Man in the Cloud (MITC) Defender: SGX-based User Credential Protection for Synchronization applications in Cloud Computing Platform

In cloud environment, client user credential protection is a critical security capability that is target of adversarial attacks, especially, in cloud file synchronization applications. Among the various adversarial attacks, MITC (Man in the Cloud) attack on commercial cloud storage applications has emerged as a critical threat because it is easy to launch and hard to detect. In this paper, we propose MITC Defender, a hardware-based defense system capable of protecting client user credentials using Intel Software Guard Extensions (SGX) and preventing against four different types of MITC attack in cloud environment. By adopting Intel SGX security features such as sealing and attestation, MITC Defender can securely seal user credentials locally and easily unseal user credentials, when verifications are needed, in a Trusted Execution Environment (TEE). We implement MITC Defender on an open source platform OpenSGX and evaluate the performance and potential overhead. Our evaluation results show that MITC Defender is effective on defense against MITC attack and other security threats with a low cost.