Iron: Functional Encryption using Intel SGX

Summary: This paper covers a Iron a really powerful functional encryption technique. The reason this paper is really ground breaking is the fact that it allows for a faster more practical version of functional encryption which is a landslide faster than current members. The problem with this paper that makes it hard to analyze is the fact that its built on SGX which is proprietary and as a result security researchers would not have the same access to scrutinize, compared to say open source software. The reason this technology is cool, is because it could pave the way for more sharing of data while at the same time protecting that data from misuse. Now if someone wants to have banking information on the cloud or with some entity - they can create keys that share only the data they agree to share with another entity improving overall security.

 

What I liked:

  1. Functional Encryption is a technology that has a lot of potential applications if the technical and feasibility aspects of it can be worked out

  2. This method runs functional encryption at full processor speeds which has been a challenge to accomplish in past studies

  3. The method works well on complex functions and might even be better the more complex the function is?

  4. The system doesn't put all its hope in the trust offered by SGX and treat it as a black box - the study looks at it from the pov that there are limitations of SGC

  5. The study has a very good explanation of the relevant  SGX knowledge needed to understand this paper.

 

What I didn't like:

  1. There might be a single point of failure in the attestation system which secures enclaves

  2. There are ways to spoof the request for keys that the paper doesn't cover

  3. I'm not sure how realistic it is for the enclave to erase everything relevant to its state from memory

  4. This system requires 3 different secure enclaves - is it possible to do it with 2 or less?

  5. SGX isn't open source so it might be hard to evaluate it

Points for Discussion:

  1. Is there room from a hardware POV for future improvements to functional encryption

  2. 20 years down the line say if the encryption encoding functional encryption is broken, is there any precautions that should be taken encoding the core data

  3. Has there ever been a documented failure of Intel's verification attester?

  4. How comprehensive can a security study of SGC products be given that the core tech is proprietary

  5. Are there any other comparable technologies that have different implementations which can be used as the basis for future functional encryption.

New Ideas :

  1. Possible audit methods for making sure the technology gives you the right answer using rudimentary systems maybe CSD?

  2. Explore side channel attacks which might not have been covered in the paper

  3. Develop Iron for an open source environment such as Sanctum

  4. Encrypt data even more before putting it into functional encryption

  5. What regulations need to be in place for the wide scale adoption of functional encryption