Recovering RSA Keys

CacheOut can extract RSA keys from a user program performing RSA decryptions using its private key. In this example, sampling the victim’s data takes about 40 seconds and another 10 seconds is spent on recovering the key from the collected data.

Also available on YouTube.

Dumping SGX Enclaves

To show our ability of leaking data from Intel SGX, we embedded the Mona Lisa (image on the left) inside an enclave. Then we collected some traces using CacheOut. We reconstruct the picture from these traces in real-time as shown in the image on the right.

Signing Arbitrary Quotes for Remote Attestation

We have also used CacheOut and SGAxe to recover private attestation keys from a fully updated SGX machine which is considered by Intel to be in a trusted status. With these private attestation keys in hands, we can sign arbitrary SGX attestation quotes which are then considered legitimate by Intel’s attestation service (or at least until they revoke our key). In the video below, we sign our own quote and then verify it against Intel’s Attestation Service.

Also available on YouTube.

Signing Your Own Quotes

We understand that remote attestion can be very tricky to pass. However, since we already done all the hard work of getting genuine attestation keys, we decided to help you out by developing a Twitter bot that passes SGX attestation for you. Our bot provides Attestation as a Service (AaaS), which allows you to get your own quotes signed with the keys we extracted using SGAxe. This way you can pass attestation without even owning an SGX machine. If you want to make use of our service, you can send a tweet to our bot @SGAxe_AaaS. If you’ll tweet it, we’ll sign it!