back to article You've heard of HTTPS. Now get a load of HTTPA: Web services in verified remote trusted environments?

Two Intel staffers believe web services can be made more secure by not only carrying out computations in remote trusted execution environments, or TEEs, but by also verifying for clients that this was done so. Software engineer Gordon King, and Hans Wang, a research scientist at Intel Labs, proposed the protocol to make that …

  1. john.jones.name
    Mushroom

    all terribly nice now how do you prevent Certificate Authorities screwing up

    if anyone tells me there is a certificate transparency log I'll laugh...

    basically you need a way to establish trust and frankly that requires a root or offline signing party and expensive safes (you know what they do for DNS party)

    this has been rehashed (boom boom) so many times

    1. John Robson Silver badge

      Re: all terribly nice now how do you prevent Certificate Authorities screwing up

      I'd be quite happy with DNSSEC protected text records providing the public key for any service.

      It's completely out of band and of all the groups in the world we have come to trust... those looking after the DNS root are pretty high on the list, and actually so are the major TLD bodies (theiving scum they might be, but they have historically provided a pretty good technical service in terms of DNS at any rate)

  2. oldtaku
    Stop

    Yeah, nice marketing

    I might be more interested in this if it didn't come from Intel, a company that constantly skimps on security in order to market segment (they're the reason consumer computers don't have ECC by default), whose 'security' features just open up buttloads more security holes (IME), and are desperate because they completely botched the last chip transition.

    And the whole 'trust' thing seems pretty easily fakeable by bad actors anyhow.

    1. ThatOne Silver badge
      Facepalm

      Re: Yeah, nice marketing

      > And the whole 'trust' thing seems pretty easily fakeable by bad actors anyhow

      This! ^^

      Criminals have been faking Microsoft's code signatures for several years, the very ones which were flaunted as the ultimate anti-virus weapon... This is no different, I guess it will be cracked before initial implementation is even finished.

      It's just an attempt to sell more Intel CPUs.

      1. Ken Hagan Gold badge

        Re: Yeah, nice marketing

        "Criminals have been faking Microsoft's code signatures for several years"

        Faking as in signing with Microsoft's keys or faking as in throwing together a self-signed certificate in the name of "Microsoft". I think the former would be og considerable interest to the cryptographic community whereas the latter ... just doesn't count.

        1. ThatOne Silver badge

          Re: Yeah, nice marketing

          > Faking as in signing with Microsoft's keys

          Well, it's right here at El Reg that I read recently again about some strand of malware which is signed with Microsoft keys so it can run under the radar. Sorry, don't recall the details, and don't know how exactly they did it since the article didn't mention it.

          Anyway, my (not perfect I admit) memory seems to tell me it's not the first time. I think other big "gatekeeper" signatures have been successfully faked (somehow) in the past, and this doesn't really surprise me, there is always a long way from a perfect (looking) theory to the usually quite imperfect implementation.

  3. Mike 137 Silver badge

    "HTTPA assumes the client is trusted and the server is not"

    Unless I'm much mistaken, at least in the commercial domain a big proportion (if not the majority) of attacks are initiated client side.

    The real problem still remaining to be solved is how to ensure secure processing on an untrustworthy client.

  4. A random security guy Bronze badge

    Intel can't even get there Secure Enclave secure on a single processor

    If Intel can't get their systems secure just for a simple OS, how can we trust that they do their entire computation on your behalf, including a large set of services, in a secure manner?

    Frankly, the concept is interesting but the devil is in the details. Moreover, it is just not possible for Intel to execute anything securely. Their bean counters will be pushing for higher speeds and will run over their security people.

  5. Peter Gathercole Silver badge

    Secure enclaves (which seem to be a part of this proposed enhancement) should not really be required. If the address space segregation of the OS and the hardware it runs on is adequate, then it should not be possible for one process to spy on another, much less alter the memory contents.

    Of course, it your processor or memory segregation had flaws which weaken the OS's protections, as has been repeatedly demonstrated on Intel (and other) processor families, then this may be a mitigation.

    So it sounds like a hack to overcome other flaws in their own processors.

    The other issue of trusting the code that runs is a different issue, and there are many ways of doing this. What this protocol does is allow a client to check that the server-side code is untainted, which may have some merit if you can't trust that the servers you're talking to. But it seems to rely on a third party (the CA), and that has issues such as denial of service attacks.

    1. Omidia

      I think the idea of a secure enclaves, a special area with a significant reduced attack surface, has merit when we're dealing with systems that inevitably will have bugs given their complexity.

      1. ThatOne Silver badge

        And what about the bugs of the secure enclaves?

        Oh, you need to buy a new processor to fix those? I see, it's a win-win situation, for Intel...

        Not that I have anything against Intel. Writing this on an Intel computer. Still sounds like a stupid "lets find a problem for this solution" type idea.

  6. Frozit

    Not really sure why

    Not really sure why or what perceived problem this is solving.

    Not trusting the environment that the server is running in. This is not even on my top 10 list of concerns.

    Looks to me like someone who has been focusing on the side channel issues with CPUs is trying to make the fact the server is now running in a fixed envinronment is something you seriously care about. Either they are so deep into the issue that they can't see anything else, or it is Intel trying to make new CPU versions "important".

    1. sreynolds

      Re: Not really sure why

      Probably a marketing back hole.

  7. Snowy Silver badge
    Coat

    Very nice

    Your can be sure the software your running is the software you want to run but can you be sure the software is secure?

  8. Binraider Silver badge

    S and A are next to each other on many English, if not international keyboards. Many browsers also don't bother showing the URL protocol and prefix anymore in the address bar.

    Am I the only one sensing a perfect way to impersonate something, without being the thing intended at all?

    Technologically the idea is sound but from a very, very basic user perspective one can poke holes quite easily.

  9. analyzer
    Facepalm

    So which SGX?

    I mean is it this one

    2020

    or this one

    2021

    I mean, they can't be the same one Intel are referencing since that one must be secure and we all know that Intel would never tell a lie just to sell silicon.

  10. Mikel

    Reflections On Trusting Trust - Brian Kernighan

    Trust: The opportunity you give another to do harm.

    When you trust the network you have strayed from the path of righteousness. Repent.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021