Are Enclaves Vulnerable to Delay Attacks when Using Intel® Software Guard Extensions (Intel® SGX) Trusted Time Functions?

• A time delay attack can occur if a malicious operating system (OS) intercepts the packet that contains the time information as it is being communicated to the enclave. If the OS changes the time, the measured elapsed time may not be correct.
• Unable to determine if sgx_get_trusted_time can be used to mitigate this attack.

According to the Intel SGX Developer Reference for Windows*: "The Enclave retrieves the time reference and the time source nonce using sgx_get_trusted_time. " To guarantee that the time source does not change between two readings of sgx_get_trusted_time, compare the nonce from each reading. They should be the same.

Intel SGX Platform Services details how the Intel SGX SDK for Windows accesses hardware-based monotonic counters implemented in the Intel® Converged Security and Management Engine (Intel® CSME), which is only available in client systems.

Refer to the section on the Sealed Data example in the Intel SGX Developer Reference for Windows for more details on how to protect against replay attacks.