PDF Editor
PDF Converter
Image Converter
Video Converter
Audio Converter
File Compressor
from trust anchors to melt ltdown of f trust

From Trust Anchors to Melt ltdown of f Trust Ahmad-Reza Sadeghi - PowerPoint PPT Presentation

Aug 27, 2023 •167 likes •1.95k views

Hardware-assisted Security: : From Trust Anchors to Melt ltdown of f Trust Ahmad-Reza Sadeghi Technische Universitt Darmstadt & Intel Collaborative Research Institute for Collaborative & Resilient Autonomous Systems His istorical

  1. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES ’14 ] Upper path delay 𝑋 𝑣 Challenge 𝒅 𝟏 𝒅 𝟐 𝒅 𝟑 𝒅 𝟒 𝒅 𝟓 𝒅 𝟔 𝒅 𝟕 𝒅 𝟖 Response 0 Impulse 1 Switch Arbiter Lower path delay 𝑋 𝑚 C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 𝑿 𝒗 𝑿 𝒎

  2. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES ’14 ] Upper path delay 𝑋 𝑣 Challenge 0 0 0 0 0 0 0 0 Response 0 Impulse 1 Switch Arbiter Lower path delay 𝑋 𝑚 C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 𝒘 𝟐 𝑿 𝒗 𝒗 𝟐 𝑿 𝒎

  3. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES ’14 ] Upper path delay 𝑋 𝑣 Challenge 1 0 0 0 0 0 0 0 Response 0 Impulse 1 Switch Arbiter Lower path delay 𝑋 𝑚 C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 𝒘 𝟐 𝒘 𝟑 𝑿 𝒗 𝒗 𝟐 𝒗 𝟑 𝑿 𝒎

  4. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES ’14 ] Upper path delay 𝑋 𝑣 Challenge 𝒅 𝟏 𝒅 𝟐 𝒅 𝟑 𝒅 𝟒 𝒅 𝟓 𝒅 𝟔 𝒅 𝟕 𝒅 𝟖 Response 0 Impulse 1 Switch Arbiter Lower path delay 𝑋 𝑚 C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 𝒘 𝟐 𝒘 𝟑 𝑿 𝒗 𝒗 𝟐 𝒗 𝟑 𝑿 𝒎

  5. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES ’14 ] Characterize each switch box in the Arbiter PUF by calculating Upper path delay 𝑋 the delay differences for upper and lower paths 𝑣 Challenge 𝒅 𝟏 𝒅 𝟐 𝒅 𝟑 𝒅 𝟒 𝒅 𝟓 𝒅 𝟔 𝒅 𝟕 𝒅 𝟖 Response 0 Impulse 1 Switch Arbiter Lower path delay 𝑋 𝑚 C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 𝒘 𝟐 𝒘 𝟑 𝑿 𝒗 𝒗 𝟐 𝒗 𝟑 𝑿 𝒎

  6. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES ’14 ] Characterize each switch box in the Arbiter PUF by calculating Upper path delay 𝑋 the delay differences for upper and lower paths 𝑣 Challenge 𝒅 𝟏 𝒅 𝟐 𝒅 𝟑 𝒅 𝟒 𝒅 𝟓 𝒅 𝟔 𝒅 𝟕 𝒅 𝟖 Response 0 Impulse 1 Switch Arbiter Lower path delay 𝑋 𝑚 C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 𝒘 𝟐 𝒘 𝟑 𝑿 𝒗 𝒗 𝟐 𝒗 𝟑 𝑿 𝒎

  7. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES ’14 ] Characterize each switch box in the Arbiter PUF by calculating Upper path delay 𝑋 the delay differences for upper and lower paths 𝑣 Challenge 𝒅 𝟏 𝒅 𝟐 𝒅 𝟑 𝒅 𝟒 𝒅 𝟓 𝒅 𝟔 𝒅 𝟕 𝒅 𝟖 𝒗𝟏 − 𝒙 𝟏 𝒗𝟏 𝒘 𝟐 − 𝒘 𝟑 = 𝒙 𝟐 Response 0 Impulse 1 Switch Arbiter Lower path delay 𝑋 𝑚 C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 𝒘 𝟐 𝒘 𝟑 𝑿 𝒗 𝒗 𝟐 𝒗 𝟑 𝑿 𝒎

  8. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES ’14 ] Characterize each switch box in the Arbiter PUF by calculating Upper path delay 𝑋 the delay differences for upper and lower paths 𝑣 Challenge 𝒅 𝟏 𝒅 𝟐 𝒅 𝟑 𝒅 𝟒 𝒅 𝟓 𝒅 𝟔 𝒅 𝟕 𝒅 𝟖 𝒗𝟏 − 𝒙 𝟏 𝒗𝟏 𝒘 𝟐 − 𝒘 𝟑 = 𝒙 𝟐 Response 0 Impulse 1 𝑚0 − 𝑥 0 𝑚0 𝒗 𝟐 − 𝒗 𝟑 = 𝑥 1 Switch Arbiter Lower path delay 𝑋 𝑚 C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 𝒘 𝟐 𝒘 𝟑 𝑿 𝒗 𝒗 𝟐 𝒗 𝟑 𝑿 𝒎

  9. Beyond CMOS-based PUFs CMOS-based PUFs exhibit linear behavior => vulnerable to machine learning One Solution: Add components with non-linear behavior to complicate/escape machine learning attacks, e.g., Memristors

  10. ∞ Memris istors • A resistor that changes it resistance as voltage is applied • Applications: • Oscillators Current • Learners (Neural Networks) • Memories • PUFs! • The top (bottom) figure shows Current-Voltage charcteristics of a memristor (resistor) Voltage Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  11. CMOS-based APUF vs. . Memris istor-based APUF Challenge 𝒅 𝟏 𝒅 𝟐 𝒅 𝟑 𝒅 𝟒 𝒅 𝟓 𝒅 𝟔 𝒅 𝟕 𝒅 𝟖 Response 0 Impulse 1 Arbiter Challenge 𝒅 𝟏 𝒅 𝟐 𝒅 𝟑 𝒅 𝟒 𝒅 𝟓 𝒅 𝟔 𝒅 𝟕 𝒅 𝟖 ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ Response 0 Impulse ∞ ∞ ∞ ∞ ∞ ∞ ∞ ∞ 1 Arbiter Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  12. CMOS-based APUF vs. . Memris istor-based APUF CMOS-based Arbiter PUF: Voltage at the upper path Memristor-based Arbiter PUF: Voltage at the upper path Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  13. Conclu lusio ion • Many PUF designs, no unified security model • Several successful attacks • Non-destructive physical attacks • Modeling attacks • Designing secure PUFs is challenging? • What are the costs? • PUFs based on advanced memory technologies • E.g., Memristors

  14. Our Current Work: Framework for Evaluation of f Memristor-based PUFs

  15. Framework for Evaluation of f Memristor-based PUFs Memristor model Advanced Machine Spice PUF Secure/Insecure Challenge- Learning PUF Description circuit CRPs PUF PUF Circuit Response Generation Pairs Generation Analysis of PUF properties: Reproducibility, uniqueness, etc

  16. In Integrated Securit ity Devic ices: The TPM Promise Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  17. Tru rusted Computing • Authenticated Boot and Attestation App 1 App 2 App 3 App 4 Software Stack Operating System Hardware Peripherals CPU Memory I/O TPM Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  18. Tru rusted Computing • Authenticated Boot and Attestation App 1 App 1 App 2 App 2 App 3 App 3 App 4 App 4 Software Stack Operating System Operating System Hardware Peripherals CPU Memory I/O TPM Example: IBM Integrity Measurement Architecture (IMA) Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  19. Tru rusted Computing • Authenticated Boot and Attestation App 1 App 2 App 3 App 4 Software Stack Operating System Runtime attacks (e.g., Code-reuse Attacks) Hardware Peripherals CPU Memory I/O TPM Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  20. Summary ry: : TPM-based Tru rusted Computing TPM assumptions and shortcomings • Binary hashes express trustworthiness of code • Runtime attacks (e.g., code reuse) undermine this assumption • Unforgeability of measurements • TPM 1.2 uses deprecated SHA1 • Protection against software attacks only • Hardware attacks on TPM Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  21. Our Current Work: Control-Flow Attestation Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  22. Ongoing Work rk: : Towards Run-time Attestation • Control Flow Attestation [Davi et al, CCS 2016 & DAC 2017] Prover Verifier Challenge Memory App A Online: Offline: Control-Flow Graph (CFG) Runtime Analysis & Path Measurement Validation Processor LP 1 Attestation Engine P* x P* 2 Controller Hash Measurement Database P 1 P 2 Resilient to memory attacks Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  23. Trusted Executio ion Envir ironment (TEE) Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  24. ARM Tru rustZone Assumptions: • Apps in Secure World are trustworthy • Normal World cannot influence Secure World App 1 App 2 App 3 App 4 Software Stack Operating System Hardware Peripherals CPU Memory I/O IMEI: International Mobile Equipment Identifier Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  25. • Subsidy Lock Android ARM Tru rustZone • • IMEI Protection Full-Disk Encryption (FDE) • Samsung KNOX Assumptions: iOS • Secure-I/O, Attestation • Device Encryption • • Apps in Secure World are trustworthy Real-time Kernel • Touch ID, Apple Pay Protection (TIMA) • Normal World cannot influence Secure World Secure World DRM • Netflix • App 1 App 2 App 3 Trustlet Trustlet Trustlet Spotify • Widevine 1 2 3 Software Stack Operating System Operating System Hardware Peripherals CPU Memory I/O IMEI: International Mobile Equipment Identifier Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  26. ARM Tru rustZone Assumptions: • Apps in Secure World are trustworthy • Normal World cannot influence Secure World Secure World App 1 App 2 App 3 Trustlet Trustlet Trustlet 1 2 3 Software Stack Operating System Operating System Hardware Peripherals CPU Memory I/O IMEI: International Mobile Equipment Identifier Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  27. ARM Tru rustZone Assumptions: • Apps in Secure World are trustworthy • Normal World cannot influence Secure World Secure World App 1 App 2 App 3 Trustlet Trustlet Trustlet Trustlet Trustlet Trustlet 1 1 2 2 3 3 Software Stack • Reflections on trusting TrustZone Operating System Operating System Operating System [Dan Rosenberg, BlackHat US, 2014] • Attacking your Trusted Core [Di Shen, BlackHat US, 2015] • Hardware Peripherals CPU Memory I/O Breaking Android Full Disc Encryption [laginimaineb from Project Zero, 2016] IMEI: International Mobile Equipment Identifier Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  28. Summary ry: : ARM Tru rustZone • ARM TrustZone – Outdated? • Deployed for almost two decades • Trusted computing for vendors and friends only • No access for app developer • Many attacks have been shown over the last years • On the positive side • Secure I/O Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  29. Our Current Work: “Arbitrary” Number of TEEs in Normal World on ARM TZ Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  30. Intel Software Guard Extensions (SGX) App 1 App 2 App 3 App 4 Enclave 1 Enclave 2 Enclave 3 Enclave 4 Software Stack Operating System Hardware Peripherals CPU Memory I/O Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  31. Intel Software Guard Extensions (SGX) App 1 App 2 App 3 App 4 Enclave 1 Enclave 2 Enclave 3 Enclave 4 Software Stack Operating System Hardware Peripherals CPU Memory I/O Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  32. SGX (A (Adversary ry) Model Host Enclave Application N Application Attacker Operating System NIC CPU MMU DRAM Isolation NIC: Network Interface Controller Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 MMU: Memory Management Unit

  33. SGX (A (Adversary ry) Model Host Host Enclave Application N Application Application Attacker Application N Operating System Operating System NIC NIC CPU MMU DRAM DRAM Isolation NIC: Network Interface Controller Summer School on real-world crypto and privacy, Šibenik (Croatia), June 11 – 15, 2018 MMU: Memory Management Unit

  34. Run-time Attacks Inside the Enclave

  35. SGX SDK and The Guard’s Dilemma App Enclave Source Function 0 Function 1 Function 2 Function 3 Compiler Trusted Runtime System (tRTS) Untrusted Runtime System (uRTS) App-to-Enclave SGX function call SDK (ECALL) App Code [Biondo et al., USENIX Sec. 2018] Summer School on real-world crypto and privacy, Šibenik (Croatia), June 11 – 15, 2018

  36. SGX SDK and The Guard’s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  37. SGX SDK and The Guard’s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) Restore State [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  38. SGX SDK and The Guard’s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) Restore State [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  39. SGX SDK and The Guard’s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) Counterfeit Restore State state [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  40. SGX SDK and The Guard’s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) Counterfeit Restore State state [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  41. Leakage in Intel’s SGX Summer School on real-world crypto and privacy, Šibenik (Croatia), June 11 – 15, 2018

  42. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Enclave 1 Enclave 2 App 1 App 2 App 3 OS CPU RAM EPC EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 PF: Page-Fault

  43. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Enclave 1 Enclave 2 App 1 App 2 App 3 OS PT PT CPU RAM EPC EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 PF: Page-Fault

  44. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Enclave 1 Enclave 2 App 1 App 2 App 3 OS PF Handler PT PT IRQ CPU RAM EPC EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 PF: Page-Fault

  45. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Original Recovered Enclave 1 Enclave 2 App 1 App 2 App 3 OS PF Handler PT PT IRQ CPU RAM EPC [Xu et al., IEEE S&P’15] EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 PF: Page-Fault

  46. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Original Recovered Enclave 1 Enclave 2 App 1 App 2 App 3 Single-trace RSA key recovery from RSA key generation OS PF Handler PT PT procedure of Intel SGX SSL via controlled-channel attack on the binary Euclidean algorithm (BEA) IRQ CPU [ Weiser et al., AsiaCCS’18] RAM EPC [Xu et al., IEEE S&P’15] EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 PF: Page-Fault

  47. Cache Attacks on SGX: : Hack in in The Box Enclave 1 Enclave 2 App 1 App 2 App 3 CPU Cache RAM EPC Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 EPC: Enclave Page Cache

  48. Cache Attacks on SGX: : Hack in in The Box Enclave 1 Enclave 2 App 1 App 2 App 3 CPU Cache RAM EPC Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 EPC: Enclave Page Cache

  49. Cache Attacks on SGX: : Hack in in The Box Enclave 1 Enclave 2 App 1 App 2 App 3 observe uses CPU Cache RAM EPC Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 EPC: Enclave Page Cache

  50. Sid ide-Channel l Attacks Basic ics: Prim ime + Probe Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  51. Cache-based Sid ide-Channel l Attacks Prim ime + Probe Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  52. Cache-based Sid ide-Channel l Attacks Prim ime + Probe Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  53. Cache-based Sid ide-Channel l Attacks Prim ime + Probe Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  54. Cache-based Sid ide-Channel l Attacks Prim ime + Probe Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  55. Cache-based Sid ide-Channel l Attacks cache line 2 Prim ime + Probe was used by victim Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  56. Sid ide-Channel Attacker Challe lenge: Nois ise • “Classical” scenario: unprivileged attacker • OS* is not collaborating with the attacker • OS can directly access process memory containing the victim’s secret • System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  57. Sid ide-Channel Attacker Challe lenge: Nois ise • “Classical” scenario: unprivileged attacker • OS* is not collaborating with the attacker • OS can directly access process memory containing the victim’s secret • System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  58. Sid ide-Channel Attacker Challe lenge: Nois ise • “Classical” scenario: unprivileged attacker • OS* is not collaborating with the attacker • OS can directly access process memory containing the victim’s secret • System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  59. Sid ide-Channel Attacker Challe lenge: Nois ise • “Classical” scenario: unprivileged attacker • OS* is not collaborating with the attacker • OS can directly access process memory containing the victim’s secret • System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  60. Sid ide-Channel Attacker Challe lenge: Nois ise • “Classical” scenario: unprivileged attacker • OS* is not collaborating with the attacker • OS can directly access process memory containing the victim’s secret • System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  61. Sid ide-Channel Attacker Challe lenge: Nois ise • “Classical” scenario: unprivileged attacker • OS* is not collaborating with the attacker • OS can directly access process memory containing the victim’s secret • System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) cl0 and cl2 were used… Probe Prime Other Process Victim … by the cl 0 cl 0 cl 0 cl 0 cl 0 victim? cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  62. Cache Attacks on SGX Enclave 1 Enclave 2 App 2 App 3 OS SMT SMT CPU Core Level 1 Branch Pred. Level 2 CPU Level 3 RAM EPC EPC: Enclave Page Cache Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 SMT: Simultaneous Multithreading

  63. Cache Attacks on SGX Enclave 1 Enclave 2 App 2 App 3 OS SMT SMT CPU Core Level 1 Branch Pred. Level 2 CPU Level 3 RAM EPC EPC: Enclave Page Cache Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 SMT: Simultaneous Multithreading

  64. Cache Attacks on SGX Enclave 1 Enclave 2 App 2 App 3 Use CPU internal caches to infer OS control flow SMT SMT [Lee et al., Usenix Sec’17] & CPU Core Level 1 Branch Pred. [arXiv:1611.06952] Level 2 CPU Level 3 RAM EPC EPC: Enclave Page Cache Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 SMT: Simultaneous Multithreading

  65. Cache Attacks on SGX Enclave 1 Enclave 2 App 2 App 3 Use CPU internal caches to infer OS control flow SMT SMT [Lee et al., Usenix Sec’17] & CPU Core Level 1 Branch Pred. [arXiv:1611.06952] Level 2 CPU Level 3 Use standard prime + probe to detect key dependent memory Use prime + probe to extract key accesses, interrupt enclave from synchronized victim enclave RAM EPC [Moghimi et al., arXiv:1703.06986] [Götzfried et al., EuroSec’17] EPC: Enclave Page Cache Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 SMT: Simultaneous Multithreading

  66. Cache Attacks on SGX A malicious enclave prime + probes another enclave, evading detection [Schwarz et al., DIMVA’17 & arXiv:1702.08719] Enclave 1 Enclave 2 App 2 App 3 Use CPU internal caches to infer OS control flow SMT SMT [Lee et al., Usenix Sec’17] & CPU Core Level 1 Branch Pred. [arXiv:1611.06952] Level 2 CPU Level 3 Use standard prime + probe to detect key dependent memory Use prime + probe to extract key accesses, interrupt enclave from synchronized victim enclave RAM EPC [Moghimi et al., arXiv:1703.06986] [Götzfried et al., EuroSec’17] EPC: Enclave Page Cache Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 SMT: Simultaneous Multithreading

  67. Cache Attacks on SGX A malicious enclave prime + probes another enclave, evading detection [Schwarz et al., DIMVA’17 & arXiv:1702.08719] Enclave 1 Enclave 2 App 2 App 3 Use CPU internal caches to infer OS control flow SMT SMT [Lee et al., Usenix Sec’17] & CPU Core Level 1 Branch Pred. [arXiv:1611.06952] Our attack: prime + probe attack from Level 2 CPU malicious OS extracting genome data [Brasser et al., WOOT’17] Level 3 Use standard prime + probe to detect key dependent memory Use prime + probe to extract key accesses, interrupt enclave from synchronized victim enclave RAM EPC [Moghimi et al., arXiv:1703.06986] [Götzfried et al., EuroSec’17] EPC: Enclave Page Cache Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018 SMT: Simultaneous Multithreading

  68. SGX Sid ide-Channel Attacks Comparison Observed Interrupting Cache Eviction Attacker Attacked Attack Type Cache Victim Measurement Code Victim Branch Execution RSA & SVM Lee et al. BTB / LBR Yes OS Shadowing Timing classifier Prime + Moghimi et al. L1(D) Yes Access timing OS AES Probe Prime + Götzfried et al. L1(D) No PCM OS AES Probe RSA & Prime + Our Attack L1(D) No PCM OS Genome Probe Sequencing Prime + Counting Schwarz et al. L3 No Enclave AES Probe Thread PCM: Performance Counter Monitor BTB: Branch Target Buffer LBR: Last Branch Record Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  69. Our Attack [Brasser et al., WOOT’17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  70. Our Attack [Brasser et al., WOOT’17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  71. Our Attack [Brasser et al., WOOT’17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  72. Our Attack [Brasser et al., WOOT’17] Modified Linux scheduler to exclude one core Process Process Process Process Process Attacker Victim (two threads) from assigning task m+1 m • 1 2 n Attacker assigns victim enclave to first SMT thread APIC: Advanced Programmable Interrupt Controller • Attacker assigns Prime+Probe code to second SMT thread OS PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  73. Our Attack [Brasser et al., WOOT’17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS Handler Handler Handler Handler PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  74. Our Attack [Brasser et al., WOOT’17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS Handler Handler PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  75. Our Attack [Brasser et al., WOOT’17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller Use kernel sysfs interface to assign interrupts to other cores • Timer interrupt (per thread) cannot be reassigned • Lowered timer frequency to 100Hz (i.e., every 10ms) OS Handler Handler PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  76. Our Attack [Brasser et al., WOOT’17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS Handler Handler PCM: Performance Counter Monitor SMT: Simultaneous Multithreading Probe SMT SMT SMT SMT APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  77. Our Attack [Brasser et al., WOOT’17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS Handler Handler PCM: Performance Counter Monitor Prime+Probe attack using L1 data cache SMT: Simultaneous Multithreading Probe • Eviction detection using Performance Counter Monitor (L1D_REPLACEMENT) • SMT SMT Anti Side-Channel Interference (ASCI) not effective, SMT SMT monitoring cache events of attacker possible APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

  78. Spatial vs. Temporal Resolution Victim Enclave Cache Attacker while ( i > 0) { prime() { PC PC prepare(); write_cache(); x = table[secret]; } wait(); Probe() { process(x); test_evic(); } } Summer School on real- world crypto and privacy, Šibenik (Croatia), June 11– 15, 2018

Recommend

Anchors Page 53 Transform the World So When Do You Use Chains? Use Chaining Anchors when the

Anchors Page 53 Transform the World So When Do You Use Chains? Use Chaining Anchors when the

Chaining Anchors Page 53 Transform the World So When Do You Use Chains? Use Chaining Anchors when the undesired state and the desired state are too far apart. Usually when the undesired state is a stuck state where there is no

596 views • 8 slides
Improving Oxidation of the Extrusion Melt at Higher Line Speeds and Lower Melt Temperatures

Improving Oxidation of the Extrusion Melt at Higher Line Speeds and Lower Melt Temperatures

Improving Oxidation of the Extrusion Melt at Higher Line Speeds and Lower Melt Temperatures Presented by: D. Robert Hammond Technical Sales Director Introduction The Time in the Air Gap (TIAG) for the last 20+ years has been recommended from

441 views • 33 slides
Thermal Energy Storage Jose Pereira da Cunha Materials Review T melt H fusion E density T melt

Thermal Energy Storage Jose Pereira da Cunha Materials Review T melt H fusion E density T melt

Phase Change Materials for Thermal Energy Storage Jose Pereira da Cunha Materials Review T melt H fusion E density T melt H fusion E density Organic Melts CAS Mass Inorganic Eutectics Ratio C kJ/kg kWh/m 3 C kJ/kg kWh/m 3 Oxalic

140 views • 11 slides
Nominal Anchors in EU-Accession Countries Recent Experiences Michael Frmmel, Universitt

Nominal Anchors in EU-Accession Countries Recent Experiences Michael Frmmel, Universitt

Nominal Anchors in EU-Accession Countries Recent Experiences Michael Frmmel, Universitt Hannover a Franziska Schobert, Deutsche Bundesbank b Abstract: We investigate official and implicit nominal anchors for five Central and Eastern

501 views • 35 slides
Continuous twin-screw melt granulation of thermally labile drug case study TONY LISTRO, MS MBA

Continuous twin-screw melt granulation of thermally labile drug case study TONY LISTRO, MS MBA

Continuous twin-screw melt granulation of thermally labile drug case study TONY LISTRO, MS MBA FOSTER DELIVERY SCIENCE 9 TH AMERICAN DRUG DELIVERY & FORMULATION SUMMIT BOSTON, SEPTEMBER 9, 2019 1 Objectives Twin-screw melt granulation

546 views • 38 slides
Q1 2015 Company Presentation Company and Portfolio Overview Portfolio Overview Strong Anchor

Q1 2015 Company Presentation Company and Portfolio Overview Portfolio Overview Strong Anchor

Q1 2015 Company Presentation Company and Portfolio Overview Portfolio Overview Strong Anchor Tenants Operating Portfolio Statistics Jumbo anchors/shadow anchors (100k+ sq ft) draw from 40 Number of properties in portfolio (1) a large

493 views • 24 slides
Narrative Anchors Processes of story construction in Margaret Atwoods The Blind Assassin

Narrative Anchors Processes of story construction in Margaret Atwoods The Blind Assassin

Narrative Anchors Processes of story construction in Margaret Atwoods The Blind Assassin Barbara Dancygier University of British Columbia barbara.dancygier@ubc.ca Style in Fiction (Leech & Short 1981) Language and the fictional world

501 views • 36 slides
I am going to use Anchors THOMAS (QUIN) THROCKMORTON, MD PROFESSOR SHOULDER AND ELBOW SURGERY

I am going to use Anchors THOMAS (QUIN) THROCKMORTON, MD PROFESSOR SHOULDER AND ELBOW SURGERY

I am going to use Anchors THOMAS (QUIN) THROCKMORTON, MD PROFESSOR SHOULDER AND ELBOW SURGERY UNIVERSITY OF TENNESSEE- CAMPBELL CLINIC DEPARTMENT OF ORTHOPAEDIC SURGERY C AMPBELL C LINIC O RTHOPAEDICS I (and/or my co-authors) have something to

117 views • 8 slides
THE LEADING ROPE AND WIRE ROPE MANUFACTURER, STOCKIST OF ANCHORS,ANCHOR CHAINS&ACCESSORIES

THE LEADING ROPE AND WIRE ROPE MANUFACTURER, STOCKIST OF ANCHORS,ANCHOR CHAINS&ACCESSORIES

THE LEADING ROPE AND WIRE ROPE MANUFACTURER, STOCKIST OF ANCHORS,ANCHOR CHAINS&ACCESSORIES ANCHORED IN THE MARINE INDUSTRY FOR MORE THAN 50 YEARS The company was founded in 1967 by Dimitris and Eleni Koronaki and continues to be 100%

494 views • 47 slides
Anchors and anchoring gear ABBA Wed 3 rd Dec 2014 SoPYC Kim Klaka Contents 1. Intro

Anchors and anchoring gear ABBA Wed 3 rd Dec 2014 SoPYC Kim Klaka Contents 1. Intro

Anchors and anchoring gear ABBA Wed 3 rd Dec 2014 SoPYC Kim Klaka Contents 1. Intro .................................................................................................................................... 2 2. Review on anchoring

299 views • 19 slides
What at An Anchors hors for r the e Na Natural ral Ra Rate e of In Inter terest est?

What at An Anchors hors for r the e Na Natural ral Ra Rate e of In Inter terest est?

What at An Anchors hors for r the e Na Natural ral Ra Rate e of In Inter terest est? Claudio audio Borio, io, Piti Disyatat atat and d Phuric icha hai Rungc ngcha haroenk oenkit itku kul 7 September 2018 Federal Reserve

377 views • 21 slides
Town Hall January 22, 2020 Our Strategic Framework Strategic Framework > Purpose > Core

Town Hall January 22, 2020 Our Strategic Framework Strategic Framework > Purpose > Core

Town Hall January 22, 2020 Our Strategic Framework Strategic Framework > Purpose > Core Values > Strategic Anchors Transform the world by Transforming Lives Grit, Humility, and Heart Strategic Anchors > Focus relentlessly on

613 views • 58 slides
UC SF The Short Neck: What is the Role of Anchors, Chimneys, Z-Fen? Jade S. Hiramoto, MD, MAS

UC SF The Short Neck: What is the Role of Anchors, Chimneys, Z-Fen? Jade S. Hiramoto, MD, MAS

UC SF The Short Neck: What is the Role of Anchors, Chimneys, Z-Fen? Jade S. Hiramoto, MD, MAS UCSF Vascular Symposium April 4, 2019 VASCULAR SURGERY UC SAN FRANCISCO 1 UC SF Disclosures Research support and royalties from Cook,

334 views • 16 slides
09 Shadow Mapping Steve Marschner CS5625 Spring 2019 Thanks to previous instructor Kavita Bala

09 Shadow Mapping Steve Marschner CS5625 Spring 2019 Thanks to previous instructor Kavita Bala

09 Shadow Mapping Steve Marschner CS5625 Spring 2019 Thanks to previous instructor Kavita Bala Shadows as depth cue [tricks-and-illusions.com] Shadows as anchors Shadows as anchors [Mller et al. RTR ] Mark Kilgard Mark Kilgard Mark

486 views • 38 slides
Proposed Australian design standard and installer certification for safety- critical anchors to

Proposed Australian design standard and installer certification for safety- critical anchors to

22/05/2015 Proposed Australian design standard and installer certification for safety- critical anchors to concrete - David J Heath - Ramil Crisolo www.aefac.org.au 1 D ISCLAIMER These seminar notes have been prepared for general information

629 views • 32 slides
09 Shadow Mapping Steve Marschner CS5625 Spring 2019 Thanks to previous instructor Kavita Bala

09 Shadow Mapping Steve Marschner CS5625 Spring 2019 Thanks to previous instructor Kavita Bala

09 Shadow Mapping Steve Marschner CS5625 Spring 2019 Thanks to previous instructor Kavita Bala Shadows as depth cue [tricks-and-illusions.com] Shadows as anchors Shadows as anchors Fake shadows Before we get into more complex methods

562 views • 43 slides
Intro dution to Lea rning Classier Systems (mostly X CS) Stew a rt W. Wilson

Intro dution to Lea rning Classier Systems (mostly X CS) Stew a rt W. Wilson

Intro dution to Lea rning Classier Systems (mostly X CS) Stew a rt W. Wilson Predition Dynamis On the o riginal lassier system... Holland, J. H. (1986). In Mahine Lea rning, An Artiial Intelligene

690 views • 35 slides
Structure and evolution of transiting giant planets: a Bayesian homogeneous determination of

Structure and evolution of transiting giant planets: a Bayesian homogeneous determination of

Twenty years of giant exoplanets - Proceedings of the Haute Provence Observatory Colloquium, 5-9 October 2015 Edited by I. Boisse, O. Demangeon, F. Bouchy & L. Arnold Structure and evolution of transiting giant planets: a Bayesian homogeneous

327 views • 9 slides
Euclid Payload Module Industry Day Organised by ESA and Astrium SAS Plenary Session ESTEC, 17

Euclid Payload Module Industry Day Organised by ESA and Astrium SAS Plenary Session ESTEC, 17

Euclid Payload Module Industry Day Organised by ESA and Astrium SAS Plenary Session ESTEC, 17 Apr 2013 Industry Day for Eu clid Paylo ad Mo du le 17 th April 20 13 Noordwijk Space Expo Ke ple rlaan 3 2 2 0 1 AZ N o o rdw ijk (Th e Ne

1.22k views • 107 slides
Modu Mo dule le 4 REG EGUL ULATION TION AND ND PO POLI LICY CY APP PPROACHES CHES TO

Modu Mo dule le 4 REG EGUL ULATION TION AND ND PO POLI LICY CY APP PPROACHES CHES TO

Food od Securit rity y and Biot otec echnology hnology in Africa ica This project is financed by the European Union and implemented by the ACP Secretariat Modu Mo dule le 4 REG EGUL ULATION TION AND ND PO POLI LICY CY APP

673 views • 41 slides
Some definitions: Inverse density dependence occurs when the per capita rate of population

Some definitions: Inverse density dependence occurs when the per capita rate of population

Some definitions: Inverse density dependence occurs when the per capita rate of population growth increases as population sizes become of population growth increases as population sizes become larger. An Allee effect refers to inverse density

243 views • 8 slides
Use Artificial Intelligence to Open New Markets & Avoid a Meltdown Melanie Brody Alex C.

Use Artificial Intelligence to Open New Markets & Avoid a Meltdown Melanie Brody Alex C.

Use Artificial Intelligence to Open New Markets & Avoid a Meltdown Melanie Brody Alex C. Lakatos Partner Partner 202.263.3304 202.263.3312 mbrody@mayerbrown.com alakatos@mayerbrown.com November 2018 Overview Introduction Fair

1.09k views • 30 slides
High-Performance Computing: An Embarrassment of Riches? Satoshi MA TSUOKA Laboratory Dept. of

High-Performance Computing: An Embarrassment of Riches? Satoshi MA TSUOKA Laboratory Dept. of

Double-precision FPUs in High-Performance Computing: An Embarrassment of Riches? Satoshi MA TSUOKA Laboratory Dept. of Math. and Compute Sci. T okyo Institute of T echnology 33 rd IEEE IPDPS, 21. May 2019, Rio de Janeiro, Brazil Jens Domke,

492 views • 25 slides
Openstack compliance with GDPR Official Courseware 25th of May 2018 is closer than you think!

Openstack compliance with GDPR Official Courseware 25th of May 2018 is closer than you think!

Openstack compliance with GDPR Official Courseware 25th of May 2018 is closer than you think! Vincenzo Di Somma CISSP vincenzo.di.somma@canonical.com @vds Agenda Introduction Why should we care? What should we do? Introduction

670 views • 43 slides

More recommend

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Blogs Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2025 SAMBUZ, All right reserved.