TEE Security Model

Intel SGX Vulnerability Mitigation

CogniFi utilizes Intel Software Guard Extensions (SGX) to create Trusted Execution Environments (TEEs) for our AI Agents. While SGX provides a robust hardware-based isolation layer, we acknowledge historical side-channel vulnerabilities (e.g., Foreshadow, L1TF).

Our Mitigation Strategy:

  1. Hardware Minimization: We run agents on the latest generation of Intel Xeon Scalable processors (Ice Lake or later) which have hardware-level mitigations for known speculative execution attacks.

  2. Memory Encryption: All agent memory (RAM) is encrypted via the MEE (Memory Encryption Engine). Even if an attacker physically dumps the RAM of the host server, they will only see high-entropy noise, not private keys.

  3. Code Hardening (Rust): The core agent logic is written in Rust, which prevents memory safety bugs (buffer overflows) that could be exploited to crash the enclave or leak data.

  4. Ephemeral Key Generation: Private keys are generated inside the enclave at boot time and are never persisted to disk unencrypted. If an enclave is stopped, the key is lost unless explicitly sealed to the specific CPU signature.

Attestation Verification Guide

"Don't Trust, Verify" is the core tenet of CogniFi. A user does not need to trust the CogniFi team; they only need to trust the Intel hardware and the open-source code.

How Remote Attestation Works: When an agent signs a transaction, it also produces a "Quote"—a cryptographic report signed by the processor's secret key.

Verification Steps (For Developers):

You can verify an agent's integrity using our SDK or a standalone script.

import { verifyRemoteAttestation } from '@cognifi/sdk/security';

// 1. Fetch the quote from the Agent's public endpoint
const quote = await fetch('https://agent-node.cognifi.fun/quote').then(res => res.json());

// 2. Verify against Intel's Attestation Service (IAS) or DCAP
const isValid = await verifyRemoteAttestation({
  quote: quote.hex,
  expectedMREnclave: "e3b0c442...", // The hash of the official CogniFi release
  expectedMRSigner: "a1b2c3d4..."   // The signing key of the CogniFi build server
});

if (isValid) {
  console.log("✅ Agent is running genuine, unmodified code.");
} else {
  console.error("❌ WARNING: Agent code mismatch! Do not deposit.");
}

  • MRENCLAVE: A hash of the binary code. If even one bit of the code is changed (e.g., to insert a backdoor), this hash changes completely.

  • MRSIGNER: The identity of the entity who built the enclave (CogniFi Labs).

PreviousTypeScript SDKNextEmergency Procedures

Last updated