exzess hardware based ram encryption against physical
play

Exzess: Hardware-based RAM Encryption against Physical Memory - PowerPoint PPT Presentation

May 20, 2023 •139 likes •441 views

Exzess: Hardware-based RAM Encryption against Physical Memory Disclosure Alexander Wrstlein Michael Gernoth Johannes Gtzfried Tilo Mller This work was partly supported by the German Research Foundation (DFG) as part of the Transregional

  1. Exzess: Hardware-based RAM Encryption against Physical Memory Disclosure Alexander Würstlein Michael Gernoth Johannes Götzfried Tilo Müller This work was partly supported by the German Research Foundation (DFG) as part of the Transregional Collaborative Research Centre “Invasive Computing” (SFB/TR 89). 2016-04-05

  2. The Problem

  3. The Problem: Cold Boot Attack ` ` ` ` ` ` `

  4. Physical Memory Disclosure remanence efgect 4 other sensitive data full-disk-encryption keys passwords in-use cryptographic keys (X.509, ssh) endangers: 3. contents copied 2. physically extracted 1. cooled down RAM modules for a few minutes DRAM contents readable after power-down ` ` `

  5. ! Solutions embedded-only cache cache 128 5 only for code signed & blessed by third party limited scope hardware-based attempts software-based attempts require extensive software changes incompatible: only apply to certain types of secrets (e.g. FDE keys) only protect one 128bit key limited: expensively encrypt everything disable caches slow: vendor

  6. Solutions software-based attempts cache cache 128 5 only for code signed & blessed by third party limited scope embedded-only hardware-based attempts require extensive software changes incompatible: only apply to certain types of secrets (e.g. FDE keys) only protect one 128bit key limited: expensively encrypt everything disable caches slow: vendor !

  7. Our Proposed Solution Goals work transparently multiple uses be fast hardened hardware Means 6 ⇒ memory as our interface ⇒ no painful size limitations ⇒ encrypt only important data ⇒ be tamper-proof & simple

  8. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  9. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  10. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  11. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  12. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  13. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  14. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  15. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  16. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  17. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  18. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  19. How? CPU MMU RAM read 0x4711 read 0x2311 data Exzess PCI Express read 0x4711 read 0x2311 read 0x9911 ebub decrypt(ebub)=data data 7

  20. The Exzess FPGA PCIe EP WishBone MRd MWr CplD CFG tx TXN rx TX RX FPGA app app intf TLP gen PCIe applications PCI Express Bus FPGA IP core PCI Endpoint PCIe protocol stack handles upper layers of TLP generator interface Wishbone to TLP application interface others possible AES in CTR mode XOR “encryption” 8

  21. The Exzess FPGA PCIe EP WishBone MRd MWr CplD CFG tx TXN rx TX RX FPGA app app intf TLP gen PCIe applications PCI Express Bus FPGA IP core PCI Endpoint PCIe protocol stack handles upper layers of TLP generator interface Wishbone to TLP application interface others possible AES in CTR mode XOR “encryption” 8

  22. The Exzess FPGA PCIe EP WishBone MRd MWr CplD CFG tx TXN rx TX RX FPGA app app intf TLP gen PCIe applications PCI Express Bus FPGA IP core PCI Endpoint PCIe protocol stack handles upper layers of TLP generator interface Wishbone to TLP application interface others possible AES in CTR mode XOR “encryption” 8

  23. Application View memory proxy CPU issues write to memory chipset redirects write to device device encrypts data device issues write to memory usage mmap the device memory read & write as usual Exzess will transparently ... encrypt decrypt use normal RAM as encrypted backend storage 9

  24. Application View backend storage 6 5 do_anything(p); 4 strcpy(p, "stuff"); 3 2 char *p = secure_malloc(6); 1 9 use normal RAM as encrypted memory proxy decrypt encrypt Exzess will transparently ... read & write as usual mmap the device memory usage device issues write to memory device encrypts data chipset redirects write to device CPU issues write to memory secure_free(p);

  25. Goals and Attacker Model data in physical RAM is encrypted even searching /dev/mem is futile only some data: non-secured applications without performance loss large encryptable area: almost your whole RAM RAM extraction useless: also extract & read key from Exzess improvements upon the prototype FPGA might have: debug ports, emanations, ... hardening and tamper-proofjng: think HSM (Hardware Security Module) 10

  26. Performance Measurements of Prototype XOR seq Measurements on FPGA Prototype, not cached, 4-byte packets read write s throughput 11 XOR rnd AES seq AES rnd 20 17 . 2 17 . 2 15 ] [ MB 10 8 . 6 8 . 6 5 1 . 1 1 . 1 1 . 1 1 . 1 0

  27. Performance Measurements of Prototype XOR seq Measurements on FPGA Prototype, not cached, 4-byte packets read write s throughput 11 XOR rnd AES seq AES rnd 20 17 . 2 17 . 2 15 ] [ MB 10 8 . 6 8 . 6 5 1 . 1 1 . 1 1 . 1 1 . 1 0

  28. Future Work integrate into LUKS, OpenSSL, SSH,... hardened hardware PCIe fjrewalling beyond encryption: memory proxy application for... debugging data integrity checking redundancy and healing 12

  29. Conclusion Exzess is a working prototype can solve cold-boot problem interesting concept, even beyond encryption encrypting memory proxy source code: https://www4.cs.fau.de/~arw/exzess/ 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware Yark n Dorz, Erdin

Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware Yark n Dorz, Erdin

Accelerating LTV Based Homomorphic Encryption in Reconfigurable Hardware Yark n Dorz, Erdin ztrk, Erkay Sava , Berk Sunar Worcester Polytechnic Institute 100 Institute Road, Worcester, MA, USA, 01609 1 Homomorphic Encryption

534 views • 24 slides
Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to

Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to

Mandos Disk encryption without passwords Teddy Hogeborn, Bjrn Phlsson 2020-01-29 When to use Mandos? 1. Physical/bare metal hardware? 2. More than just one physical machine? 3. Want to use full-disk encryption? You should use Mandos!

559 views • 11 slides
Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable

Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable

Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim Gneysu Towards One Cycle per Bit Asymmetric Encryption: Code-Based Cryptography on Reconfigurable Hardware Stefan Heyse, Tim

590 views • 22 slides
homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT

homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT

Accelerating lattice-based and homomorphic encryption with optimised hardware designs Dr Ciara Rafferty 15 January 2018 CSIT is a Research Centre of the ECIT Institute @CSIT_QUB Overview 1. Introduction 2. SAFEcrypto project overview 3.

1.18k views • 54 slides
Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint

. . . . . . Permutation-based encryption, authentication and authenticated encryption Permutation-based encryption, authentication and authenticated encryption Joan Daemen 1 Joint work with DIAC 2012, Stockholm, July 6 Guido Bertoni 1 ,

739 views • 49 slides
Computer Hardware Hardware components are the physical parts of the computer Main Hardware

Computer Hardware Hardware components are the physical parts of the computer Main Hardware

Computer Hardware Hardware components are the physical parts of the computer Main Hardware Components are: CPU Also known as processor. Brains of the computer Responsible for fetching instructions from memory and executing

1.6k views • 136 slides
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure

Introduction Specification for COFB Hardware Implementation Results of COFB-AES Conclusions References Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (NTT Secure Platform laboratories, Japan) Tetsu Iwata

470 views • 35 slides
Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian

Introduction Idealized Combined Feedback Construction : iCOFB Specification for COFB Hardware Implimentation Results of COFB Conclusion Blockcipher-based Authentcated Encryption: How Small Can We Go? Avik Chakraborti (Indian Statistical

457 views • 35 slides
Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is

Novel Hardware-based Attacks Jason Zheng Aditya Joshi Introduction Direct hardware hacking is as old as the trade of hacking Common Characteristics: Physical access (at least within transmission range of EM/Accoustic signals). Seemingly

252 views • 22 slides
Virtual and Physical Addresses Physical addresses are provided by the hardware: one physical

Virtual and Physical Addresses Physical addresses are provided by the hardware: one physical

D Memory Management Virtual and Physical Addresses Physical addresses are provided by the hardware: one physical address space per machine; valid addresses are usually between 0 and some machine- specific maximum; not all addresses

250 views • 22 slides
Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with Fast Software Encryption Conference 2017 1 Joan Daemen 1 , 2 Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 and Ronny Van Keer 1 1

855 views • 30 slides
Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication

Tools for Security Physical security Access control Encryption Authentication Encapsulation Intrusion detection Common sense Lecture 2 Page 1 CS 236 Online Physical Security Lock up your computer Actually,

465 views • 35 slides
CompSci 356: Computer Network Architectures Lecture 4: Hardware and physical links References:

CompSci 356: Computer Network Architectures Lecture 4: Hardware and physical links References:

CompSci 356: Computer Network Architectures Lecture 4: Hardware and physical links References: Chap 1.4, 1.5 of [PD] Xiaowei Yang xwy@cs.duke.edu Overview Application Programming Interface (cont.) Hardware and physical layer Nuts

775 views • 59 slides
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan

Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1 , Joan Daemen 1 , Michal Peeters 2 , and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract. While mainstream symmetric cryptography has

519 views • 12 slides
Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to

Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to

Attribute-based Encryption for NDNEx Haitao Zhang irl - UCLA Background - NDNEx NDNEx tries to transplat open mHealth to NDN network. The goal is to design a physical activity data ecosystem. Following is the data conceptual block diagram of

466 views • 19 slides
DP-GP-LVM A Bayesian Non-Parametric Model for Learning Multivariate Dependency Structures Andrew

DP-GP-LVM A Bayesian Non-Parametric Model for Learning Multivariate Dependency Structures Andrew

DP-GP-LVM A Bayesian Non-Parametric Model for Learning Multivariate Dependency Structures Andrew R. Lawrence 1 Carl Henrik Ek 2 Neill D. F. Campbell 1 1 University of Bath, UK 2 University of Bristol, UK Proceedings of the 36 th International

418 views • 20 slides
Tax seminar 15.03.2019 ItaT Italiani a Trondheim / Italienere i Trondheim Bjrn Naustan

Tax seminar 15.03.2019 ItaT Italiani a Trondheim / Italienere i Trondheim Bjrn Naustan

Tax seminar 15.03.2019 ItaT Italiani a Trondheim / Italienere i Trondheim Bjrn Naustan & Per M. R. Hanger, Norwegian Tax Administration / Skatteetaten 15.03.2019 Outline Taxation in Norway your obligations and rights

574 views • 20 slides
1 Research strongly supports the idea that three types three profiles of reading

1 Research strongly supports the idea that three types three profiles of reading

Webinar Tips Close any applications that use bandwidth or resources on your device To submit a question, click Questions in the webinar panel and type in your question To minimize the webinar panel, click the orange arrow in the

594 views • 11 slides
Flow variability in the vicinity of a busy intersection in Central London A. Balogun, A.S.

Flow variability in the vicinity of a busy intersection in Central London A. Balogun, A.S.

Flow variability in the vicinity of a busy intersection in Central London A. Balogun, A.S. Tomlin, C. R. Wood, J. Barlow, S. Belcher, R. Smalley, J. Lingard, S. Arnold, A. Dobre, A. Robins, D. Martin and D. Shallcross Universities of Leeds,

276 views • 23 slides
SciBooNE Experiment Hide-Kazu TANAKA Columbia University / MIT Rencontres de Moriond EW, March

SciBooNE Experiment Hide-Kazu TANAKA Columbia University / MIT Rencontres de Moriond EW, March

SciBooNE Experiment Hide-Kazu TANAKA Columbia University / MIT Rencontres de Moriond EW, March 13, 2009 Outline SciBooNE experiment First results from SciBooNE Coherent production measurement Published in Phys. Rev.

682 views • 47 slides
Nick Shelness Nick Shelness Independent Technology Consultant 2 Independent Technology

Nick Shelness Nick Shelness Independent Technology Consultant 2 Independent Technology

Who The Hell Am I? Technology/ Device/ Product/ Solution 1970-1980 Lecturer in CS Dept - Edinburgh Operating Systems, Compilers, Communications 1980-1984 BNOC -> Britoil - Glasgow Understanding the Infrastructure architect

668 views • 8 slides
DMP Online and DMPTool: Different strategies towards a shared goal Martin Donnelly Andrew

DMP Online and DMPTool: Different strategies towards a shared goal Martin Donnelly Andrew

DMP Online and DMPTool: Different strategies towards a shared goal Martin Donnelly Andrew Sallans University of Edinburgh University of Virginia martin.donnelly@ed.ac.uk als9q@virginia.edu @mkdDCC @asallans International Digital Curation

538 views • 14 slides
Signal Processing with Side Information A Geometric Approach via Sparsity Joo F. C. Mota

Signal Processing with Side Information A Geometric Approach via Sparsity Joo F. C. Mota

Signal Processing with Side Information A Geometric Approach via Sparsity Joo F. C. Mota Heriot-Watt University, Edinburgh, UK Side Information prior information Signal processing tasks Denoising multi-modal Reconstruction Demixing

361 views • 23 slides

More recommend