Overview

Intel SGX is a hardware-level enclave that isolates selected code and data within a system–similar to a hardware security module (HSM) from the operating system. Intel SGX is designed to protect the cryptographic material, the cryptographic algorithm, and the execution of sensitive parts of the software from both hackers and insiders, such as rogue admins.

Compared to an HSM, Intel SGX offers a variety of benefits, including:

• Protection of next-generation cryptographic algorithms, such as MPC and zero-knowledge proofs.
• The ability to isolate and protect policy engines, whitelisting databases, and workflows from insiders and hackers.
• Strong, hardware-isolated user authentication by the end-to-end attestation of secure enclaves (ARM TrustZone) in mobile devices and hardware tokens, such as Yubikey.
• A high degree of scalability across public clouds and on-premises deployments, increasing security, availability, and redundancy.

In general, SGX offers a great deal of operational flexibility while providing the security associated with a traditional HSM. For digital asset businesses that require the highest level of hardware-based security in tandem with speed and flexibility, SGX is a very strong option.

Using SGX enclaves on a minimum of three to five machines (each on a segregated network), Fireblocks distributes private keys with an extremely high level of security. Since the keys are stored in the SGX enclave which encrypts its memory space and data, the keys cannot be extracted even if malware or a hacker has control over the server’s operating system. Fireblocks also utilizes SGX to secure API keys. In the trusted execution environments (TEEs) where Fireblocks stores these exchange credentials, the information cannot be retrieved by hackers, inside colluders, or even Fireblocks employees.

Runtime execution

In this example, at runtime, the Intel SGX instructions build and execute the enclave inside a special encrypted memory region with restricted entry/exit locations defined by the developer. This helps prevent data leakage since data is only in plain text when isolated and protected by the SGX enclave. Upon exit from the enclave, the data is encrypted. Snoops on the memory bus or system memory will only find ciphertext.

1. The application is built with trusted (enclave) and untrusted parts.
2. The application runs and creates the enclave, which is placed in trusted memory.
3. The trusted function is called, and execution transitions to the enclave.
4. The enclave clearly sees all processing data. The technology helps to deny external access to enclave data.
5. The trusted function returns, and the enclave data remains in trusted memory.
6. The application continues normal execution.