Lines

TEE 101: How Intel SGX works and why we use it at Integritee

Industry InsightsFebruary 23, 2022
New image

Integritee uses a technology known as trusted execution environments (TEEs) to process sensitive data off-chain. But what exactly are TEEs and how do they work? In this post, we will take a look at one of the most common & powerful TEE architectures, which we also use at Integritee: Intel Software Guard Extensions (SGX).

Data in different states pose different cybersecurity challenges. End-to-end encryption can provide protection for data while it is in transit, or while it is being stored. But what about data that is currently in use? This is where TEEs come in.

Before an application can execute code on an encrypted dataset, the information must first be decrypted and loaded into system memory (or RAM) to be processed. This provides a window of opportunity for hackers or other third parties to view, intercept or modify the data while it is being processed in an unencrypted state.

Imagine a scenario for instance where you have uploaded some medical records to a database where all data is stored in encrypted form. Now let’s say that your doctor wants to run an application that checks whether a particular drug clashes with any of the existing medications you are currently taking. In order to do this, the application may need admin-level privileges to access the database, decrypt the data and load it into system memory for processing. If this system has been infected with malicious software, however, it may be possible for this rogue application to access the data in an unencrypted state while it is being processed. Intel SGX has been designed to guard against these types of software-based attacks.

SGX is a form of hardware-based encryption that is built-in to many Intel processors released in the last 7 years. It enables system memory to be split into so-called enclaves — private, hardware-encrypted areas within RAM. Enclaves operate a bit like a secret vault where applications can process sensitive data without the risk of it being exposed.

Each enclave is an isolated region within system memory that contains both code and data. Applications that harness this technology can make a call to the TEE using a trusted function — a piece of code created by a software developer that can be executed within an enclave. In the previously mentioned example, for instance, the trusted function might check your medical records within an enclave to detect any potential conflicting medications. The enclave then returns a value to the main application, such as “clash detached” or “no clash detected”.

                 Image: How Intel SGX enclaves process data. Source: Intel.

Only trusted functions are allowed to run in the enclave and the memory is otherwise unaddressable, meaning that any other attempt to access enclave data will automatically be rejected by the processor. The important thing to note here is that as encryption is taking place at a hardware level, it protects against software-based attacks. In effect, this means that even if a hacker has access to the entire operating system and BIOS of the system on which the TEE is running, confidential data will remain secret.

In addition, remote users can make use of a feature called “remote attestation”. This enables them to interface with a TEE from a remote system while having confidence that the application has not been tampered with and is running on a genuine TEE. However, this feature requires the service to be registered with the Intel Attestation Service.

So what does Integritee bring to the TEE party you might ask? Integritee democratizes access to the technology by enabling firms to leverage remotely attested TEEs without needing to individually register with the Intel Attestation Service. Blockchain developers and firms can create dApps with Integritee that process potentially sensitive data off-chain in a highly secure way. This can be harnessed for a wide range of use cases ranging from secure oracle services, to faster, more secure digital asset exchanges and much more besides.

To stay up to date with all technical updates to Integritee, follow us on LinkedIn or Twitter.

You Might Also Like

New image
Industry InsightsSeptember 01, 2024

Common European Data Spaces: Fostering Data Innovation & Collaboration in the EU

New image
Industry InsightsAugust 13, 2024

How Biometric Data Collection Can Be Dangerous — Even When Built With Blockchain

New image
Industry InsightsJuly 30, 2024

Hyperautomation: The Power of Blending AI, Blockchain, and RPA

New image
Industry InsightsJuly 18, 2024

Cybercrime on the Rise: Why Is Securing OT Systems Paramount?

New image
Industry InsightsJune 12, 2024

For the Greater Good: Using Blockchain for Social Change

New image
Industry InsightsJune 10, 2024

Bug Bounty Programs: How Outsourcing Can Help Your Project

New image
Industry InsightsMay 24, 2024

DePINs: Harnessing the Power of Connectivity to Build Real-World Applications

New image
Industry InsightsMay 02, 2024

MiCA & Other Crypto-Related Regulations: Striking the Right Balance

New image
Industry InsightsApril 23, 2024

DEXs on Polkadot: Leveraging the Power of Substrate & Shared Security

New image
Industry InsightsApril 16, 2024

Slot Auctions vs Coretime: What’s Changing for Polkadot Projects

New image
Industry InsightsMarch 19, 2024

DEXs: The What, The Why & The How of Decentralized Exchanges

New image
Industry InsightsMarch 02, 2024

The Potential of Tokenizing Assets: From Houses to Private Equity & Whisky

New image
Industry InsightsFebruary 16, 2024

Embracing Unpredictability: The Role of Randomness in Blockchain

New image
Industry InsightsFebruary 01, 2024

Uncovering Blockchain Consensus Mechanisms: Proof-of-Stake, Proof-of-Work & Beyond

New image
Industry InsightsJanuary 17, 2024

Decoding CBDCs: Advantages & Challenges in the Digital Monetary Landscape

New image
Industry InsightsDecember 19, 2023

Unleashing Scalability and Speed: The Importance of Layer 2 Blockchain Solutions

New image
Industry InsightsNovember 24, 2023

Bear With Us: Blockchain Technology is Still Relevant, Even when Crypto Declines

New image
Industry InsightsNovember 14, 2023

The Imperative for Privacy in Blockchain: TEEs & Privacy-Preserving Software

New image
Industry InsightsOctober 25, 2023

How Blockchain is Benefiting Numerous Industries: From Sustainability to Brand Quality Control

New image
Industry InsightsOctober 17, 2023

KYC in Web3: How DiD is Saving the Day for Projects & Companies

New image
Industry InsightsSeptember 13, 2023

Blockchain in Aerospace: Reducing Costs & Enhancing Efficiency

New image
Industry InsightsAugust 15, 2023

DAOs: How Fair can Decision-Making be and Why is Private Voting Essential?

New image
Industry InsightsMay 11, 2023

Web3 Bounties: Rewarding Developers with Tokens

New image
Industry InsightsApril 27, 2023

Digital Twins: Increasing Efficiency Without Compromising Privacy

New image
Industry InsightsJanuary 31, 2023

AI and Blockchain: The Combo of the Future

New image
Industry InsightsDecember 15, 2022

L2 in Blockchain: TEE Sidechains vs ZK Rollups

Lines