI model’s IP.
Also, leading cloud providers such as Microsoft Azure, Alibaba Cloud, IBM Cloud, OVH and more now offer Confidential Computing services protected with Intel SGX.
The technology continue to be supported in future single- and multi-socket Intel Xeon platforms, focusing on servers. For the client platforms, Intel shifted our security roadmap away from Intel SGX to focus on purpose-built security technologies aligned with key PC ecosystem partners and client use cases.
Blockchain
TEEs are also commonly used in the blockchain ecosystem to enable secure off-chain computations. This allows blockchain-based applications to perform sensitive computations, such as those involving private keys or sensitive data, without exposing the data to the rest of the network.
Another way TEEs are used in the blockchain ecosystem to provide an additional layer of security and provide a secure, isolated environment for applications to run, enabling the development of privacy-preserving applications. Good examples are Phala Network and Secret Network. In both, the TEE is used to enable a feature called “secret contracts” or “private smart contracts". These contracts are smart contracts that are able to securely store and process sensitive data, such as confidential business information or personal information, without revealing the data to the rest of the network. This allows the network to support a wide range of privacy-preserving applications, such as credit scoring, supply chain management, and privacy-preserving analytics.
One of the main differences between Phala Network and Secret Network is the specific technology they use to implement their TEEs. Phala Network uses a technology called WASM, or WebAssembly, to implement its TEE, while Secret Network uses a technology called Enigma to implement its TEE.
Another difference is the specific type of privacy-preserving computations that each platform supports. Phala Network is focused on enabling private smart contracts, which allow applications to securely store and process sensitive data without revealing it to the rest of the network. Secret Network, on the other hand, is focused on enabling secret contracts, which are similar to private smart contracts but also support secure off-chain computations.
Overall, while Phala Network and Secret Network are similar in many ways, they have some key differences in their technology and focus. Both platforms provide valuable tools for enabling privacy-preserving computations on the blockchain, but they are tailored to different specific use cases and applications.
Overall
Overall, security enclaves are a useful tool for protecting sensitive data and enabling secure computing in a variety of contexts. They provide an additional layer of security that can help to prevent unauthorized access and protect against threats such as malware and other attacks.
By providing a secure and reliable way to store and process sensitive data and code, TEE can help to prevent unauthorized access and tampering, which can be a major concern in decentralized networks.
However, like any security technology, security enclaves have some risks and limitations. One potential risk is that the hardware or software implementation of the enclave could contain vulnerabilities that could be exploited by attackers. And while security enclaves provide an additional layer of security, they are not completely invulnerable and should be used as part of a broader security strategy and can be limited by the overall security of the system it is running on.
