A B S Y N T H E : A U T O M AT I C B L A C K B O X S I D E - C H - - PowerPoint PPT Presentation

a b s y n t h e a u t o m at i c b l a c k b o x s i d e
SMART_READER_LITE
LIVE PREVIEW

A B S Y N T H E : A U T O M AT I C B L A C K B O X S I D E - C H - - PowerPoint PPT Presentation

Jan 22, 2023 96 likes •330 views

B E N G R A S , M I C H A E L K U R T H , H E R B E R T B O S , K AV E H R A Z AV I , C R I S T I A N O G I U F F R I D A V R I J E U N I V E R S I T E I T A M S T E R D A M A B S Y N T H E : A U T O M AT I C B L A C K B O X S I D E

slide-1
SLIDE 1

A B S Y N T H E : A U T O M AT I C B L A C K B O X S I D E - C H A N N E L S Y N T H E S I S O N B L A C K B O X E S

B E N G R A S , M I C H A E L K U R T H , H E R B E R T B O S , K AV E H R A Z AV I , C R I S T I A N O G I U F F R I D A V R I J E U N I V E R S I T E I T A M S T E R D A M

slide-2
SLIDE 2

A S T O T H E O P I N I O N S A N D P O S I T I O N S E X P R E S S E D I N T H I S P R E S E N TAT I O N , T H E Y A R E T H O S E O F T H E S P E A K E R S A N D D O N O T R E P R E S E N T T H E V I E W S O F A N Y C U R R E N T O R P R E V I O U S E M P L O Y E R , I N C L U D I N G I N T E L C O R P O R AT I O N O R I T S A F F I L I AT E S

B E N G R A S , M I C H A E L K U R T H , H E R B E R T B O S , K AV E H R A Z AV I , C R I S T I A N O G I U F F R I D A V R I J E U N I V E R S I T E I T A M S T E R D A M

slide-3
SLIDE 3

S I D E C H A N N E L S

Observation: Shared resources often give rise to side channels

  • L1, L2, LLC caches
  • TLB
  • Branch predictor state
  • Store-to-Load forwarding
  • Many others
slide-4
SLIDE 4

S I D E C H A N N E L S

Most side channels are eviction based

  • Original: cache attack and many variants
  • Cache directory attack
  • TLBleed (TLB)
  • Many branch prediction based attacks (PHT, BTB)

Each can have

  • Complex addressing function
  • Complex structure (sets, ways, levels, inclusivity)
slide-5
SLIDE 5

L E S S R E V E R S E E N G I N E E R I N G

  • Lifetimes have been spent in reverse engineering uarch

structures

  • Let’s just target stateless resources? No eviction.
  • Examples: execution unit contention, execution port

contention

  • Let’s do a full multi-arch NxN covert shotgun & upgrade to

side channel

slide-6
SLIDE 6

A B S Y N T H E : T H E V I S I O N

  • Given: target code, architecture
  • Automatically find secret-dependent code paths in target code
  • Mix side channel primitives to improve signal strength
  • Include inter-VM signal
  • Upgrade synchronized secret classification to unsynchronised

key recovery

slide-7
SLIDE 7

A B S Y N T H E : T H E V I S I O N

slide-8
SLIDE 8

A B S Y N T H E : T H E V I S I O N

slide-9
SLIDE 9

O U R C O V E R T S H O T G U N : P R I M I T I V E S O N A R M V U L C A N

slide-10
SLIDE 10

A L L X 8 6 I N S T R U C T I O N S ?

slide-11
SLIDE 11

A L L O N S K Y L A K E

slide-12
SLIDE 12

A N D B R O A D W E L L

slide-13
SLIDE 13

A N D Z E N

slide-14
SLIDE 14

T RY A L L I N S T R U C T I O N S A S S I D E C H A N N E L S O N V U L N E R A B L E L I B G C RY P T TA R G E T S

slide-15
SLIDE 15

A U T O M AT I C A L LY T U N E

  • We can differentiate secrets using these side channels
  • Can we do better if we mix them?
slide-16
SLIDE 16

A U T O M AT I C A L LY T U N E

  • We can differentiate secrets using these side channels
  • Can we do better if we mix them?
slide-17
SLIDE 17

N O I S E R E S I S TA N C E

slide-18
SLIDE 18

R E S U LT S : F U L L K E Y R E C O V E RY, P L A I N A N D G P G

slide-19
SLIDE 19

C O N C L U S I O N

slide-20
SLIDE 20

C O N C L U S I O N

  • ABSynthe is a useful side

channel analysis kit

slide-21
SLIDE 21

C O N C L U S I O N

  • ABSynthe is a useful side

channel analysis kit

  • New, multi-arch side channel

results

slide-22
SLIDE 22

C O N C L U S I O N

  • ABSynthe is a useful side

channel analysis kit

  • New, multi-arch side channel

results

  • Thank you for listening