Attested TLS in the Wild
16 hours ago
- #remote attestation
- #confidential computing
- #TLS
- Trusted Execution Environments (TEEs) provide a foundation for confidential computing by protecting code and memory at runtime.
- Attested TLS (aTLS) binds remote attestation evidence to a live TLS session, ensuring the session key belongs to the measured software instance.
- aTLS addresses three key properties: channel confidentiality and integrity, endpoint authenticity and in-TEE termination, and runtime integrity against policy.
- TLS 1.3 provides encrypted channels and peer key ownership, while aTLS adds attestation and binding proofs to ensure secure communication with TEEs.
- The T+ confidential exchange uses mutual attestation to ensure end-to-end confidentiality and integrity in a multi-node TEE environment.
- Connection hooks in msg-rs enable post-transport setup attestation checks, ensuring trust before protocol traffic begins.
- aTLS uses Exported Keying Material (EKM), Exported Authenticators, and RATS Conceptual Message Wrapper for portable and interoperable attestation binding.
- Cert-pubkey binding can be sufficient in controlled deployments, while EKM provides stronger security in broader or stricter models.
- Different mechanisms (e.g., challenge nonce, mutual attestation) can be selected based on specific threat models and deployment needs.
- Examples like Confer's Private Inference and Flashbots' attested-tls-proxy demonstrate the broader applicability of the aTLS pattern.