Skip to content


Repository files navigation



SGX-Tor is a Tor anonymity network in the SGX environment. This project will be published in NSDI'17.

Notice Due to the recent patch in remote attestation protocol in SGX SDK, we are currently updating and modifying the SGX-Tor code, which makes SGX-Tor does not correctly work. We believe we can release the new version of SGX-Tor in March.

Build and run

Linux environment

Install Intel SGX SDK for Linux:

  • See (rootdir)/linux-driver/ and (rootdir)/linux-sdk/

Build Libraries

$ cd (rootdir)/Enclave/TrustedLibrary/LibEvent_SGX
$ ./configure
$ make 
$ cd (rootdir)/Enclave/TrustedLibrary/OpenSSL_SGX
$ ./
$ make
$ cd (rootdir)/Enclave/TrustedLibrary/zlib-1.2.8
$ make

###Build SGX-Tor and Run in an enclave

$ cd (rootdir)/
$ ./app

Windows environment

###Compile OpenSSL Libraries Install ActivePerl
Use 'VS2013 x64 Native Tools Command Prompt'

  • Application and SGX OpenSSL library should be built respectively
$ cd (rootdir)/SGX-Tor_WIN/OpenSSL_APP
$ cd (rootdir)/SGX-Tor_WIN/OpenSSL_SGX
  • compile
$ ina_setting.bat
$ ina_build.bat
bntest.obj : error LNK2019: messages are OK
  • clean
$ ina_clean.bat

###Build LibEvent Libraries

  • Application and SGX LibEvent library should be built respectively
$ cd (rootdir)/SGX-Tor_WIN/LibEvent_APP
$ cd (rootdir)/SGX-Tor_WIN/LibEvent_SGX
  • compile
$ nmake -f Makefile.nmake

###Build ZLib Library

$ open folder (rootdir)/SGX-Tor_WIN/zlib-1.2.8/contrib/vstudio/vc11
$ start zlibvc.sln
$ change configuration to Release mdoe
$ change Platform to x64.
$ visual studio build

###Run SGX-Tor
SGX-Tor will be executed as a client. You can check it by using firefox browser

$ change configuration to Prerelease mdoe
$ change Platform to x64.
$ 'project TorSGX' mouse right click -> Properties
$ change Debugger to launch to Intel(R) SGX Debugger
$ change Working Directory to $(OutDir)
$ do same thing to 'project TorVS2012'
$ build each solution
$ run
  • Warning: use sdk version 1.6 in this repository. SGX-Tor does not work on sdk version 1.7.

###For setting private network ####Setting torrc

these settings are needed only once

  • setting three authorities
$open TorOriginial2012 directory 
$double click ina_fingerprint.bat
$double click ina_gencert.bat
$modify ip_list in to what you want
$(ex. "", "", "")
$double click ina_set.bat 
$SGX-Tor_WIN/nodes/A00x/torrc ,/C001/torrc ... all torrc are changed to their own fingerprint.
$copy a DirAuthority line and paste another torrc
$ open torrc and change OrPort, Address and DirPort to appropriate value
  • setting client
$ change DirAuthority lines in C001/torrc to authorities information 
$ set project arguments

Alt text

  • arguments setting

![Alt text](


Seongmin Kim
Juhyeng Han
Jaehyeong Ha


Seongmin Kim
Juhyeng Han
Jaehyeong Ha
Taesoo Kim
Dongsu Han


Please use the citation below as the canonical reference to SGX-Tor.

Enhancing Security and Privacy of Tor's Ecosystem by using Trusted Execution Environments
Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim, Dongsu Han
NDSI 2017

        title        = {{Enhancing Security and Privacy of Tor's Ecosystem by using Trusted Execution Environments}},
        author       = {Seongmin Kim and Juhyeng Han and Jaehyeong Ha Taesoo Kim and Dongsu Han},
        booktitle    = {14th USENIX Symposium on Networked Systems Design and Implementation (NSDI 17)},
        year         = 2017,