TEE 101: How Intel SGX works and why we use it at Integritee

Industry InsightsFebruary 23, 2022
New image

Integritee uses a technology known as trusted execution environments (TEEs) to process sensitive data off-chain. But what exactly are TEEs and how do they work? In this post, we will take a look at one of the most common & powerful TEE architectures, which we also use at Integritee: Intel Software Guard Extensions (SGX).

Data in different states pose different cybersecurity challenges. End-to-end encryption can provide protection for data while it is in transit, or while it is being stored. But what about data that is currently in use? This is where TEEs come in.

Before an application can execute code on an encrypted dataset, the information must first be decrypted and loaded into system memory (or RAM) to be processed. This provides a window of opportunity for hackers or other third parties to view, intercept or modify the data while it is being processed in an unencrypted state.

Imagine a scenario for instance where you have uploaded some medical records to a database where all data is stored in encrypted form. Now let’s say that your doctor wants to run an application that checks whether a particular drug clashes with any of the existing medications you are currently taking. In order to do this, the application may need admin-level privileges to access the database, decrypt the data and load it into system memory for processing. If this system has been infected with malicious software, however, it may be possible for this rogue application to access the data in an unencrypted state while it is being processed. Intel SGX has been designed to guard against these types of software-based attacks.

SGX is a form of hardware-based encryption that is built-in to many Intel processors released in the last 7 years. It enables system memory to be split into so-called enclaves — private, hardware-encrypted areas within RAM. Enclaves operate a bit like a secret vault where applications can process sensitive data without the risk of it being exposed.

Each enclave is an isolated region within system memory that contains both code and data. Applications that harness this technology can make a call to the TEE using a trusted function — a piece of code created by a software developer that can be executed within an enclave. In the previously mentioned example, for instance, the trusted function might check your medical records within an enclave to detect any potential conflicting medications. The enclave then returns a value to the main application, such as “clash detached” or “no clash detected”.

                 Image: How Intel SGX enclaves process data. Source: Intel.

Only trusted functions are allowed to run in the enclave and the memory is otherwise unaddressable, meaning that any other attempt to access enclave data will automatically be rejected by the processor. The important thing to note here is that as encryption is taking place at a hardware level, it protects against software-based attacks. In effect, this means that even if a hacker has access to the entire operating system and BIOS of the system on which the TEE is running, confidential data will remain secret.

In addition, remote users can make use of a feature called “remote attestation”. This enables them to interface with a TEE from a remote system while having confidence that the application has not been tampered with and is running on a genuine TEE. However, this feature requires the service to be registered with the Intel Attestation Service.

So what does Integritee bring to the TEE party you might ask? Integritee democratizes access to the technology by enabling firms to leverage remotely attested TEEs without needing to individually register with the Intel Attestation Service. Blockchain developers and firms can create dApps with Integritee that process potentially sensitive data off-chain in a highly secure way. This can be harnessed for a wide range of use cases ranging from secure oracle services, to faster, more secure digital asset exchanges and much more besides.

To stay up to date with all technical updates to Integritee, follow us on LinkedIn or Twitter.

You Might Also Like

New image
Industry InsightsSeptember 13, 2023

Blockchain in Aerospace: Reducing Costs & Enhancing Efficiency

New image
Industry InsightsAugust 17, 2023

Series 1 – All you need to know about TEEs | Episode 3 – TEE Technologies

New image
Industry InsightsAugust 03, 2023

Series 1 – All you need to know about TEEs | Episode 2 – TEE Use Cases

New image
Industry InsightsJuly 11, 2023

Series 1 – All you need to know about TEEs | Episode 1 – Introduction to TEEs

New image
Industry InsightsMay 11, 2023

Web3 Bounties: Rewarding Developers with Tokens

New image
Industry InsightsApril 27, 2023

Digital Twins: Increasing Efficiency Without Compromising Privacy

New image
Industry InsightsJanuary 31, 2023

AI and Blockchain: The Combo of the Future

New image
Industry InsightsDecember 15, 2022

L2 in Blockchain: TEE Sidechains vs ZK Rollups

New image
Industry InsightsAugust 16, 2022

Blockchain: Back to Basics

New image
Industry InsightsJuly 27, 2022

From Web 2.0 to Web3: A Step Forward

New image
Industry InsightsJuly 07, 2022

XCM Integration: What Is It and How Does It Work?

New image
Industry InsightsJune 20, 2022

Here’s What You Need to Know About XCM Integration on Polkadot

New image
Industry InsightsJune 15, 2022

How Can Integritee Help Prevent Fraud Schemes?

New image
Industry InsightsMay 16, 2022

How Integritee combines the benefits of Web2 and Web3 technologies

New image
Industry InsightsMarch 08, 2022

Event Series: Learn How Integritee Is Taking Gaming to the Next Level With Ajuna

New image
Industry InsightsOctober 14, 2021

Confidential Computing Will Secure Our Secrets in Web3

New image
Industry InsightsAugust 12, 2021

Divided We Fall? – Why Crypto Exchanges Should Work Together