pixelvault using gpus for securing cryptographic opera ons
play

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! - PowerPoint PPT Presentation

Aug 13, 2022 •530 likes •931 views

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis + + +gvasil@ics.forth.gr+ Elias!Athanasopoulos ! !elathan@ics.forth.gr! Michalis!Polychronakis ! !mikepo@cs.columbia.edu! So=ris!Ioannidis! ! !

  1. PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis + + +gvasil@ics.forth.gr+ Elias!Athanasopoulos ! !elathan@ics.forth.gr! Michalis!Polychronakis ! !mikepo@cs.columbia.edu! So=ris!Ioannidis! ! ! !so=ris@ics.forth.gr! 1!

  2. How!SSL/TLS!works! • Secure!Sockets!Layer!(SSL/TLS)!is!a!deGfacto! standard!for!secure!communica=on!! – Authen=ca=on,!confiden=ality,!integrity!! Client Server Client Initiates Handshake RSA Server Responds + Certificate decryption Client sends secret Server and Client create Keys AES cipher Secure Data Exchange 2!

  3. Mo=va=on! • Secret!keys!may!remain!unencrypted!in!CPU! Registers,!RAM,!etc.! – Memory!aOacks! – DMA/Firewire!aOacks! – Heartbleed!aOack! – …! 3!

  4. PixelVault!Overview! • Runs!encryp=on! Host! securely!outside!CPU/ RAM! x86+Host+CPU+ • Only!onGchip!memory! of!GPU!is!used!as! PLAINTEXT CIPHERTEXT storage! • Secret!keys!are!never! ENCRYPT observed!from!host! Graphics+Card+ 4!

  5. Cryptographic!Processing!with!GPUs! • GPUGaccelerated!SSL! SSH! Web! IMAP! Server! Server! Server! – [CryptoGraphics,!CTGRSA’05]! – [Harrison!et!al.,!Sec’08]! – [SSLShader,!NSDI’11]! OpenSSL!stub! – …! • HighGperformance! • CostGeffec=ve! GPU! 5!

  6. Cryptographic!Processing!with!GPUs! • GPUGaccelerated!SSL! SSH! Web! IMAP! Server! Server! Server! – [CryptoGraphics,!CTGRSA’05]! – [Harrison!et!al.,!Sec’08]! – [SSLShader,!NSDI’11]! OpenSSL!stub! – …! • HighGperformance! • CostGeffec=ve! GPU! Can+we+also+make+it+secure?+ 6!

  7. Implementa=on!Challenges! • How!to!isolate!GPU!execu=on?! • Who!holds!the!keys?! • Where!is!the!code?! 7!

  8. Implementa=on!Challenges! • How!to!isolate!GPU!execu=on?! • Who!holds!the!keys?! • Where!is!the!code?! 8!

  9. GPU!as!a!coprocessor! • Typically!handled!by!the!host! – Load!parameters,!launch!GPU!kernel,!transfer! data,!etc.! • Not!secure!for!our!purposes! – Crypto!keys!have!to!be!transferred!every!=me! 9!

  10. Autonomous!GPU!execu=on! • Force!GPU!kernel!to!run!indefinitely! – i.e.,!using!an!infinite! while !loop! • Cannot!rely!on!the!typical!parameterGpassing! execu=on!of!GPU!kernels!! – Instead,!we!allocate!a!memory!segment!that!is! shared!between!CPU/GPU! 10!

  11. Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • Page%locked+ memory! Server! Server! Server! – Accessed!by!the!GPU! directly,!via!DMA! – Cannot!be!swapped!to! OpenSSL!stub! disk! Shared+Memory+Segment+ • Processing!requests!are! issued!through!this! shared!memory!space! GPU+ 11!

  12. Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • GPU!con=nuously! Server! Server! Server! monitors!the!shared! space!for!new!requests! OpenSSL!stub! ! Shared+Memory+Segment+ GPU+ 12!

  13. ���������� ���������� Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • When!a!new!request!is! Server! Server! Server! available,!it!is! transferred!to!the! memory!space!of!the! OpenSSL!stub! GPU! REQUEST msg# Shared+Memory+Segment+ offsets[msg#] ! keyIDs[msg#] msg_buf[] GPU+ 13!

  14. ���������� ���������� ���������� ���������� Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • The!request!is! Server! Server! Server! processed!by!the!GPU! ! OpenSSL!stub! Shared+Memory+Segment+ REQUEST RESPONSE msg# msg# offsets[msg#] offsets[msg#] keyIDs[msg#] keyIDs[msg#] enc_msg_buf[] msg_buf[] 14!

  15. ���������� ���������� Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • When!processing!is! Server! Server! Server! finished,!the!host!is! no=fied!by!segng!the! response!parameter! OpenSSL!stub! fields!accordingly! RESPONSE msg# Shared+Memory+Segment+ offsets[msg#] keyIDs[msg#] enc_msg_buf[] GPU+ 15!

  16. Autonomous!GPU!execu=on! SSH! Web! IMAP! • NonGpreemp=ve! Server! Server! Server! execu=on! OpenSSL!stub! • Only!the!output!block!is! being!wriOen!back!to! host!memory! Shared+Memory+Segment+ non-preemptive exec GPU+ 16!

  17. Implementa=on!Challenges! • How!to!isolate!GPU!execu=on?! • Who!holds!the!keys?! • Where!is!the!code?! 17!

  18. Who!holds!the!keys?! GPU! Mul=processor!N! Host!Memory! Mul=processor!2! Global!Memory! Mul=processor!1! CPU! Regs! (Host)! Shared! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris=cs! 18!

  19. Who!holds!the!keys?! GPU! Mul=processor!N! Host!Memory! Mul=processor!2! Global!Memory! Mul=processor!1! CPU! Regs! (Host)! Shared! OffGchip!global!memory.! Memory! Cache! No!protec=on;!data!can! SP! SP! SP! SP! be!acquired!by!the!CPU! SP! SP! SP! SP! directly.!! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris=cs! 19!

  20. Who!holds!the!keys?! GPU! Mul=processor!N! OnGchip!memories! Host!Memory! Mul=processor!2! Global!Memory! Mul=processor!1! CPU! Regs! (Host)! Shared! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris=cs! 20!

  21. Who!holds!the!keys?! GPU! Comparable!with! scratchpad!RAM!in!other! Mul=processor!N! architectures.! Host!Memory! ! Mul=processor!2! Global!Memory! Unfortunately ,!its!contents! Mul=processor!1! can!be!acquired!by!a! CPU! Regs! subsequent!GPU!kernel.!! (Host)! Shared! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris=cs! 21!

  22. Who!holds!the!keys?! GPU! Mul=processor!N! Host!Memory! Many!different!caches!(L1GL3,! Mul=processor!2! texture,!constant).! Global!Memory! Mul=processor!1! Unfortunately ,!the!data!stored! CPU! there!cannot!be!managed!by! Regs! (Host)! Shared! the!programmer! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris=cs! 22!

  23. Who!holds!the!keys?! GPU! Mul=processor!N! Not!fullyGaddressable.! Host!Memory! Mul=processor!2! Reset!to!zero!on!each! Global!Memory! GPU!kernel!execu=on.! Mul=processor!1! CPU! Regs! (Host)! Shared! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris=cs! 23!

  24. Keeping!secrets!on!GPU!registers! • Secret!keys!are!loaded!on!GPU!registers!at!an! early!stage!of!the!bootstrapping!phase! – Preferably!from!an!external!storage!device! • Unfortunately,!the!number!of!available! registers!in!current!GPU!models!is!small! – Enough!for!a!single/few!secret!keys,!but! what+ about+mul7%homing+servers?+ 24!

  25. Support!for!an!arbitrary!number!of!keys! • We!can!use!a!separate!KeyStore!array!that! holds!an!arbitrary!number!of!secret!keys! encrypted!keys!are! each!key!is!decrypted!in!registers! stored!in!GPU!RAM:! during!encryp=on/decryp=on:! KeyStore+ GPU+Registers+File+ Master! Key! copy!to!registers! Enc’ed!Key! Dec’ed!Key! 25!

  26. Implementa=on!Challenges! • How!to!isolate!GPU!execu=on?! • Who!holds!the!keys?! • Where!is!the!code?! 26!

  27. Where!is!the!code?! • GPU!code!is!ini=ally!stored!in!global!device! memory!for!the!GPU!to!execute!it! – An!adversary!could!replace!it!with!a!malicious! version! Global!Device! Memory! 27!

  28. Preven=ng!code!modifica=on!aOacks! • Three!levels!of!instruc=on!caching!(icache)! – 4KB,!8KB,!and!32KB,!respec=vely! – HardwareGmanaged! • Opportunity: !Load!the!code!to!the!icache,!and! then!erase!it!from!global!device!memory! – The!code!runs!indefinitely!from!the!icache! – Not!possible!to!be!flushed!or!modified! 28!

  29. PixelVault!Crypto!Suite! • AESG128! • RSAG1024! 29!

  30. AES!Implementa=on! • The!key!and!all!intermediate!states!are!stored! in!GPU!registers! – 16!bytes!for!the!key! – 16!bytes!for!the!round!key! – 16!bytes!for!the!input/output!block! • The!only!data!that!is!wriOen!back!to!global,! offGchip!device!memory!is!the!output!block! 30!

  31. RSA!Implementa=on! • During!exponen=a=on,!each!thread!needs!three! temporary!values!of!( n !+!2)!words!each,!where! n ! is!the!size!of!the!key!in!bits! – 408!words!for!1024Gbit!keys! • Unfortunately,!there!is!not!always!enough!space! to!hold!all!three!temporary!values!in!registers! – Store!the!three!temporary!values!in!shared!memory! (i.e.!scratchpad!memory)! 31!

  32. Performance!Evalua=on! • Hardware!setup! – 2x!Intel!Xeon!E5520!QuadGcore!CPUs!at!2.27GHz! – 12GB!of!RAM! – GeForce!GTX480! • Comparison!against!the!standard!OpenSSL! implementa=on! – No!AESGNI!support! 33!

  33. AESG128!CBC!Performance! GPU 6 6 PixelVault 3 3 PixelVault (w/ KeyStore) 5 5 Throughput (Gbit/s) Throughput (Gbit/s) CPU Throughput (Gbit/s) Throughput (Gbit/s) Up!to!13%!overhead!! 4 4 Up!to!20%!overhead! 2 2 on!GPU!execu=on! 3 3 on!GPU!execu=on! 2 2 1 1 1 1 0 0 0 0 1 16 64 128 1024 4096 1 16 64 128 1024 4096 Number of Messages Number of Messages Number of Messages Number of Messages Encryp=on! Decryp=on! 34!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis+ +

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis+ +

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis+ + +gvasil@ics.forth.gr+ 1! Mo%va%on! Secret!keys!may!remain!unencrypted!in!CPU! Registers,!RAM,!etc.! Memory!disclosure!a?acks! Heartbleed!

737 views • 34 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Preliminary Results of the OPERA I and OPERA II Open-Label Extension Study RT Naismith, M

Preliminary Results of the OPERA I and OPERA II Open-Label Extension Study RT Naismith, M

Preliminary Results of the OPERA I and OPERA II Open-Label Extension Study RT Naismith, M Cascione, LME Grimaldi, SL Hauser, L Kappos, X Montalban, J Wolinsky, P Chin, H Garren, L Julian, F Model, D Honeycutt OPERA I, NCT01247324; OPERA II,

198 views • 15 slides
The OPERA Collaboration 140 physicists, 28 institutions in 11 countries Korea Israel Belgium

The OPERA Collaboration 140 physicists, 28 institutions in 11 countries Korea Israel Belgium

Neutrino Oscillations in the OPERA Experiment e e e e Umut KOSE on behalf of OPERA Collaboration NUFACT2014, XVIth

339 views • 23 slides
Welcome to CSE 506 Introduc/on & Review Don Porter 1 2 CSE 506: Opera.ng Systems CSE 506:

Welcome to CSE 506 Introduc/on & Review Don Porter 1 2 CSE 506: Opera.ng Systems CSE 506:

3/14/16 CSE 506: Opera.ng Systems CSE 506: Opera.ng Systems Why Grad OS? Primary Goal: Demys/fy how computers work Welcome to CSE 506 Introduc/on & Review Don Porter 1 2 CSE 506: Opera.ng Systems CSE 506: Opera.ng Systems An

355 views • 6 slides
Outline Integer representa+on and opera+ons Bit opera+ons

Outline Integer representa+on and opera+ons Bit opera+ons

Outline Integer representa+on and opera+ons Bit opera+ons Floa+ng point numbers Reading Assignment: Chapter 2 Integer & Float Number Representa+on

798 views • 50 slides
Outline Integer representa+on and opera+ons Bit opera+ons

Outline Integer representa+on and opera+ons Bit opera+ons

Outline Integer representa+on and opera+ons Bit opera+ons Floa+ng point numbers Reading Assignment: Chapter 2 Integer & Float Number Representa+on

479 views • 45 slides
The Status of the OPERA experiment O.Sato(Nagoya Univ.) On behalf of OPERA collaboration

The Status of the OPERA experiment O.Sato(Nagoya Univ.) On behalf of OPERA collaboration

The Status of the OPERA experiment O.Sato(Nagoya Univ.) On behalf of OPERA collaboration 2007.Jun.13 DBD07 OPERA Oscillation Project with Emulsion-tRacking Apparatus An Emulsion-Counter Hybrid experiment for CNGS Tau neutrino Beam

1.06k views • 62 slides
l O O O pra de pra de P P oche P l l pra de oche oche The Pocket Opera The

l O O O pra de pra de P P oche P l l pra de oche oche The Pocket Opera The

l O O O pra de pra de P P oche P l l pra de oche oche The Pocket Opera The Pocket Opera The Pocket Opera www.operadepoche.fr Appel dAirs Association Loi 1901 03220 Chtelperron France SIREN: 482 379 146 Licences

333 views • 8 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Opera=ng Systems 2 Schedule Today Opera=ng Systems

Opera=ng Systems 2 Schedule Today Opera=ng Systems

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Opera=ng Systems 2 Schedule Today Opera=ng Systems

544 views • 32 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Opera Productions Old and New 5. Grandest of the Grand Grand Opera Essentially a French

Opera Productions Old and New 5. Grandest of the Grand Grand Opera Essentially a French

Opera Productions Old and New 5. Grandest of the Grand Grand Opera Essentially a French phenomenon of the 1830s through 1850s, although many of its composers were foreign. Large-scale works in five acts (sometimes four), calling for

247 views • 23 slides
Opera Europa Digital Platform The whole world of opera free, live and on demand A free website

Opera Europa Digital Platform The whole world of opera free, live and on demand A free website

Opera Europa Digital Platform The whole world of opera free, live and on demand A free website A single, authoritative, accessible go to online destination for discovering the world of European opera. far-reaching editorial content

397 views • 21 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Gunrock High-Performance Graph Analytics for the GPU Muhammad Osama University of California, Davis Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found everywhere Found everywhere Road &

560 views • 23 slides
Chapter 2 Application Layer

Chapter 2 Application Layer

Chapter 2 Application Layer

1.46k views • 114 slides
Graphical Models Graphical Models Bayesian Networks Siamak Ravanbakhsh Fall 2019 Previously on

Graphical Models Graphical Models Bayesian Networks Siamak Ravanbakhsh Fall 2019 Previously on

Graphical Models Graphical Models Bayesian Networks Siamak Ravanbakhsh Fall 2019 Previously on Previously on Probabilistic Graphical Models Probabilistic Graphical Models Probability distribution and density functions Random variable

1.39k views • 104 slides
rt sts ssts r

rt sts ssts r

rt sts ssts r r t s tr sst tr

1.21k views • 77 slides
Toward an Automated Vulnerability Comparison of Open Source IMAP Servers Chaos Golubitsky

Toward an Automated Vulnerability Comparison of Open Source IMAP Servers Chaos Golubitsky

Toward an Automated Vulnerability Comparison of Open Source IMAP Servers Chaos Golubitsky (chaos@glassonion.org) December 7, 2005 1 Overview Motivation Attack surfaces IMAP server design Automated attack surface measurement

236 views • 12 slides
Graphical Models Graphical Models Relationship between the directed & undirected models

Graphical Models Graphical Models Relationship between the directed & undirected models

Graphical Models Graphical Models Relationship between the directed & undirected models Siamak Ravanbakhsh Winter 2018 Two directions Two directions Markov network Bayes-net Markov network Bayes-net

311 views • 19 slides
Analysis of wide area user mobility patterns Kevin Simler*, Steven E. Czerwinski , Anthony

Analysis of wide area user mobility patterns Kevin Simler*, Steven E. Czerwinski , Anthony

Analysis of wide area user mobility patterns Kevin Simler*, Steven E. Czerwinski , Anthony Joseph UC Berkeley * Now at MIT 2004/12/02 Now at Google Motivation We want to understand user behavior In order to design better

664 views • 49 slides
Towards a theory of Undo Aaron Brown UC Berkeley June 2002 ROC Retreat Outline Recap of

Towards a theory of Undo Aaron Brown UC Berkeley June 2002 ROC Retreat Outline Recap of

Towards a theory of Undo Aaron Brown UC Berkeley June 2002 ROC Retreat Outline Recap of Undo: motivation and the 3 Rs First implementation attempt & lessons learned Towards a theory for undo foundation: logging of

447 views • 23 slides
FPGAs for Image Processing A DSL and program transformations Rob Stewart Greg Michaelson Idress

FPGAs for Image Processing A DSL and program transformations Rob Stewart Greg Michaelson Idress

FPGAs for Image Processing A DSL and program transformations Rob Stewart Greg Michaelson Idress Ibrahim Deepayan Bhowmik Andy Wallace Paulo Garcia Heriot-Watt University 10 May 2016 What I will say 1. EPSRC Rathlin project interested in

542 views • 30 slides

More recommend