Computation Capabilities of Server-Side Trusted Execution Environments
A Comparison of TEEs to Privacy-Preserving Technologies
V. Popescu (TU Delft - Electrical Engineering, Mathematics and Computer Science)
E.A. Markatou – Mentor (TU Delft - Cyber Security)
T.J. Coopmans – Graduation committee member (TU Delft - QCD/Coopmans Group)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
While securing data-in-use was assured by well-known encryption algorithms, the industry shifted towards trusting hardware manufacturers in exchange for efficiency speedups through Trusted Execution Environments. However, there are many technologies to choose from, each with its own design and trade-offs. Additionally, no work was conducted to systematically compare Trusted Execution Environments side-by-side with privacy-preserving techniques. Therefore, this literature review analyzes, in the first part, Intel's SGX, Keystone, Intel's TDX, and AMD's SEV from four angles that are strongly tied to data-in-use protection (functionality, efficiency, security, and usability). We observed that even though complex and inherently suffering to hardware-related attacks, TEEs offer a great option for confidential computing. Lastly, this research compares these state-of-the-art technologies to four other privacy-preserving techniques (Fully Homomorphic Encryption, Secure Multi-Party Computation, Oblivious RAM, and Structured Encryption) by drawing common properties and displaying them in equal use cases, showing that TEEs are a great choice for many use cases, but with stronger security issues.