aegis
play

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant - PowerPoint PPT Presentation

Apr 08, 2023 •271 likes •519 views

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S Cases for Physical Security Applications

  1. AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S

  2. Cases for Physical Security • Applications on untrusted hosts with untrusted owners – Digital Rights Management (DRM), Software licensing – Distributed computation on Internet – Mobile agents • New challenges – Untrusted OS – Physical attacks Music/Movie Make Incorrect Results; Illegal Copies Break the System Program Distributed Computing, Peer-to-Peer Network Software G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  3. Conventional Tamper-Proof Packages • Processing system in a tamper-proof package (IBM 4758) – Expensive: many detecting sensors – Needs to be continuously powered: battery-backed RAM $2,690 in 2001 Memory 99MHz 486 Source: IBM website G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  4. Single-Chip Secure Processors • Only trust a single chip: tamper-resistant – Off-chip memory: verify the integrity and encrypt – Untrusted OS: identify a core part or protect against OS attacks • Cheap, Flexible, High Performance Identify or Protect against Check Integrity, Encrypt Trusted Environment Untrusted OS I/O Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  5. Related Research • XOM (eXecution Only Memory): David Lie et al – Stated goal: Protect integrity and privacy of code and data – Operating system is completed untrusted – Memory integrity checking does not prevent replay attacks – Privacy is expensive but not necessary for all applications • Palladium/NGSCB: Microsoft – Stated goal: Protect from software attacks – Combination of hardware and software mechanisms – Adds "curtained" memory to avoid DMA attacks – Uses a security kernel (Nexus) – Memory integrity and privacy are assumed (only software attacks). G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  6. AEGIS: High-Level Architecture L C S

  7. Secure Execution Environments • Tamper-Evident (TE) environment – Guarantees a valid execution and the identity of a program; no privacy – Any software or physical tampering to alter the program behavior should be detected • Private Tamper-Resistant (PTR) environment – TE environment + privacy – Encrypt instructions and data – Assume programs do not leak information via memory access patterns • Implementation – Either have a trusted part of the OS or completely untrust the OS – Secure context manager, encryption and integrity verification G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  8. Secure Context Manager (SCM) • A specialized module in the processor Standard Processor SCM • Assign a secure process ID Processor (SPID) for each secure Core SPID … Regs process … … • Implements new instructions L1 L1 Instruction Data … – enter_aegis cache cache – set_aegis_mode – random On-Chip L2 – sign_msg Cache • Maintains a secure table – Even operating system cannot modify Off-Chip Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  9. SCM: Program Start-Up • ‘ enter_aegis ’: TE mode – Start protecting the enter_aegis integrity of a program code_end Program – Compute and store the .text enter_aegis EKey1 = 0xA4523BC2E435D; hash of the stub code: EKey2 = 0xB034D2C654F32; E1Msg = … H(Prog) Secret=GetSecret(Challenge); Stub Segment Key1=Decrypt(EKey1, Secret); Key2=Decrypt(EKey2, Secret); CheckMAC(Key1, Key2, MAC); SHA-1 � Tampering of a program Msg = Decrypt(E1Msg, Key1); E2Msg = Encrypt(Msg, Key2); Output(E2Msg); results in a different hash Secret=GetSecret(Challenge); Key1=Decrypt(EKey1, Secret); Key2=Decrypt(EKey2, Secret); H(Prog) CheckMAC(Key1, Key2, MAC); – Stub code verifies the rest Msg = Decrypt(E1Msg, Key1); E2Msg = Encrypt(Msg, Key2); of the code and data Output(E2Msg); Protected Table • ‘ set_aegis_mode ’ – Start PTR mode on top of the TE mode G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  10. SCM: On-Chip Protection • Registers on interrupts Standard Processor SCM – SCM saves Regs on interrupts, and restore on Processor resume Core Interrupt SPID … Regs H(Prog) … Regs … Resume • On-chip caches … SPID Tags SPID Tags L1 L1 – Need to protect against Instruction Data cache cache software attacks – Use SPID tags and virtual memory address SPID Tags On-Chip L2 – Allow accesses from the Cache cache only if both SPID and the virtual address match Off-Chip Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  11. Memory Encryption Untrusted RAM Processor Program write ENCRYPT DECRYPT read Trusted State • Encrypt on an L2 cache block granularity – Use symmetric key algorithms with CBC mode – Randomize initial vectors G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  12. Integrity Verification Untrusted RAM Processor Program write Address 0x45 V ENCRYPT E E(124), R MAC(0x45, 124) I F DECRYPT Y read E(120), Trusted IGNORE MAC(0x45, 120) State Cannot simply MAC on writes and check the MAC on reads � Replay attacks Hash trees for integrity verification G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  13. Hash Trees Processor root = h(h 1 .h 2 ) VERIFY Logarithmic overhead h 1 =h(V 1 .V 2 ) h 2 =h(V 3 .V 4 ) for every cache miss VERIFY � Low performance L2 block � Cached hash trees Data Values V 1 V 2 V 3 V 4 MISS READ Untrusted Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  14. Cached Hash Trees (HPCA’03) Processor root = h(h 1 .h 2 ) VERIFY h 1 =h(V 1 .V 2 ) h 2 =h(V 3 .V 4 ) Cache hashes in L2 VERIFY In L2 VERIFY DONE!!! � L2 is trusted � Stop checking earlier � Less overhead In L2 V 1 V 2 V 3 V 4 MISS MISS Untrusted Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  15. Message Authentication • Processor � Other systems – The processor signs a message for a program � sign_msg M : {H(Prog), M} SKproc – Unique for each program because H(Prog) is always included • Other systems � Processor – Embed the user’s public key in a program – Incoming messages are signed with the user’s private key Program with P user {Message} Suser {H(Prog), Message} Sproc G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  16. Applications L C S

  17. Certified Execution • Execution certified by the secure processor – Dispatcher provides a program and data – Processor returns the results with the signature • Requires the TE environment � enter_aegis � Verify results � Execute - H(Prog) � Get results - signature Program, Data RESULT Processor’s Processor’s Private Key Public Key RESULT Job Dispatcher Secure Processor G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  18. Digital Rights Management • Protects digital contents from illegal copying – Trusted software (player) on untrusted host – Content provider only gives contents to the trusted player • Requires the PTR environment � Verify � Run Player - H(Player) - nonce - enter_aegis - signature - enter PTR Player Content Random nonce Signed nonce Processor’s Processor’s Public Key Private Key Content Provider Authenticated & Encrypted Secure Processor Channel (SSL) G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  19. Performance L C S

  20. Performance Implication: TE processing • Major performance degradation is from off-chip integrity checking – Start-up and context switches are infrequent – no performance overhead for on-chip tagging 1.2 256KB 1MB 4MB 1 Worst case 50% degradation Most cases < 25% degradation 0.8 Normalized IPC 0.6 0.4 0.2 L2 Caches with 64B blocks 0 gcc gzip mcf twolf vortex vpr applu art swim (a) 64B G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  21. Performance Implication: PTR processing • Major performance degradation is from off-chip integrity checking and encryption 1.2 256KB 1MB 4MB 1 0.8 Worst case 60% degradation Normalized IPC Most cases < 40% degradation 0.6 0.4 0.2 L2 Caches with 64B blocks 0 gcc gzip mcf twolf vortex vpr applu art swim G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iMinds DIAC 2016 AEGIS 1 AEGIS: A shield carried by Athena and Zeus DIAC 2016 AEGIS 2 Different Design

524 views • 18 slides
Science Achievements of the DEEP2 &amp; AEGIS surveys by Koo, Faber, and the DEEP &amp; AEGIS

Science Achievements of the DEEP2 &amp; AEGIS surveys by Koo, Faber, and the DEEP &amp; AEGIS

Science Achievements of the DEEP2 &amp; AEGIS surveys by Koo, Faber, and the DEEP &amp; AEGIS Teams Supported by CARA, UCO/Lick Observatory, the National Science Foundation, and NASA DEEP2 basics Officially finished: 53,000 spectra

505 views • 31 slides
AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz

AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz

AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz (NGI_AEGIS Technical Manager) Dusan Vudragovic (NGI_AEGIS Deputy Manager) SCL, Institute of Physics Belgrade EGI-InSPIRE SA1 Kickoff Meeting 1

506 views • 15 slides
AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting

AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting

AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting Angela Gligorova, Nicola Pacifico 23.08.2012, IFT, University of Bergen Outline Overview of the Aegis apparatus for the May-June 2012 run

738 views • 24 slides
The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN

The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN

The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN on behalf of the AEgIS collaboration LEAP 2013, 10/6/2013 AEgIS Collaboration University of Oslo and University CERN, Switzerland of Bergen,

1.35k views • 35 slides
GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI

GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI

GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI BRESCIA &amp; INFN PAVIA on behalf of the AEgIS collaboration TAUP 2017 - XV International Conference on Topics in Astroparticle and Underground

338 views • 15 slides
Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1

Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1

Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1 Blockwise Stream Ciphers 2 Presentation of AEGIS 3 Linear Biases in AEGIS 1/22 Blockwise Stream Ciphers 2/22 Authenticated Encryption Schemes C

1.07k views • 39 slides
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological University, Katholieke Universiteit Leuven Presented at DIAC 1 Classification of Authenticated Encryption AEGIS Design rationale

635 views • 19 slides
RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat

RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat

RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat Provincial Reconstruction Team Capt Rockie Wilson Civil Affairs CAT-E (Engineer) Team Leader, Qalat PRT Training - Mission 5-week Combat Skills

961 views • 29 slides
Philip Harrison, Khangelani Moyo &amp; Yan Yang Introduction Within the broad aegis of de

Philip Harrison, Khangelani Moyo &amp; Yan Yang Introduction Within the broad aegis of de

Strategy and Tactics: Chinese Immigrants and Diasporic Spaces in Johannesburg, South Africa Philip Harrison, Khangelani Moyo &amp; Yan Yang Introduction Within the broad aegis of de Certeaus work, we engage the historical and

935 views • 56 slides
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. ODonnell, Ishan Sachdev, and Srinivas Devadas Massachusetts Institute of Technology 1 New Security Challenges

356 views • 31 slides
AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018 Workshop on SecSoN Heedo Kang, Seungwon Shin, Vinod Yegneswaran*, Shalini Ghosh*, Phillip Porras* KAIST, SRI International* Contents 1. B Background

585 views • 29 slides
AEGI S AEGI S A European framework for task-sharing in PGR conservation Jan Engels AEGIS

AEGI S AEGI S A European framework for task-sharing in PGR conservation Jan Engels AEGIS

AEGI S AEGI S A European framework for task-sharing in PGR conservation Jan Engels AEGIS Coordinator SEEDNet workshop on PGR international policy and legislation 24-25 October, 2007 Banjaluka, Republika Srpska Content of presentation

246 views • 21 slides
MAURITIUS Your Strategic Partner The Economic Development Board , operates under the aegis of the

MAURITIUS Your Strategic Partner The Economic Development Board , operates under the aegis of the

MAURITIUS Your Strategic Partner The Economic Development Board , operates under the aegis of the Prime Ministers Office Strategic Economic Planning Trade &amp; Business Mandate Investment Facilitation Promotion Country Branding

224 views • 19 slides
Recent Highlights from the DEEP &amp; AEGIS Surveys David C. Koo &amp; DEEP Team UCO/Lick

Recent Highlights from the DEEP &amp; AEGIS Surveys David C. Koo &amp; DEEP Team UCO/Lick

Recent Highlights from the DEEP &amp; AEGIS Surveys David C. Koo &amp; DEEP Team UCO/Lick Observatory University of California, Santa Cruz 28 Aug 2007 A Century of Cosmology, Venice, Italy DEIMOS KECK Outline 1) Whats DEEP? Why useful

464 views • 25 slides
The Navy Modernization Program: Estimating the Cost of Upgrading AEGIS Guided Missile Cruisers

The Navy Modernization Program: Estimating the Cost of Upgrading AEGIS Guided Missile Cruisers

The Navy Modernization Program: Estimating the Cost of Upgrading AEGIS Guided Missile Cruisers Jeremy Goucher, Herren Associates Krystian Jenkins, Naval Surface Warfare Center 11 June 2015 1 Agenda Background Induction Phase

352 views • 18 slides
Characterization of Convex Objective Functions and Optimal Expected Convergence Rates of SGD

Characterization of Convex Objective Functions and Optimal Expected Convergence Rates of SGD

Characterization of Convex Objective Functions and Optimal Expected Convergence Rates of SGD Phuong Ha Nguyen 1 Marten van Dijk 1 , Lam M. Nguyen 2 and Dzung T. Phan 2 Marten Lam P. Ha Dzung 1. Secure Computation Laboratory, ECE, University

182 views • 16 slides
Language is not language processing Marten van Schijndel May 2020 Department of Linguistics,

Language is not language processing Marten van Schijndel May 2020 Department of Linguistics,

Language is not language processing Marten van Schijndel May 2020 Department of Linguistics, Cornell University van Schijndel May 2020 1 / 63 CL/NLP often aim to create models of language comprehension (NLI, parsing, information extraction,

990 views • 65 slides
Tourist photography in Ladakh, North India Alex Gillespie a.t.gillespie@lse.ac.uk Lost Horizon

Tourist photography in Ladakh, North India Alex Gillespie a.t.gillespie@lse.ac.uk Lost Horizon

LSE Literary Festival, 3 rd March 2012 Tourist photography in Ladakh, North India Alex Gillespie a.t.gillespie@lse.ac.uk Lost Horizon (1937) Seven Years in Tibet (1952) Seven Years in Tibet (1997) National Geographic (1978) Trekking in

525 views • 26 slides
Summer School 2020 Canterbury Whats a summer school? summer sciool noun [C] /sm

Summer School 2020 Canterbury Whats a summer school? summer sciool noun [C] /sm

Summer School 2020 Canterbury Whats a summer school? summer sciool noun [C] /sm skul/ 1. Classes taken during the summer that make it possible to 2. An academic excursion that allows you to move more quickly towards a

258 views • 13 slides
Who? Investigating the social entities in a corpus Max Kemman University of Luxembourg December

Who? Investigating the social entities in a corpus Max Kemman University of Luxembourg December

Who? Investigating the social entities in a corpus Max Kemman University of Luxembourg December 6, 2016 Doing Digital History: Introduction to Tools and Technology Where assignment How is the assignment going so far? Any questions about the

584 views • 35 slides
Grasp Moduli Spaces, Gaussian Processes, and Multimodal Sensor Data Florian T. Pokorny, Yasemin

Grasp Moduli Spaces, Gaussian Processes, and Multimodal Sensor Data Florian T. Pokorny, Yasemin

Grasp Moduli Spaces, Gaussian Processes, and Multimodal Sensor Data Florian T. Pokorny, Yasemin Bekiroglu, Johannes Exner, Marten Bjrkman, Danica Kragic Centre for Autonomous Systems KTH Royal Institute of Technology Stockholm, Sweden

652 views • 6 slides
SMART: a Light Field image quality dataset PRADIP PAUDYAL 1 , ROGER OLSSON 2 , MRTEN SJSTRM

SMART: a Light Field image quality dataset PRADIP PAUDYAL 1 , ROGER OLSSON 2 , MRTEN SJSTRM

SMART: a Light Field image quality dataset PRADIP PAUDYAL 1 , ROGER OLSSON 2 , MRTEN SJSTRM 2 , FEDERICA BATTISTI 1 , AND MARCO CARLI 1 1 UNIVER S ITY O F R O M A TR E, R O M E, ITALY 2 M ID S WED EN UNIVER S ITY, S UND S VALL, S WED EN

207 views • 16 slides
COVID-19 Response Webinar Thursday, April 30th, 2020 - 2:15 to 3:30 PM Welcome &amp;

COVID-19 Response Webinar Thursday, April 30th, 2020 - 2:15 to 3:30 PM Welcome &amp;

COVID-19 Response Webinar Thursday, April 30th, 2020 - 2:15 to 3:30 PM Welcome &amp; Introductions Our Agenda: - Overview of Resources &amp; WV Updates - How Delawares Philanthropic Partnerships are Planning for the Future - COVID-19 and

231 views • 8 slides

More recommend