A Hardware Trusted Channel Construction Scheme Based on TEE and TPM for Confidential Computing Platforms

doi:10.3969/j.issn.1671-1122.2025.11.011

Abstract

Abstract:

In recent years, confidential computing has played an increasingly important role in safeguarding user privacy and data security. With the growing demand for confidential computing platforms that handle massive AI workloads, establishing trusted channels and confidential interconnections has become a critical research issue. This paper proposed a trusted channel construction scheme based on trusted execution environments (TEE) and trusted platform modules (TPM), leveraging a hardware-based key exchange mechanism to meet the security requirements of attestation, trusted data transmission, and secure storage on confidential computing platforms. The proposed scheme consisted of three protocols. First, in the subsystem mutual attestation protocol, a trusted third party issued verifiable attestation tokens to the subsystems within a trusted computing platform node, enabling unified attestation in a heterogeneous hardware root-of-trust environment. Second, the TEE and TPM based hardware key exchange protocol ensured compatibility with existing TEE specifications and TPM key exchange interfaces and derived encryption keys to protect confidential data during transmission. Compared to application-layer communication, the use of hardware-based trusted channels significantly enhanced communication security. Third, the TEE key/secret data provisioning protocol enabled the TPM to securely provide keys or secret data to TEE applications over the established trusted channel, improving the protection of sensitive data stored within the TEE. Security analysis demonstrated that the proposed scheme effectively defends against common attacks such as forgery, spoofing, and tampering. Prototype system evaluations show that the TEE and TPM based hardware key exchange introduces only a 2% increase in latency compared to traditional virtual machines. Furthermore, the overall performance overhead for key exchange and sustained data transmission in the TEE runtime system is less than 0.7%. In summary, the proposed scheme enhances the communication security of confidential computing platforms with minimal impact on runtime and communication performance.

Key words: TEE, TPM, trusted channel, key exchange

CLC Number:

TP309

JIN Wa, QIN Yu, LIU Jingrun, SHANG Ketong, JIA Menghan, LIN Jiangnan. A Hardware Trusted Channel Construction Scheme Based on TEE and TPM for Confidential Computing Platforms[J]. Netinfo Security, 2025, 25(11): 1792-1810.

Figures/Tables 9

References 47

[1]	FENG Dengguo, QIN Yu, FENG Wei, et al. Survey of Research on Confidential Computing[J]. IET Communications, 2024, 18(9): 535-556. doi: 10.1049/cmu2.v18.9 URL
[2]	FENG Dengguo, QIN Yu. Confidential Computing: Progress and Prospects[J]. Communications of China Computer Federation, 2024, 20(12): 38-46.
	冯登国, 秦宇. 机密计算:进展与展望[J]. 中国计算机学会通讯, 2024, 20(12):38-46.
[3]	Confidential Computing Consortium. A Technical Analysis of Confidential Computing[R]. San Francisco:Linux Foundation, v1.2, 2021.
[4]	TPM 2.0 Library Specification Revision 1.59 Part 1: Architecture[S]. Beaverton: Trusted Computing Group, 2019.
[5]	NVIDIA. Introduction to DGX A100[EB/OL]. (2024-10-16)[2025-07-04]. https://docs.nvidia.com/dgx/dgxa100-user-guide/introduction-to-dgxa100.html.
[6]	BERGER S, CACERES R, GOLDMAN K A, et al. vTPM: Virtualizing the Trusted Platform Module[C]// USENIX. The 15th USENIX Security Symposium. Berkeley: USENIX, 2006: 305-320.
[7]	Inclavare Containers. RATS-TLS Project[EB/OL]. (2025-04-21)[2025-07-07]. https://github.com/inclavare-containers/rats-tls.
[8]	HALDERMAN J A, SCHOEN S D, HENINGER N, et al. Lest We Remember: Cold Boot Attacks on Encryption Keys[C]// USENIX. 17th USENIX Security Symposium. Berkeley: USENIX, 2008: 68-78.
[9]	CHEN Weijie. Research on Side-Channel Defenses for Trusted Execution Environment Based on Real-Time Monitoring[D]. Wuhan: Huazhong University of Science and Technology, 2024.
	陈维杰. 基于实时监测的可信执行环境侧信道防御研究[D]. 武汉: 华中科技大学, 2024.
[10]	FU Jianming, LIU Xiuwen, TANG Yi, et al. Survey of Memory Address Leakage and Its Defense[J]. Journal of Computer Research and Development, 2016, 53(8): 1829-1849.
	傅建明, 刘秀文, 汤毅, 等. 内存地址泄漏分析与防御[J]. 计算机研究与发展, 2016, 53(8):1829-1849.
[11]	RFC 9334 Remote Attestation Procedures Architecture[S]. Internet Engineering Task Force (IETF), 2023.
[12]	Veraison Project. Veraison[EB/OL]. (2025-07-04)[2025-07-07]. https://github.com/veraison.
[13]	Intel. Intel^® Enhanced Privacy ID (EPID) Security Technology[EB/OL]. (2021-07-13)[2025-07-04]. https://www.intel.com/content/www/us/en/developer/articles/technical/intel-enhanced-privacy-id-epid-security-technology.html.
[14]	Intel. Intel Software Guard Extensions Data Center Attestation Primitives Quick Install Guide[EB/OL]. (2024-05-13)[2025-07-04]. https://www.intel.com/content/www/us/en/developer/articles/guide/intel-software-guard-extensions-data-center-attestation-primitives-quick-install-guide.html.
[15]	CHEN Guoxing, ZHANG Yinqian, LAI T H. Opera: Open Remote Attestation for Intel’s Secure Enclaves[C]// ACM. The 2019 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2019: 2317-2331.
[16]	CHEN Guoxing, ZHANG Yinqian. MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties[C]// USENIX. The 31st USENIX Security Symposium. Berkeley: USENIX, 2022: 4095-4110.
[17]	DHAR A, PUDDU I, KOSTIAINEN K, et al. ProximiTEE: Hardened SGX Attestation by Proximity Verification[C]// ACM. The 10th ACM Conference on Data and Application Security and Privacy. New York: ACM, 2020: 5-16.
[18]	WANG Juan, HONG Zhi, ZHANG Yuhan, et al. Enabling Security-Enhanced Attestation with Intel SGX for Remote Terminal and IoT[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2017, 37(1): 88-96. doi: 10.1109/TCAD.2017.2750067 URL
[19]	ZHOU Lei, ZHANG Fengwei, WANG Guojun. Using Asynchronous Collaborative Attestation to Build a Trusted Computing Environment for Mobile Applications[C]// IEEE. The 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). New York: IEEE, 2017: 1-6.
[20]	KUCAB M, BORYLO P, CHOLDA P. Remote Attestation and Integrity Measurements with Intel SGX for Virtual Machines[EB/OL]. (2021-07-01)[2025-07-04]. https://doi.org/10.1016/j.cose.2021.102300.
[21]	WALSH K, MANFERDELLI J. Mechanisms for Mutual Attested Microservice Communication[C]// ACM. Proceedings of the 10th International Conference on Utility and Cloud Computing (UCC’17 Companion). New York: ACM, 2017: 59-64.
[22]	HAMIDY G M, YULIANTI S, PHILIPPAERTS P, et al. TC4SE: A High-Performance Trusted Channel Mechanism for Secure Enclave-Based Trusted Execution Environments[C]// Springer. Information Security, ISC 2023. Heidelberg: Springer, 2023: 225-244.
[23]	KNAUTH T, STEINER M, CHAKRABARTI S, et al. Integrating Remote Attestation with Transport Layer Security[EB/OL]. (2019-07-26)[2025-07-04]. https://doi.org/10.48550/arXiv.1801.05863.
[24]	WALTHER R, WEINHOLD C, ROITZSCH M. RATLS: Integrating Transport Layer Security with Remote Attestation[C]// Springer. Applied Cryptography and Network Security Workshops(ACNS 2022). Heidelberg: Springer, 2022: 319-338.
[25]	NIEMI A, POP V A B, EKBERG J. Trusted Sockets Layer: A TLS 1.3 Based Trusted Channel Protocol[C]// Springer. Secure IT Systems:26th Nordic Conference(NordSec 2021). Heidelberg: Springer, 2021: 175-191.
[26]	KING G, WANG H. HTTPA: HTTPS Attestable Protocol[C]// Springer. The 2023 Future of Information and Communication Conference. Heidelberg: Springer, 2023: 811-823.
[27]	KING G, WANG H. HTTPA/2: A Trusted End-to-End Protocol for Web Services[EB/OL]. (2022-09-25)[2025-07-04]. https://doi.org/10.48550/arXiv.2205.01052.
[28]	SCHUSTER F, COSTA M, FOURNET C, et al. VC3: Trustworthy Data Analytics in the Cloud Using SGX[C]// IEEE. 2015 IEEE Symposium on Security and Privacy. New York: IEEE, 2015: 38-54.
[29]	BHARDWAJ K, SHIH M W, GAVRILOVSKA A, et al. SPX: Preserving End-to-End Security for Edge Computing[EB/OL]. (2018-09-24)[2025-07-04]. https://doi.org/10.48550/arXiv.1809.09038.
[30]	CHALKIADAKIS N, DEYANNIS D, KARNIKIS D, et al. The Million Dollar Handshake: Secure and Attested Communications in the Cloud[C]// IEEE. 2020 IEEE 13th International Conference on Cloud Computing. New York: IEEE, 2020: 63-70.
[31]	GREVELER U, JUSTUS B, LOHR D. Mutual Remote Attestation: Enabling System Cloning for TPM Based Platforms[C]// Springer. The 7th International Conference on Security and Trust Management. Heidelberg: Springer, 2011: 193-206.
[32]	WAGNER P G, BIRNSTILL P, BEYERER J. Establishing Secure Communication Channels Using Remote Attestation with TPM 2.0[C]// Springer. Security and Trust Management. Heidelberg: Springer, 2020: 53-67.
[33]	AKRAM R N, MARKANTONAKIS K, MAYES K, et al. An Efficient, Secure and Trusted Channel Protocol for Avionics Wireless Networks[C]// IEEE. IEEE/AIAA 35th Digital Avionics Systems Conference. New York: IEEE, 2016: 1-10.
[34]	OTT S, ORTHEN B, WEIDINGER A, et al. MultiTEE: Distributing Trusted Execution Environments[C]// ACM. The 19th ACM Asia Conference on Computer and Communications Security. New York: ACM, 2024: 1617-1629.
[35]	SHEPHERD C, AKRAM R N, MARKANTONAKIS K. Establishing Mutually Trusted Channels for Remote Sensing Devices with Trusted Execution Environments[C]// ACM. The 12th International Conference on Availability, Reliability and Security. New York: ACM, 2017: 1-10.
[36]	CHEN Jian, DAI Bo, WANG Yanbo, et al. SecTube: SGX-Based Trusted Transmission System[C]// Springer. Smart Computing and Communication. Heidelberg: Springer, 2018: 231-238.
[37]	WILL N C, HEINRICH T, VIESCINSKI A B, et al. Trusted Inter-Process Communication Using Hardware Enclaves[C]// IEEE. IEEE International Systems Conference. New York: IEEE, 2021: 1-7.
[38]	JANG J, KANG B B. Securing a Communication Channel for the Trusted Execution Environment[J]. Computers & Security, 2019, 83: 79-92. doi: 10.1016/j.cose.2019.01.012 URL
[39]	JANG J, KONG S, KIM M, et al. SeCReT: Secure Channel between Rich Execution Environment and Trusted Execution Environment[EB/OL]. (2015-02-08)[2025-07-04]. https://www.ndss-symposium.org/wp-content/uploads/2017/09/03_3_2.pdf.
[40]	WAGNER P G, BIRNSTILL P, BEYERER J. DDS Security+: Enhancing the Data Distribution Service with TPM-Based Remote Attestation[C]// ACM. The 19th International Conference on Availability, Reliability and Security. New York: ACM, 2024: 1-11.
[41]	Confidential 6G Project. Confidential 6G[EB/OL]. (2024-03-15)[2025-07-04]. https://confidential6g.eu/.
[42]	DOLEV D, YAO A C. On the Security of Public Key Protocols[EB/OL]. (1981-10-28)[2025-07-04]. https://www.cs.huji.ac.il/-dolev/pubs/dolev-yao-ieee-01056650.pdf.
[43]	SHEN Pei, LIU Fulong, SANG Haiwei. Research on Malicious Code Detection[J]. Journal of Chongqing University of Technology (Natural Science Edition), 2022, 36(11): 212-218.
	申培, 刘福龙, 桑海伟. 恶意代码检测研究综述[J]. 重庆理工大学学报(自然科学版), 2022, 36(11):212-218.
[44]	KIM Y, SUH H, MUTLU O, et al. Flipping Bits in Memory without Accessing Them: An Experimental Study of DRAM Disturbance Errors[C]// IEEE. 2014 International Symposium on Computer Architecture (ISCA). New York: IEEE, 2014: 361-372.
[45]	CASLEY C, TSAFRIR D, GUPTA V, et al. Cuckoo Attacks on Device Authenticated Key Exchange[C]// ACM. ACM Conference on Security and Privacy in Wireless & Mobile Networks (WiSec). New York: ACM, 2013: 1-12.
[46]	NIST SP 800-56A Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography[S]. Gaithersburg: National Institute of Standards and Technology, 2013.
[47]	ZHAO Shijun, ZHANG Qianying, QIN Yu, et al. SecTEE: A Software Based Approach to Secure Enclave Architecture Using TEE[C]// ACM. The 2019 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2019: 1723-1740.

符号	描述
$\text{(}sk\text{, }\!\!~\!\!\text{ }pk\text{)}$	非对称密钥对，其中，sk为私钥，pk为公钥
KDF(Z, info)	密钥派生函数，用于在ECDH密钥协商中基于共享秘密值Z和信息info派生对称密钥
token	AS颁发给可信设备的可验证凭据
D=(q, FR,a,b,{SEED},G, n,h)	生成EC密钥对使用的域参数
$En{{c}_{k}}\text{(}m\text{)}$	使用密钥k对消息m加密
$HMA{{C}_{k}}\text{(}m\text{)}$	使用密钥k计算消息m的HMAC值
$Si{{g}_{k}}\text{(}m\text{)}$	使用密钥k对消息m签名
x\|\|y	x和y的串联
x·y	整数x与整数y相乘
[n]P	整数n与点P相乘

TPM 2.0功能	时间/ms
一阶段密钥协商	92.8
两阶段密钥协商	96.6

AS操作	第一次测量时间/ms	第二次测量时间/ms	第三次测量时间/ms	平均时间/ms
颁发token	213.7	206.7	205.9	208.8
验证token	70.0	66.3	69.9	68.7