covert and side channel attacks and defenses
play

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 - PowerPoint PPT Presentation

Nov 29, 2022 •165 likes •562 views

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

  1. Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

  2. Reminder • Lab assignment will be released 09/21 Monday • Recommend to read ”Cache missing for fun and profit.” (2005). • Check out the presentation schedule on course website • 7 slots empty, volunteer or invited speaker or Mengjia/Miles 6.888 L4-Covert and Side Channels 2

  3. Resources • Side channel tutorial website • https://sites.google.com/view/arch-sec/home • External resources • Mastik, a toolkit for uarch side channels: https://cs.adelaide.edu.au/~yval/Mastik/ • Survey on microarchitectural timing attacks: https://eprint.iacr.org/2016/613.pdf • Survey on transient execution attacks: https://arxiv.org/abs/1811.05441 6.888 L4-Covert and Side Channels 3

  4. What is Covert and Side Channel? Covert channel: • Intended communication between two or more security parties Side channel: • Unintended communication between two or more security parties In both cases: • Communication should not be possible, following system semantics • The communication medium is not designed to be a communication channel Covert channel can show “best case” leakage 6.888 L4-Covert and Side Channels 4

  5. Scope CIA: Confidentiality, Integrity, Availability Confidentiality/Privacy Side/covert channels Confidentiality: was data being computed upon not revealed to an un-permitted party? Microarchitectural channels Integrity: was the computation performed correctly, returning the correct result? Availability: did the computational resource carry out the task at all? 6.888 L4-Covert and Side Channels 5

  6. Side Channels Are Almost Everywhere

  7. Daily Life Examples • Acoustic side channels • Monitor keystrokes • You only need: a cheap microphone + an ML model • Network traffic contention side channel • If you want to be an active attacker, try stress test 6.888 L4-Covert and Side Channels 7

  8. “Hear” The Screen frequency time Sound Spectogram Genkin et. al. Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels. S&P’19 6.888 L4-Covert and Side Channels 8

  9. “Hear” The Screen (A) is the LCD panel, (B) is the screen’s digital logic and image rendering board and, (C) is the screen’s power supply board. 6.888 L4-Covert and Side Channels 9

  10. Network Side Channels • Website Fingerprinting • Response dependent: • iSideWith.com • Real-time feedback: • Google Search auto-complete Lescisin et. al. Tools for Active and Passive Network Side-Channel Detection for Web Applications. WOOT’18 Cai et. al. Touching from a distance: Website fingerprinting attacks and defenses. CCS’12. 6.888 L4-Covert and Side Channels 10

  11. Physical v.s. Timing v.s. uArch Channel • What can the adversary observe? Microarchitectural Timing channels Physical channels channels Microarch events (e.g., timing, perf. Power, EM, counters, etc.) sound, etc. Processor Processor Processor Response Victim time Victim Victim Attacker Attacker requires measurement Attacker may be remote (e.g., Attacker may be remote, equipment à physical access over an internet connection) or be co-located 6.888 L4-Covert and Side Channels 11

  12. Power Analysis from https://en.wikipedia.org/wiki/Power_analysis 6.888 L4-Covert and Side Channels 12

  13. Victim Application: RSA • Square-and-multiply based exponentiation Input : base b , modulo m , exponent e = ( e n −1 ... e 0 ) 2 Output : b e mod m r = 1 for i = n −1 down to 0 do r = sqr ( r ) r = mod ( r , m ) if e i == 1 then r = mul ( r , b ) r = mod ( r , m ) end end return r 6.888 L4-Covert and Side Channels 13

  14. Power Analysis • Various signal processing techniques to de-noise. • More advanced: differential power analysis (DPA) 6.888 L4-Covert and Side Channels 14

  15. Benign Usage: Non-intrusive Software Monitoring • How to efficiently monitor application for anomaly detection? Sehatbakhsh et al. Spectral Profiling: Observer-Effect-Free Profiling by Monitoring EM Emanations. MICRO’16 6.888 L4-Covert and Side Channels 15

  16. What can you do with these channels? • Violate privilege boundaries • Inter-process communication • Infer an application’s secret • (Semi-Invasive) application profiling Different from traditional software or physical attacks: • Stealthy. Sophisticated mechanisms needed to detect channel • Usually no permanent indication one has been exploited 6.888 L4-Covert and Side Channels 16

  17. uArch Side Channels

  18. Recap: Process Isolation Process 1 Physical Address Space Page Table per process (limited by DRAM size) VA 4KB PA 4KB Process 2 4KB 4KB How to communicate across processes? Virtual Address Space (Programmer's View) 6.888 L4-Covert and Side Channels 18

  19. Normal Cross-process Communication include <socket.h> How to communication void send(bit msg) { without letting OS know? socket.send(msg); } --> Use HW contention bit recv() { return socket.recv(msg); } 6.888 L4-Covert and Side Channels 19

  20. Covert Channels 101: Through the Page Fault DRAM (limited size) 4KB Process 1 Process 2 (Sender) (Receiver) 4KB if ( send ‘1’ ) t1 = rdtsc() if (t2 – t1 > THRESH) accesses many pages Accesses many pages read ‘1’ else t2 = rdtsc() else idle read ‘0’ 6.888 L4-Covert and Side Channels 20

  21. Another Example of Using Caches Cache: # ways Process 1 Process 2 # sets (Sender) (Receiver) if ( send ‘1’ ) if (t2 – t1 > THRESH) t1 = rdtsc() Fill up the cache read ‘1’ Fill up the cache else else t2 = rdtsc() idle read ‘0’ 6.888 L4-Covert and Side Channels 21

  22. Faster Communication Cache: # ways Process 1 Process 2 # sets (Sender) (Receiver) if ( send ‘1’ ) if (t2 – t1 > THRESH) t1 = rdtsc() Fill set i read ‘1’ Fill set i else else t2 = rdtsc() idle read ‘0’ 6.888 L4-Covert and Side Channels 22

  23. Generalizes to Channels Beyond Caches Hardware Sender Receiver resource if ( send ‘1’ ) t1 = rdtsc() if (t2 – t1 > THRESH) Use resource Use resource read ‘1’ else t2 = rdtsc() else idle read ‘0’ 6.888 L4-Covert and Side Channels 23

  24. HW Resource Contention Processor Chip (socket) Processor Chip (socket) core core core core … … L1/L2 L1/L2 L1/L2 L1/L2 LLC LLC System Bus (logically) Non-volatile Memory (DRAM) other I/O Devices storage device 6.888 L4-Covert and Side Channels 24

  25. The Memory Hierarchy • L1, L2 Processor Chip (socket) Processor Chip (socket) • Shared by threads on the same core core core core core • LLC: … … L1/L2 L1/L2 L1/L2 L1/L2 • Shared by threads on different cores • Directory: LLC LLC • Shared by threads on different sockets • DRAM row buffer: • Shared by ….. Memory (DRAM) Cache is a popular attack target. Why? 6.888 L4-Covert and Side Channels 25

  26. Protocol 101: Prime+Probe in the Cache Sender Receiver # ways Cache Set Shared Cache 6.888 L4-Covert and Side Channels 26

  27. Prime+Probe Sender line Sender Receiver Receiver line # ways Time Cache Set Prime Shared Cache 6.888 L4-Covert and Side Channels 27

  28. Prime+Probe – Send “1” Sender line Sender Receiver Receiver line # ways Access Time Cache Set Prime Wait Shared Cache 6.888 L4-Covert and Side Channels 28

  29. Prime+Probe – Receive “1” Sender line Sender Receiver Receiver line # ways Access Time Cache Set Probe Prime Wait Shared Cache Receive “1” = 16 accesses à 1 miss 6.888 L4-Covert and Side Channels 29

  30. Prime+Probe – Send “0” Sender line Sender Receiver Receiver line # ways NO Time Access Cache Set Prime Wait Shared Cache 6.888 L4-Covert and Side Channels 30

  31. Prime+Probe – Receive “0” Sender line Sender Receiver Receiver line # ways NO Time Access Cache Set Probe Prime Wait Shared Cache Receive “0” = 16 accesses à 0 miss 6.888 L4-Covert and Side Channels 31

  32. A Complete Protocol -- Synchronization Sample window length Sender Probe Probe Prime Wait Prime Wait Receiver Receiver Question: how to distinguish between noise • Window size agreed on by sender and receiver and actual transmission? • Each window transmits some bits • Sender & receiver need to perform an window alignment at the start 6.888 L4-Covert and Side Channels 32

  33. Bandwidth Error-free bitrate of send() à recv() send(msg) recv() Channel Depends on what hardware structure is used to build the channel. • RDRAND unit: 7-200 Kbps [EP’16] • Ld/st performance counters: ~75-150 Kbps [HKRVDT‘15] • MemBus/AES-NI contention: ~550-650 Kbps [HKRVDT‘15] • LLC: 1.2 Mbps [MNHF’15] • Various structures on GPGPU: up to 4 Mbps [NKG’17] 6.888 L4-Covert and Side Channels 33

  34. From Covert à Side Channels Hardware Victim Attacker resource Side channel: Covert channel: t1 = rdtsc() if (t2 – t1 > THRESH) if ( secret ) Use resource read ‘1’ if ( send ‘1’ ) Use resource t2 = rdtsc() else Use resource else read ‘0’ else idle idle 6.888 L4-Covert and Side Channels 34

  35. uArch Side Channels Spectre/ Meltdown Non-transient + Any structure Transient + Cache e.g, Foreshadow Transient + Any structure e.g., RamBleed, RIDDLE Micro-architecture Side Channels 6.888 L4-Covert and Side Channels 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

1.03k views • 66 slides
Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science &amp; Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

154 views • 14 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides
On-off Control: Audio Applications Graham C. Goodwin Day 4: Lecture 3 16th September 2004

On-off Control: Audio Applications Graham C. Goodwin Day 4: Lecture 3 16th September 2004

On-off Control: Audio Applications Graham C. Goodwin Day 4: Lecture 3 16th September 2004 International Summer School Grenoble, France Centre for Complex Dynamic Systems and Control 1 Background In this lecture we address the issue of

632 views • 51 slides
6.003: Signals and Systems Signals and Systems September 8, 2011 1 6.003: Signals and Systems

6.003: Signals and Systems Signals and Systems September 8, 2011 1 6.003: Signals and Systems

6.003: Signals and Systems Signals and Systems September 8, 2011 1 6.003: Signals and Systems Todays handouts: Single package containing Slides for Lecture 1 Subject Information &amp; Calendar Lecturer: Denny Freeman Instructors: Elfar

508 views • 37 slides
Resonance Control of Cavities Jeremiah Holzbauer PIP-II Machine Advisory Committee 10 April 2017

Resonance Control of Cavities Jeremiah Holzbauer PIP-II Machine Advisory Committee 10 April 2017

Resonance Control of Cavities Jeremiah Holzbauer PIP-II Machine Advisory Committee 10 April 2017 Resonance Control Group Relevant Group Publications (Inspirehep.net) Group Members: 1) Investigation of Thermal Acoustic Effects on SRF

486 views • 23 slides
Where do the improvements come from in sequence-to-sequence neural TTS? Oliver Watts Gustav

Where do the improvements come from in sequence-to-sequence neural TTS? Oliver Watts Gustav

Where do the improvements come from in sequence-to-sequence neural TTS? Oliver Watts Gustav Eje Henter Jason Fong Cassia Valentini-Botinhao Input feature Text TEXT extraction analysis com- Input layer Hidden layers Output layer

795 views • 48 slides
DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech

DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech

A Key Management Scheme for DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech DIAC-2013 This research was supported in part by the VT-MENA program of Egypt, and by NSF grant no. 1115839. Leakage-Resilient

636 views • 48 slides
Hybrid/Tandem models + TDNNs + Intro to RNNs Lecture 8 CS 753 Instructor: Preethi Jyothi

Hybrid/Tandem models + TDNNs + Intro to RNNs Lecture 8 CS 753 Instructor: Preethi Jyothi

Hybrid/Tandem models + TDNNs + Intro to RNNs Lecture 8 CS 753 Instructor: Preethi Jyothi Feedback from in-class quiz 2 (on FSTs) Common mistakes Forgetting to consider subset of input alphabet Not careful about only accepting

557 views • 23 slides
Lecture 11 Waves and Interference The Final Piece of Classical Physics: Announcements Waves L

Lecture 11 Waves and Interference The Final Piece of Classical Physics: Announcements Waves L

Lecture 11 Waves and Interference The Final Piece of Classical Physics: Announcements Waves L i Today: Waves and Light g h t Final part of Classical Mechanics Many Kinds of Waves - light, sound, strings, ... Ether?

186 views • 4 slides
MAS.S61: Emerging Wireless &amp; Mobile Technologies aka The Extreme IoT Class Lecture 3:

MAS.S61: Emerging Wireless &amp; Mobile Technologies aka The Extreme IoT Class Lecture 3:

MAS.S61: Emerging Wireless &amp; Mobile Technologies aka The Extreme IoT Class Lecture 3: Fundamentals of Wireless Sensing &amp; Localization (Cont) Fundamentals of Communications &amp; Connectivity Lecturers Fadel Adib (fadel@mit.edu)

834 views • 80 slides

More recommend