Conclave's solution on preventing rollback attacks

This post will discuss how Conclave can handle rollback attacks using Intel SGX.

The SGX architecture supports the use of monotonic counters, which the enclave can use to prevent rollback attacks, but SGX systems available today do not support them. They need to be provided by a separate TEE and securely made available to Intel SGX enclaves.

Conclave uses a map data structure to persist any data type and avoid rollback attacks. Let’s take a look at how this map can prevent rollback attacks:

  • A client connects to the enclave to perform some computation . Conclave provides persistent capabilities which enable enclaves to save files/data onto persistent storage. Since enclaves do not have access to persistent storage, it usually delegates this task of storing data to the host. After an enclave restart, it requests the host’s last saved state.

  • A malicious host at this point can perform a rollback attack wherein it gives the enclave an old state. The enclave has no way of detecting this, and it thinks it is dealing with the latest state. To prevent a rollback attack, the enclave attaches some extra hidden data along with the map and sends it to the client, along with the enclave’s belief about the last seen piece of such data which the client keeps track of. If the host restarts the enclave with an older version of the map, the clients will detect a mismatch.

  • Conclave provides an EnclaveClient class , a client implementation that handles rollback prevention automatically and it keeps track of this extra hidden data (this data that’s sent is called the enclave’s state id and in the EnclaveClient it is the lastSeenStateId property). If there is a rollback, then this data will not match, and the client will throw an exception (by default).

For more information about preventing rollback attacks visit R3’s blog post.

Visit your Developer platform, and if you have any questions or concerns, please reach us at: devrel@r3.com

1 Like