B E N G R A S , M I C H A E L K U R T H , H E R B E R T B O S , K AV E H R A Z AV I , C R I S T I A N O G I U F F R I D A V R I J E U N I V E R S I T E I T A M S T E R D A M A B S Y N T H E : A U T O M AT I C B L A C K B O X S I D E - C H A N N E L S Y N T H E S I S O N B L A C K B O X E S
B E N G R A S , M I C H A E L K U R T H , H E R B E R T B O S , K AV E H R A Z AV I , C R I S T I A N O G I U F F R I D A V R I J E U N I V E R S I T E I T A M S T E R D A M A S T O T H E O P I N I O N S A N D P O S I T I O N S E X P R E S S E D I N T H I S P R E S E N TAT I O N , T H E Y A R E T H O S E O F T H E S P E A K E R S A N D D O N O T R E P R E S E N T T H E V I E W S O F A N Y C U R R E N T O R P R E V I O U S E M P L O Y E R , I N C L U D I N G I N T E L C O R P O R AT I O N O R I T S A F F I L I AT E S
S I D E C H A N N E L S Observation: Shared resources often give rise to side channels • L1, L2, LLC caches • TLB • Branch predictor state • Store-to-Load forwarding • Many others
S I D E C H A N N E L S Most side channels are eviction based • Original: cache attack and many variants • Cache directory attack • TLBleed (TLB) • Many branch prediction based attacks (PHT, BTB) Each can have • Complex addressing function • Complex structure (sets, ways, levels, inclusivity)
L E S S R E V E R S E E N G I N E E R I N G • Lifetimes have been spent in reverse engineering uarch structures • Let’s just target stateless resources? No eviction. • Examples: execution unit contention, execution port contention • Let’s do a full multi-arch NxN covert shotgun & upgrade to side channel
A B S Y N T H E : T H E V I S I O N • Given: target code, architecture • Automatically find secret-dependent code paths in target code • Mix side channel primitives to improve signal strength • Include inter-VM signal • Upgrade synchronized secret classification to unsynchronised key recovery
A B S Y N T H E : T H E V I S I O N
A B S Y N T H E : T H E V I S I O N
O U R C O V E R T S H O T G U N : P R I M I T I V E S O N A R M V U L C A N
A L L X 8 6 I N S T R U C T I O N S ?
A L L O N S K Y L A K E
A N D B R O A D W E L L
A N D Z E N
T RY A L L I N S T R U C T I O N S A S S I D E C H A N N E L S O N V U L N E R A B L E L I B G C RY P T TA R G E T S
A U T O M AT I C A L LY T U N E • We can differentiate secrets using these side channels • Can we do better if we mix them?
A U T O M AT I C A L LY T U N E • We can differentiate secrets using these side channels • Can we do better if we mix them?
N O I S E R E S I S TA N C E
R E S U LT S : F U L L K E Y R E C O V E RY, P L A I N A N D G P G
C O N C L U S I O N
C O N C L U S I O N • ABSynthe is a useful side channel analysis kit
C O N C L U S I O N • ABSynthe is a useful side channel analysis kit • New, multi-arch side channel results
C O N C L U S I O N • ABSynthe is a useful side channel analysis kit • New, multi-arch side channel results • Thank you for listening
Recommend
More recommend