SSUKey: A CPU-Based Solution Protecting Private Keys on Untrusted OS

  • Huorong Li
  • Wuqiong PanEmail author
  • Jingqiang Lin
  • Wangzhao Cheng
  • Bingyu Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10631)


With more and more websites adopt private keys to authenticate users or sign digital payments in e-commerce, various solutions have been proposed to secure private keys – some of them employ extra specific hardware devices while most of them adopt security features provided by general OS. However, users are reluctant to extra devices and general OS is too complicated to protect itself, let alone the private keys on it. This paper proposes a software solution, SSUKey, adopting CPU security features to protect private keys against the vulnerabilities of OS. Firstly, threshold cryptography (TC) is employed to partition the private key into two shares and two Intel SGX enclaves on local client and remote server are used to secure the key shares respectively. Secondly, the two enclaves are carefully designed and configured to mitigate the vulnerabilities of Intel SGX, including side channel and rollback. Thirdly, an overall central private key management is designed to help users globally monitor the usage of private keys and detect abnormal behaviors. Finally, we implement SSUKey as a cryptography provider, apply it to file encryption and Transport Layer Security (TLS) download, and evaluate their performance. The experiment results show that the performance decline due to SSUKey is acceptable.


Trusted Execution Environment (TEE) Intel SGX Trusted computing Threshold cryptography Key protection 



We thank the anonymous reviewers for their helpful feedback. The work was partially supported by the National Basic Research 973 Program of China (No. 2014CB340603) and the National Natural Science Foundation of China (No. 61772518).


  1. 1.
    Stratistics MRC: Digital Signature - Global Market Outlook (2016–2022). Accessed Sept 2017
  2. 2.
    Services that Integrate with the YubiKey. Accessed Sept 2017
  3. 3.
  4. 4.
    Hofmann, O., et al.: InkTag: secure applications on an untrusted operating system, vol. 41, pp. 265–278. ACM (2013)Google Scholar
  5. 5.
    McCune, J., et al.: TrustVisor: efficient TCB reduction and attestation. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 143–158. IEEE (2010)Google Scholar
  6. 6.
    Anati, I., Gueron, S., Johnson, S., Scarlata, V.: Innovative technology for CPU based attestation and sealing. In: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, vol. 13 (2013)Google Scholar
  7. 7.
    Hoekstra, M., et al.: Using innovative instructions to create trustworthy software solutions, p. 11 (2013)Google Scholar
  8. 8.
    McKeen, F., et al.: Innovative instructions and software model for isolated execution. In: HASP@ ISCA, p. 10 (2013)Google Scholar
  9. 9.
    Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive, 2016:86 (2016)Google Scholar
  10. 10.
    Schwarz, M., et al.: Malware guard extension: using SGX to conceal cache attacks. arXiv preprint arXiv:1702.08719 (2017)
  11. 11.
    Brasser, F., et al.: Software grand exposure: SGX cache attacks are practical. arXiv preprint arXiv:1702.07521 (2017)
  12. 12.
    Xu, Y., Cui, W., Peinado, M.: Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 640–656. IEEE (2015)Google Scholar
  13. 13.
    Intel: SGX documentation: SGX create monotonic counter. Accessed Sept 2017
  14. 14.
    Skorobogatov, S.: The bumpy road towards iPhone 5c NAND mirroring. arXiv preprint arXiv:1609.04327 (2016)
  15. 15.
    Shen, S. (ed.): SM2 Digital Signature Algorithm (draft 02) (2014).
  16. 16.
    Shen, S. (ed.): SM3 Hash function (draft 01) (2014).
  17. 17.
    Tse, R.: The SM4 Block Cipher Algorithm and Its Modes of Operations (draft 01) (2014).
  18. 18.
    Dierks, T.: RFC 5246: the transport layer security (TLS) protocol. The Internet Engineering Task Force (2008)Google Scholar
  19. 19.
    Barker, E., Kelsey, J.: Recommendation of random number generation using deterministic random bit generators. NIST SP800-90A, June 2015Google Scholar
  20. 20.
    Weiser, S., Werner, M.: SGXIO: Generic Trusted I/O Path for Intel SGX. arXiv preprint arXiv:1701.01061 (2017)
  21. 21.
    Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3 (draft 21) (2017).
  22. 22.
    Lin, J., et al.: Signing and decrypting method and system applied to cloud computing and based on SM2 algorithm (2014). CN Patent CN104243456A
  23. 23.
    Li, D., Morton, P., Li, T., Cole, B.: Cisco hot standby router protocol (HSRP) (1998)Google Scholar
  24. 24.
    Matetic, S., et al.: ROTE: rollback protection for trusted execution. IACR Cryptology ePrint Archive 2017:48 (2017)Google Scholar
  25. 25.
    Li, W., et al.: Building trusted path on untrusted device drivers for mobile devices. In: APSys 2014. ACM (2014)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Huorong Li
    • 1
    • 2
    • 3
  • Wuqiong Pan
    • 1
    • 2
    Email author
  • Jingqiang Lin
    • 1
    • 2
  • Wangzhao Cheng
    • 1
    • 2
    • 3
  • Bingyu Li
    • 1
    • 2
    • 3
  1. 1.Data Assurance and Communication Security Research CenterBeijingChina
  2. 2.State Key Laboratory of Information Security, Institute of Information EngineeringCASBeijingChina
  3. 3.School of Cyber SecurityUniversity of Chinese Academy of SciencesBeijingChina

Personalised recommendations