TC4SE: A High-Performance Trusted Channel Mechanism for Secure Enclave-Based Trusted Execution Environments

We present TC4SE, a trusted channel mechanism suitable for secure enclave-based trusted execution environments, such as Intel SGX, that leverages the existing security properties provided by the TEE remote attestation scheme and Transport Layer Security (TLS) protocol. Unlike previous works that integrate attestation into the TLS handshake, TC4SE separates these two processes and binds the trust to the authentication primitives used by the TLS protocol. TC4SE avoids modifying the TLS protocol itself, thereby avoiding extra overhead, dependencies, and inadvertent introduction of security vulnerabilities. We argue that TC4SE provides the same level of security assurance as related works, while offering superior performance and implementation advantages, comparable to the regular TLS protocol.