An Open-source Implementation and Security Analysis of Triad's TEE Trusted Time Protocol

• URL: http://arxiv.org/abs/2507.20851v1
• Date: Mon, 28 Jul 2025 14:02:59 GMT
• Title: An Open-source Implementation and Security Analysis of Triad's TEE Trusted Time Protocol
• Authors: Matthieu Bettinger, Sonia Ben Mokhtar, Anthony Simonet-Boulogne,
• Abstract summary: In Trusted Execution Environments (TEEs) like Intel SGX, a malicious system hosting the TEE can manipulate that TEE's notion of time.<n>Previous work like Triad propose protocols for TEEs to maintain a trustworthy time source.<n>We empirically showcase vulnerabilities to this protocol.
• Score: 1.1060425537315088
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The logic of many protocols relies on time measurements. However, in Trusted Execution Environments (TEEs) like Intel SGX, the time source is outside the Trusted Computing Base: a malicious system hosting the TEE can manipulate that TEE's notion of time, e.g., jumping in time or affecting the perceived time speed. Previous work like Triad propose protocols for TEEs to maintain a trustworthy time source. However, in this paper, based on a public implementation of Triad that we contribute, we empirically showcase vulnerabilities to this protocol. For example, an attacker controlling the operating system, and consequently the scheduling algorithm, may arbitrarily manipulate their local TEE's clock speed. What is worse, in case of faster malicious clock speeds, an attacker on a single compromised machine may propagate the attack to honest machines participating in Triad's Trusted Time protocol, causing them to skip to timestamps arbitrarily far in the future. Then, infected honest machines propagate time-skips themselves to other honest machines interacting with them. We discuss protocol changes to Triad for higher resilience against such attacks.

Related papers

• Exploiting Inaccurate Branch History in Side-Channel Attacks [54.218160467764086]
  This paper examines how resource sharing and contention affect two widely implemented but underdocumented features: Bias-Free Branch Prediction and Branch History Speculation.<n>We show that these features can inadvertently modify the Branch History Buffer (BHB) update behavior and create new primitives that trigger malicious mis-speculations.<n>We present three novel attack primitives: two Spectre attacks, namely Spectre-BSE and Spectre-BHS, and a cross-privilege control flow side-channel attack called BiasScope.
  arXiv  Detail & Related papers  (2025-06-08T19:46:43Z)
• Predictive-CSM: Lightweight Fragment Security for 6LoWPAN IoT Networks [0.0]
  This work explores a defense strategy that takes a more adaptive, behavior-aware approach to this problem.<n>Our system, called Predictive-CSM, introduces a combination of two lightweight mechanisms.<n>We put this system to the test using a set of targeted attack simulations, including early fragment injection, replayed headers, and flooding with fake data.
  arXiv  Detail & Related papers  (2025-06-02T15:15:18Z)
• Test-Time Immunization: A Universal Defense Framework Against Jailbreaks for (Multimodal) Large Language Models [80.66766532477973]
  Test-time IMmunization (TIM) can adaptively defend against various jailbreak attacks in a self-evolving way.<n>Test-time IMmunization (TIM) can adaptively defend against various jailbreak attacks in a self-evolving way.
  arXiv  Detail & Related papers  (2025-05-28T11:57:46Z)
• Using quantum nonlocality for device-independent confirmation of relativistic effects [0.0]
  We explain a simple attack that in principle can cause an arbitrary delay in the signal between sender and receiver.<n>We then propose a way to overcome this problem by using a recently contrived idea of device-independent certification.
  arXiv  Detail & Related papers  (2025-01-08T19:00:18Z)
• LIAR: Leveraging Inference Time Alignment (Best-of-N) to Jailbreak LLMs in Seconds [98.20826635707341]
  Jailbreak attacks expose vulnerabilities in safety-aligned LLMs by eliciting harmful outputs through carefully crafted prompts.<n>We frame jailbreaks as inference-time misalignment and introduce LIAR, a fast, black-box, best-of-$N$ sampling attack requiring no training.<n>We also introduce a theoretical "safety net against jailbreaks" metric to quantify safety alignment strength and derive suboptimality bounds.
  arXiv  Detail & Related papers  (2024-12-06T18:02:59Z)
• A robust and composable device-independent protocol for oblivious transfer using (fully) untrusted quantum devices in the bounded storage model [4.644619667965337]
  We present a device-independent (DI) quantum protocol between two parties for oblivious transfer (OT) using Magic Square devices.<n>After a fixed constant (real-world) time interval, referred to as DELAY, the quantum states decohere completely.<n>Our protocol has negligible (in lambda) correctness and security errors and can be implemented in the NISQ era.
  arXiv  Detail & Related papers  (2024-04-17T11:46:36Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• PTPsec: Securing the Precision Time Protocol Against Time Delay Attacks Using Cyclic Path Asymmetry Analysis [1.765099515298011]
  Precision Time Protocol (PTP) can accomplish high-precision time synchronization in trusted environments. Time delay attacks pose the highest threat to the protocol, enabling attackers to diverge targeted clocks undetected. This work proposes an approach to detect and counteract delay attacks against PTP based on cyclic path asymmetry measurements.
  arXiv  Detail & Related papers  (2024-01-19T12:35:00Z)
• Tamper-Evident Pairing [55.2480439325792]
  Tamper-Evident Pairing (TEP) is an improvement of the Push-Button configuration (PBC) standard. TEP relies on the Tamper-Evident Announcement (TEA), which guarantees that an adversary can neither tamper a transmitted message without being detected, nor hide the fact that the message has been sent. This paper provides a comprehensive overview of the TEP protocol, including all information needed to understand how it works.
  arXiv  Detail & Related papers  (2023-11-24T18:54:00Z)
• Triad: Trusted Timestamps in Untrusted Environments [0.6937243101289335]
  We introduce Triad, a trusted timestamp dispatcher of time readings. The solution provides trusted timestamps enforced by mutually supportive enclave-based clock servers. We leverage enclave properties such as forced exits and CPU-based counters to mitigate attacks on the server's timestamp counters.
  arXiv  Detail & Related papers  (2023-11-10T16:22:08Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.