When the Heartbleed Bug ripped a hole in Open SSL cryptographic software, it exposed a frailty that encryption hadn’t yet solved. Attackers accessed the memory of software protections and snatched data by impersonating users, all without leaving a trace. Such attacks expose users to a catastrophic domino effect that’s difficult to halt.
Encryption might seem like an obvious and easy security strategy, but it introduces a less overt challenge: how to handle decryption without giving hackers an attack window. The most popular solution entails delivering application data to the host encrypted. Sometimes, the simplest solutions are the most elegant. Tokenization and homomorphic encryptions are severely limited, though.
A new solution is already in play in Android and iOS phones, which store biometric data in its own metaphorical pocket away from the entire operating system. This way, when the local OS is accessed, application functionality remains secure.
In the world of data storage, this same principle can be carried out using an embedded enclave—a strategy that can even be used in the cloud. A local computing model is used to run apps on trusted machines, allowing platforms to be used with minimum performance loss. TLS servers can run inside those enclaves and are terminated within them.
One Chip to Rule them All
Intel’s SGX chip comes with a trusted runtime system that remains in secure enclaves. It runs on a range of core processors and runs within a parent application in a way that leverages full computational power. The chip can also work with other enclaves and even be developed using everyday tools. App developers are now free to work within an innovative paradigm, setting privilege levels at their own discretion. Enclaves have at last brought high performance to decryption, opening up the world of decryption for chip makers.
Read more about security and chip technology.