a b s y n t h e a u t o m at i c b l a c k b o x s i d e

A B S Y N T H E : A U T O M AT I C B L A C K B O X S I D E - C H - PowerPoint PPT Presentation

B E N G R A S , M I C H A E L K U R T H , H E R B E R T B O S , K AV E H R A Z AV I , C R I S T I A N O G I U F F R I D A V R I J E U N I V E R S I T E I T A M S T E R D A M A B S Y N T H E : A U T O M AT I C B L A C K B O X S I D E


  1. B E N G R A S , M I C H A E L K U R T H , H E R B E R T B O S , K AV E H R A Z AV I , C R I S T I A N O G I U F F R I D A V R I J E U N I V E R S I T E I T A M S T E R D A M A B S Y N T H E : A U T O M AT I C B L A C K B O X S I D E - C H A N N E L S Y N T H E S I S O N B L A C K B O X E S

  2. B E N G R A S , M I C H A E L K U R T H , H E R B E R T B O S , K AV E H R A Z AV I , C R I S T I A N O G I U F F R I D A V R I J E U N I V E R S I T E I T A M S T E R D A M A S T O T H E O P I N I O N S A N D P O S I T I O N S E X P R E S S E D I N T H I S P R E S E N TAT I O N , T H E Y A R E T H O S E O F T H E S P E A K E R S A N D D O N O T R E P R E S E N T T H E V I E W S O F A N Y C U R R E N T O R P R E V I O U S E M P L O Y E R , I N C L U D I N G I N T E L C O R P O R AT I O N O R I T S A F F I L I AT E S

  3. S I D E C H A N N E L S Observation: Shared resources often give rise to side channels • L1, L2, LLC caches • TLB • Branch predictor state • Store-to-Load forwarding • Many others

  4. S I D E C H A N N E L S Most side channels are eviction based • Original: cache attack and many variants • Cache directory attack • TLBleed (TLB) • Many branch prediction based attacks (PHT, BTB) Each can have • Complex addressing function • Complex structure (sets, ways, levels, inclusivity)

  5. L E S S R E V E R S E E N G I N E E R I N G • Lifetimes have been spent in reverse engineering uarch structures • Let’s just target stateless resources? No eviction. • Examples: execution unit contention, execution port contention • Let’s do a full multi-arch NxN covert shotgun & upgrade to side channel

  6. A B S Y N T H E : T H E V I S I O N • Given: target code, architecture • Automatically find secret-dependent code paths in target code • Mix side channel primitives to improve signal strength • Include inter-VM signal • Upgrade synchronized secret classification to unsynchronised key recovery

  7. A B S Y N T H E : T H E V I S I O N

  8. A B S Y N T H E : T H E V I S I O N

  9. O U R C O V E R T S H O T G U N : P R I M I T I V E S O N A R M V U L C A N

  10. A L L X 8 6 I N S T R U C T I O N S ?

  11. A L L O N S K Y L A K E

  12. A N D B R O A D W E L L

  13. A N D Z E N

  14. T RY A L L I N S T R U C T I O N S A S S I D E C H A N N E L S O N V U L N E R A B L E L I B G C RY P T TA R G E T S

  15. A U T O M AT I C A L LY T U N E • We can differentiate secrets using these side channels • Can we do better if we mix them?

  16. A U T O M AT I C A L LY T U N E • We can differentiate secrets using these side channels • Can we do better if we mix them?

  17. N O I S E R E S I S TA N C E

  18. R E S U LT S : F U L L K E Y R E C O V E RY, P L A I N A N D G P G

  19. C O N C L U S I O N

  20. C O N C L U S I O N • ABSynthe is a useful side channel analysis kit

  21. C O N C L U S I O N • ABSynthe is a useful side channel analysis kit • New, multi-arch side channel results

  22. C O N C L U S I O N • ABSynthe is a useful side channel analysis kit • New, multi-arch side channel results • Thank you for listening

Recommend


More recommend