From c5695837a5d4a7ebb3defe5c174fb81d03b8367e Mon Sep 17 00:00:00 2001 From: Sascha Tommasone Date: Sat, 6 Jul 2024 20:20:04 +0200 Subject: [PATCH] [Assingment-7] updated simulate.sh --- 7-SGX_Hands-on/src/simulate.sh | 35 +++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/7-SGX_Hands-on/src/simulate.sh b/7-SGX_Hands-on/src/simulate.sh index f5718a4..a005843 100755 --- a/7-SGX_Hands-on/src/simulate.sh +++ b/7-SGX_Hands-on/src/simulate.sh @@ -5,29 +5,34 @@ TMP=/tmp/signatureproxy KEYDIR=../employee_keys mkdir -p $TMP -echo "Step 1: Setting up the signature proxy..." +echo "At Embedded Solutions Inc., security was paramount. The company specialized in creating firmware for a wide range of embedded devices used in critical industries, from medical equipment to automotive systems. To protect their firmware, they had implemented a sophisticated signature proxy system using Intel's SGX enclave technology." + +echo "One bright morning, Alice, a senior engineer known for her meticulous work, arrived at her desk. She was tasked with signing the latest stable version of a critical medical device firmware that she had finished engineering the previous night." + +echo "As she settled in, the IT team, always vigilant, prepared the signature proxy. They initialized it with a secret key stored securely within the enclave, ensuring that only authorized firmware could pass through." ./signatureproxy proxysetup -pkey $TMP/proxy_private.bin > $TMP/proxy_public.pem -echo "The signature proxy is initialized." +echo "The proxy was now ready to guard the integrity of their firmware." -echo "Step 2: Generating dummy firmware..." -dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 &> /dev/null -echo "Dummy firmware is generated." +echo "With the proxy ready, Alice compiled the latest stable version of the firmware. This firmware would soon run on life-saving medical devices, a fact that weighed heavily on her as she meticulously checked every detail." +dd if=/dev/urandom of=$TMP/firmware.bin bs=1G count=1 &> /dev/null -echo "Step 3: Alice signs the firmware..." +echo "Once satisfied with the build, Alice signed the firmware with her private key. This was her mark, an assurance to the company that the firmware came from a trusted source." ./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der -echo "Alice, a trusted employee, signs the firmware." -echo "Step 4: Resigning Alice's signed firmware using the signature proxy..." +echo "The signed firmware, along with Alice's signature, was then sent to the signature proxy. The proxy, acting as a vigilant guardian, verified Alice's signature against a list of authorized keys. Her identity confirmed, the proxy signed the firmware with its own private key, adding an extra layer of security." cat $TMP/signature_alice.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/alice_public.pem -firm $TMP/firmware.bin > $TMP/signature_for_alice.der -echo "The signature proxy verifies and resigns Alice's firmware." -echo "Step 5: Verifying the signed firmware..." +echo "The final step was crucial: verifying the signed firmware to ensure it was ready for deployment. The team couldn't afford any mistakes, knowing the firmware's destination were life-saving medical devices." cat $TMP/signature_for_alice.der | ./signatureproxy embedded -ppub $TMP/proxy_public.pem -firm $TMP/firmware.bin -echo "The firmware's signature is verified." -echo "Step 6: Oskar attempts to sign a modified firmware..." +echo "Meanwhile, in a dark corner of the tech world, Oskar, a disgruntled former employee, was plotting his revenge. He had managed to get his hands on an old private key. With malicious intent, he set out to sign a modified version of the firmware, hoping to bypass the security measures." + +echo "Oskar, driven by his vendetta, signed the firmware with his private key, intending to trick the system and cause havoc." ./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der -echo "Oskar, an attacker, tries to sign a modified firmware." -echo "Step 7: Oskar's signing attempt is rejected by the signature proxy..." -cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der && echo "Oskar's firmware signing attempt was successful." || echo "Oskar's signing request is successfully rejected." +echo "With a smug grin, he tried to pass his signed firmware through the proxy. But the system was built to withstand such threats. The proxy, ever vigilant, scrutinized the incoming data." +cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der && echo "Oskar's firmware signing attempt seemed successful. (This should not happen in a secure system!)" || echo "The proxy detected Oskar's unauthorized key and rejected the firmware. His malicious intent was thwarted, and the firmware remained secure." + +echo "With Oskar's attempt foiled, Embedded Solutions could breathe a sigh of relief. The integrity of their firmware was intact, safeguarded by the robust security measures of their signature proxy system. Alice and her team could continue their work with confidence, knowing that their systems were safe from internal and external threats." + +echo "This concludes the story of Alice, Oskar, and the secure firmware signing process at Embedded Solutions Inc. Through the diligent efforts of trusted employees and advanced security technology, the integrity and safety of their embedded devices were preserved."