Publication: Secure enclave for TLS web server on untrusted environment
Issued Date
2017-11-24
Resource Type
Other identifier(s)
2-s2.0-85041836056
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
ACM International Conference Proceeding Series. (2017), 27-31
Suggested Citation
Chiraphat Chaiphet, Sudsanguan Ngamsuriyaroj, Ahmed Awad, Betran Jacob, Loannis Gakos, Wiktor Grajkowski Secure enclave for TLS web server on untrusted environment. ACM International Conference Proceeding Series. (2017), 27-31. doi:10.1145/3163058.3163063 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/42264
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
Secure enclave for TLS web server on untrusted environment
Other Contributor(s)
Abstract
© 2017 Copyright is held by the owner/author(s). Web servers use SSL/TLS to establish secure communication between clients and servers. The mechanism of SSL/TLS relies on a key pair to validate the server and to protect the confidentiality of the data. However, many websites are running on third-party servers or on cloud environments where website owners have no control over the physical servers or the software including the operating systems but still need to trust and store the private key on the servers. While it is common to store the encrypted key on the disk, the web server still need a decrypted key inside the memory during the operation. Thus, an adversary could obtain the private key residing on the web server's memory. In this paper, we propose a secure enclave for a web server running the high privilege code that handles the secret keys inside an encrypted memory area by utilizing Intel Software Guard Extension (SGX) whereas other components of the web server outside the trusted computing base are left intact. The experimental results show 19% to 38% implementation overhead depending on which cipher suite is used and how a session key is handled.