Engineers from Intel have proposed a new HTTPA protocol (HTTPS Attestable), which extends HTTPS with additional security guarantees for performed calculations. HTTPA allows you to guarantee the integrity of the processing of a user request on the server and make sure that the web service is trustworthy and that the code running in the TEE (Trusted Execution Environment) environment on the server has not been changed as a result of hacking or sabotage by the administrator.
HTTPS protects the transmitted data during transmission over the network, but cannot exclude the violation of their integrity as a result of attacks on the server. Isolated enclaves created with technologies such as Intel SGX (Software Guard Extension), ARM TrustZone, and AMD PSP (Platform Security Processor) provide the ability to protect critical computing and reduce the risk of confidential information being leaked or modified at the end node.
HTTPA to guarantee the reliability of the transmitted information allows you to use the means of attestation provided in Intel SGX, confirming the authenticity of the enclave in which the calculations were made. In essence, HTTPA extends HTTPS with the possibility of remote enclave attestation and allows you to verify that it is running in a genuine Intel SGX environment and that the web service can be trusted. The protocol is initially developed as a universal one and, in addition to Intel SGX, can also be implemented for other TEE systems.
In addition to the process of establishing a secure connection, which is standard for HTTPS, HTTPA additionally requires the negotiation of a trusted session key. The protocol introduces a new HTTP method "ATTEST", which allows you to process three types of requests and responses:
- "preflight" to check if the remote side supports enclave attestation;
- "attest" to agree on attestation parameters (selection of a cryptographic algorithm, exchange of session-unique random sequences, generation of a session identifier and transfer of the enclave's public key to the client);
- "trusted session" - the formation of a session key for a trusted exchange of information. The session key is formed on the basis of a previously agreed pre-session secret generated by the client using the TEE public key received from the server and random sequences generated by each party.
HTTPA implies that the client is trustworthy and the server is not, i.e. the client can use this protocol to verify calculations in a TEE environment. At the same time, HTTPA does not guarantee that the rest of the calculations performed in the process of the web server operation, performed not in TEE, have not been compromised, which requires a separate approach to the development of web services. Thus, HTTPA is mainly aimed at use with specialized services that have increased requirements for the integrity of information, such as financial and medical systems.
For situations where calculations in TEE must be confirmed for both the server and the client, a variant of the mHTTPA (Mutual HTTPA) protocol is provided that performs two-way verification. This option is more complicated due to the need for two-way generation of session keys for the server and client.
Source: opennet.ru