A Smart Solution to Integrate the Open Source Crypto to the Next-Generation Intel Technology (S30c)
Intel SGX is a trusted execution environment developed by Intel that enhances protection against disclosure or modification of data by partitioning the application into CPU-hardened enclaves and offering much higher levels of security. SGX provides unprecedented levels of security for storing cryptographic secrets in general-purpose computers. OpenSSL is an open-source cryptographic software library which is a well-known starting point for FIPS 140-2 certified products. May be possible to combine the advantages of both projects to quickly certify such a novel technology, creating the first OpenSSL based certified cryptographic module that handles the secrets always encrypted in protected memory regions?
This presentation will describe how we have carried out the smart integration of the Intel SGX technology to the OpenSSL source code specifying on the one hand, what issues were encountered during the integration process and how they were solved and, on the other hand, how this was embodied in the FIPS 140-2 documentation in order to face the FIPS 140-2 evaluation with success. The presentation will encompass the following sections: – A brief introduction to Intel SGX and Open SSL. – A definition of what problems were found during the OpenSSL integration to Intel SGX and how they were solved. – A definition of what issues were found during the FIPS 140-2 certification process and how they were solved.