FACULTY OF AUTOMATION AND COMPUTER SCIENCE

COMPUTER SCIENCE DEPARTMENT

Diploma project PROPOSAL:

Anonymous Teacher Evaluation Platform

based on Intel® SGX
Author: Cristian-Teodor FĂRCAȘ
Advisor: Assist. Prof. Dr. Eng. Adrian COLEȘA

1. Project Purpose and Objectives

The main objective of this project is to provide a real world example of the capabilities
offered by Intel® Security Guard Extensions (SGX). It aims to provide a platform for the
university which can be accessed by people (students, teachers, admins) using their usual
accounts while also maintaining their privacy. The platform will facilitate the reviewing of the
courses together with the teachers by the students.
Moreover, in order to gain users' trust, the platform must provide means to prove the
authenticity of the system, thus guaranteeing that it handles the sensible data as intended and
does not leak any private information in untrusted environments.

2. Motivation and Technical Approach

Much of this project’s motivation can be summarized in the following objectives:
 Allow access to the platform without requiring special codes
Access codes must be generated for each possible enrolment of the students. Then,
these codes must be distributed to the students. After they received the codes, students
must keep them safe and remember to actually use them. This kind of work is
required for each review session and presents substantial work and overhead for
everyone involved. Providing a way to separate the user from the feedback he
provides eliminates this.

 Allow students to see or update reviews they already performed

This is similar to one of the internet voting problems. Users (in this case students)
must be able to check (and also modify) the data they sent to the system. Doing this,
we enhance the trust of users by allowing them to see that the system actually
registers the feedback they provide.

 Enable users to verify the authenticity of the system

An important part in building a system that ensures privacy and also in gaining the
trust of the users is the attestation. In order for people to be honest during the review
process, they must trust the system to preserve their privacy. Besides making the code
public to the users, they must also be able to verify that this is the code that is actually
running.

1
 FACULTY OF AUTOMATION AND COMPUTER SCIENCE
COMPUTER SCIENCE DEPARTMENT

 Streamline the entire review process

A considerable number of students avoid providing useful feedback for the sole
reason that it is too complicated to do so. Providing a more quick and intuitive way to
rate the courses they attend will certainly increase the number of students willing to
provide feedback, thus increasing the overall attention this process receives.

The technical approach is based on Intel® Security Guard Extensions which has the
capability to execute code and process data in an isolated environment. This means that it is
able take as input encrypted data (in this case students' reviews), decrypt it, and provide as
output the result that will be passed to teachers without permitting anyone to observe the
intermediate steps. Also, in order to assure students that the feedback they provide is indeed
processed using the Intel® SGX on a machine that belongs to the expected entity (in this case
Technical University of Cluj-Napoca), attestation functionality is provided by the platform in
conjunction with the attestation service provided by Intel®.

3. Related Work
Since Intel Security Guard Extensions[1] was made available in 2015 with the 6th
generation of Intel CPUs, several projects were developed based on it. Also several articles
and papers demonstrating its usage and benefits, but also its flaws were made available. Some
of these are:
 The Intel white paper presented back in 2013[2]. It addresses the need for such
technology and mainly discusses details concerning enclave attestation and sealing
techniques.
 In [3], the author explains the processes involved in attestation of the enclave. He also
introduces the Intel Attestation Verification Service which can be used to attest the
authenticity of an enclave. The service is based on Intel Enhanced Privacy ID (EPID).
The paper outlines the services infrastructure Intel has constructed to support the
initial implementations of the Intel R SGX technology.
 The white paper [4] presents a memory encryption engine design - the one being used
by SGX capable processors to encrypt the EPC. The base of the engine is described in
detail and consists of the following: an integrity tree, the cryptographic primitives that
realize the encryption, the Message Authentication Code (MAC), and the anti-replay
mechanism. The authors also discuss possible attacks and how the presented model is
able to avoid them.
 [5] is a graduate thesis that thoroughly explains the Intel SGX technology. It covers
everything the technology has to offer in detail and discusses possible flaws of it. One
of them is concerning the Intel's attestation model and it is also discussed in [6]. Also
a big concern expressed in both references is regarding the power Intel has in the
attestation process since this requires a software licensing.

2
 FACULTY OF AUTOMATION AND COMPUTER SCIENCE
COMPUTER SCIENCE DEPARTMENT

4. Needed Resources
For the development of this project we use of the following resources:
 Intel® Security Guard Extensions for building the trusted environment of the platform
 IntelliJ IDEA – the Java IDE for building the backend
 Spring Boot – useful framework for any Java application
 AngularJS – used for building the frontend
 REST – the API exposed by the backend is based on this architectural style
 MySQL – relational database management system
 OpenSSL – cryptography and SSL/TLS toolkit. Used to generate RSA keys (the
private key is stored in the enclave while the public one is used by the client
application) and to create self-signed certificates which were used in the remote
attestation process

5. Expected results
The resulting platform should provide the complete functionality required to cover the
entire review process. With the help of Intel Security Guard Extensions and all the used
technologies, unnecessary work like generating and distributing access codes can be eliminated
which leads to a highly streamlined usage. This will most likely attract more students to provide
feedback and maybe even become more interested in what the university has to offer.

6. Project Timeline

Week(s) To do
1 oct – 7 oct First discussion with supervisor. Choosing the project subject
8 oct – 23 dec Study the technology. Bibliographic study
7 jan – 10 feb = session =
11 feb – 24 feb Install the required software. Run some examples
25 feb – 3 mar Establishing the requirements (main objectives)
4 mar – 24 mar Enclave implementation
25 mar – 14 apr Development of the backend. Integration of enclave in the server
application
15 apr – 21 apr Development of the frontend
22 apr – 28 apr Login attestation
29 apr – 5 may Fine tuning and testing
5 may – 2 jun Writing the documentation

3
 FACULTY OF AUTOMATION AND COMPUTER SCIENCE
COMPUTER SCIENCE DEPARTMENT

7. Contents
1. Introduction (Context, Motivation, Technical Approach)
2. Project Objectives and Specification
3. Bibliographic Study (Related Work, Technologies)
4. Theoretical Background (Intel® SGX)
5. Analysis and Design (General architecture, Use cases, Algorithms, Database)
6. Implementation Details(Enclave, Back-end, Front-end)
7. Tests and Results
8. User Manual
9. Conclusions
10. Bibliography

8. Bibliography
[1] “Intel SGX”, https://software.intel.com/en-us/sgx
[2] I. Anati, S. Gueron, S. P. Johnson, and V. R. Scarlata, “Innovative technology for CPU
based attestation and sealing”, https://software.intel.com/en-us/articles/innovative-
technology-for-cpu-based-attestation-and-sealing , 2013.
[3] S. Johnson, V. Scarlata, C. Rozas, E. Brickell, and F. Mckeen, “Intel SGX: Epid
provisioning and attestation services”, https://software.intel.com/en-us/download/intel-sgx-
intel-epid-provisioning-and-attestation-services , 2016.
[4] S. Gueron, “A memory encryption engine suitable for general purpose processors”,
https://eprint.iacr.org/2016/204.pdf, 2016.
[5] V. Costan and S. Devadas, “Intel SGX Explained”, https://eprint.iacr.org/2016/086.pdf .
[6] R. Chirgwin, “Intel's SGX security extensions: Secure until you look at
the detail”,
https://www.theregister.co.uk/2016/02/01/sgx_secure_until_you_look_at_the_detail, 2016.