Fi Fix x the the leak: k: Side de-Cha Channe nnel Protect - - PowerPoint PPT Presentation

Fi Fix x the the leak: k: Side de-Cha Channe nnel Protect ction for SGX using Data Lo Locatio ion Ran andomiz izatio ion

Alexandra Dmitrienko Julius-Maximilians-Universität Würzburg alexandra.dmitrienko@uni-wuerzburg.de

1

2019 CROSSING Summer School on Sustainable Security & Privacy

High-Tech Women: From Cybersecurity to Artificial Intelligence

MARCH 4, 2020

WhoamI?

• High-tech woman
• Was born and grown up in Russia
• BSc and MSc in Information Security
• from St. Petersburg State Polytechnic

University

• 10+ years in security research in large

research hubs in Europe

• Ruhr-University Bochum
• Center for Advanced Security Research

in Darmstadt (CASED)

• ETH Zurich
• Now, Professor at Uni Würzburg
• Secure Software Systems research group

2

Did you know?

March 4, 2020 3

It is generally hard to get professorship in Germany It is double as hard for a female in technical disciplines It is triple as hard for a foreigner

High-Tech Women: From Cybersecurity to Artificial Intelligence

Key Success Factors

March 4, 2020 4

Passion Luck Support Ambitions Hard Work Never giving up

High-Tech Women: From Cybersecurity to Artificial Intelligence

Last but not least: Keeping yourself motivated

March 4, 2020 5

High-Tech Women: From Cybersecurity to Artificial Intelligence

What are high-tech women capable of?

• Anything what women typically do…

March 4, 2020 6

High-Tech Women: From Cybersecurity to Artificial Intelligence

and beyond! anything that men typically do

March 4, 2020 7

Leaky Intel SGX

High-Tech Women: From Cybersecurity to Artificial Intelligence

Intel Software Guard eXtensions

Application Sensitive code Application OS RAM

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

8

Application Enclave Application OS RAM EPC

EPC: Enclave Page Cache

Intel Software Guard eXtensions

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

9

EPC: Enclave Page Cache

Application Application OS RAM

EPC: Enclave Page Cache

Enclave EPC

Intel Software Guard eXtensions

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

10

EPC: Enclave Page Cache

Application Application OS RAM

EPC: Enclave Page Cache

Enclave EPC

Intel Software Guard eXtensions

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

11

EPC: Enclave Page Cache

Application Application OS RAM

EPC: Enclave Page Cache

Enclave EPC

Intel Software Guard eXtensions

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

12

EPC: Enclave Page Cache

Application Application OS RAM Caches Paging Enclave EPC

Intel Software Guard Extensions

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

13

Application Application OS RAM Caches Paging Enclave EPC

Background: Intel Software Guard Extensions

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

14

Leaking Information through Side-Channels

March 4, 2020 15

System Entity 2 Entity 1 Victim Attacker Observe Utilize Observe

High-Tech Women: From Cybersecurity to Artificial Intelligence

Le Leakage t throu

• ugh P

Paging Si Side Ch Channel

March 4, 2020 16

[Xu et al., IEEE S&P’15]

Original Recovered Single-trace RSA key recovery from RSA key generation

procedure of Intel SGX SSL via controlled-channel attack on the binary Euclidean algorithm (BEA) [Weiser et al., AsiaCCS’18]

High-Tech Women: From Cybersecurity to Artificial Intelligence

Information Leakage through shared hashes

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

17

Core 0

Cache L1 Cache L2 Cache L3 CPU Logical Processor 2 (Enclave)

Core 1

Cache L1 Cache L2 Logical Processor 3 (App) Logical Processor 0 (App) Logical Processor 1 (Enclave) Branch Pred. Branch Pred.

Information Leakage through shared hashes

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

18

Core 0

Cache L1 Cache L2 Cache L3 CPU Logical Processor 2 (Enclave)

Core 1

Cache L1 Cache L2 Logical Processor 3 (App) Logical Processor 0 (App) Logical Processor 1 (Enclave)

[Moghimi et al., arXiv:1703.06986] Extract AES from key Attack requires enclave interruption (incurs detectable delays) [Götzfried et al., EuroSec’17] Extract AES key from synchronized victim enclave (no enclave interruption required) [Brasser et al., WOOT’17] Extract RSA key and genome data from synchronized victim

Branch Pred. Branch Pred.

[Schwarz et al., DIMVA’17 & arXiv:1702.08719] An attacker resides in another enclave, thus evading detection

Logical Processor 3 (Enclave)

[Lee et al., Usenix Sec’17] & [arXiv:1611.06952] Use CPU branch prediction caches to infer control flow of a victim

Side-Channel Mitigations: State-of-the-art

March 4, 2020 19

Side-channel resilient code Oblivious Execution Annotation-based protections Requires:

• High expertise
• Vast effort

Requires:

• High expertise
• Significant

effort

Extremely high

• verhead

(83x, up to 220×) [Obfuscuro, Ahmad et al., NDSS 2019]

High-Tech Women: From Cybersecurity to Artificial Intelligence

Our Recent Work: DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization

Joint work with Ferdinand Brasser1, Tommaso Frassetto1, Kari Kostiainen2, Srdjan Capkun2, Ahmad-Reza Sadeghi1

1TU Darmstadt, 2ETH Zurich

[ACSAC 2019]

The Big Picture

SGX RAM

Side channel leakage

DR.SGX

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

21

Features

compiler-based solution does not require any code annotations continuously (re-)randomizes memory locations at runtime balances between side-channel protection and performance

• verhead through a configurable parameter

March 4, 2020

High-Tech Women: From Cybersecurity to Artificial Intelligence

22

DR DR.SGX GX R Re-ra randomization

March 4, 2020 23

Initial layout Layout 1 Layout 2 A B C D E F G H F C G E D H A B G D B E H A F C Time Permutation π1 AES-NI Permutation π2 AES-NI Re-randomization window FFX Format-Preserving Encryption scheme with AES as a block cipher

High-Tech Women: From Cybersecurity to Artificial Intelligence

Performance Evaluation using Nbench

• Without runtime re-randomization (geometric mean about 4x)

March 4, 2020 24

High-Tech Women: From Cybersecurity to Artificial Intelligence

Overhead 0× 5× 10× 15× 20× 25× 30× N u m S

• r

t S t r i n g S

• r

t B i t

• p

s E m F l

• a

t F

• u

r i e r A s s i g n I D E A H u ff m a n N N E T L U G e

• M

e a n

Performance Evaluation using Nbench

• With different re-randomization windows (geometric mean up to 12x)

March 4, 2020 25

High-Tech Women: From Cybersecurity to Artificial Intelligence

Overhead 0× 5× 10× 15× 20× 25× 30× NumSort StringSort Bitops EmFloat Fourier Assign IDEA Huffman NNET LU Geo Mean No re-random. w = 10M w = 3M w = 1M w = 300K

Conclusion

• Leaky SGX
• Side-channel attacks are a major threat to Intel SGX
• Were deemed as ‘too difficult’ and were left out of the attacker model
• Research has shown it otherwise
• Dr.SGX
• provides a generic protection for Intel SGX enclaves
• configurable and developer-friendly
• much more efficient than ORAM

March 4, 2020 26

High-Tech Women: From Cybersecurity to Artificial Intelligence