Side-Channel Attacks and Human Secrets Yossi Oren, BGU - PowerPoint PPT Presentation

Side-Channel Attacks and Human Secrets Yossi Oren, BGU https://iss.oy.ne.ro @yossioren CROSSING Conference,TU Darmstadt, Germany September 2019 Joint work with Anatoly Shusterman, Lachlan Kang, Yosef Meltser, Yarden Haskal, Prateek Mittal and Yuval Yarom

https://orenlab.sise.bgu.ac.il

Implementation Attacks Radiation Heat EM μ-Arch Input Output Secure Device Errors Bad Input Secret Timing Power Vibration 3

Types of Secrets Crypto Secrets State Secrets Human Secrets Short-Term Addresses of Sensitive Identity Session Keys Instructions Passwords Long-Term Inventory of Installed Browsing History Signing Keys Vulnerable Software Images on Screen Long-Term Random Number Health Sensors Decryption Keys Generator State • What if the secret is compromised? • How do we protect the secret from attack?

Target PC Target Adversary Sensitive Target Website Browser

Tor Network Target PC Target Adversary Sensitive Target Website Browser

Website Fingerprinting • Collect Labeled Network Traces Automated Website Fingerprinting • Extract through Deep Learning Vera Rimmer ∗ , Davy Preuveneers ∗ , Marc Juarez § , Tom Van Goethem ∗ and Wouter Joosen ∗ Features ∗ imec-DistriNet, KU Leuven e n . b v e e u u l . k @ c s } § imec-COSIC, ESAT, KU Leuven m e a t n l a s h e e . t a m a t t n b e o n fi r s e n . t i { u v c a l : e u n i c a l • Train Classifier m a i k u l m l o E a t . m d e s c o a n @ a s e z o f S P a r n I t . . j u i o t s i s i r c a t e n v m a t i n e v e r s : e s p r u s a i l d u s s s E m n d t h i t e o u a e b s e r i g i n u r w e s r i e c t e a o i t t h c y , h e c h n g v a e d t a r y i p r i w v e r ’ s t i f r l o n e T o r e n T o a l i d n h a t Abstract —Several studies have shown that the network traffic m e . m o t i r o c h e d a e t s f a r e a l b y m e r e s e e v d s a r v r r t e that is generated by a visit to a website over Tor reveals b s e u s a s i s i (classical/deep) o i o w v r k e v fi c e r e o m w o p r a f w f r e t o f t r e s k s information specific to the website through the timing and n l t o r k i t e a s u w b s l r e e t w e o n - a r n h a t i d i A s T o i c m h e sizes of network packets. By capturing traffic traces between f w h o r t o r n f o m n e l f e g i f r a n i n i n y , e - c h t o f y e l i d users and their Tor entry guard, a network eavesdropper can e - y n t i c i s s s i d s a r d e r e h i s e r e i p s t d v T h o r e A 7 a m s . i t leverage this meta-data to reveal which website Tor users are a l 4 ] . , k e t e , o c [ 1 a t a a c s i t a l r - d p e b u s e e t a r k w 1 visiting. The success of such attacks heavily depends on the r m w o fi c l a s e t c i n g c u o n ’ n p e w i r t i t i e d a s l o p a c a y p t r a l 0 particular set of traffic features that are used to construct the u n i c r f o u s m e n u e t h d • Classify m f q t , t e c o s o u n i r i n i s i h e z e n r p v 2 fingerprint. Typically, these features are manually engineered t s i t e g e a s n d o f fi n w a i s e t e n s n q u b s i t i o t i o n i w e and, as such, any change introduced to the Tor network can e c m a u r o r m a c h n f r h i c i f o w n n e l t o a l s o render these carefully constructed features ineffective. In this a n d v e c k c h g e r e t a e r a o a t v e s t d . F ) paper, we show that an adversary can automate the feature l e e r t e W 4 ] , b e p p e r a ( [ 2 D n r o e n n g ] , c a s d g n t i 1 9 a v e i t r i [ engineering process, and thus automatically deanonymize Tor e a t e r p 1 ] , r k t h n g [ 3 s i - w o fi c F i ] , a s e t a f e 2 5 c l Unknown n t r s i t [ a traffic by applying our novel method based on deep learning. We h e e b i e s a s n t W u d d y 5 o f s t a t e a l l e d o o f r e n u a s i t y s t m a collect a dataset comprised of more than three million network b b i l r i e i s s i s e c k s t , f e a a t a fi r e e n a t y , h e s T h d i h e b t traces, which is the largest dataset of web traffic ever used for s e t e d n g e s k s , l v y i ] a s s o r s o s i f s w s l a s s . w a e d m i c h m R website fingerprinting, and find that the performance achieved by r a t e e n i t T o r e l b l t h g o r e p r o n d a l t h s a g our deep learning approaches is comparable to known methods n h i c e s i n a - I T r a r n fi c 2 ] . m . c t e a s s i Network Traces C [ 3 l e f fi e l c l a o b r a i n a which include various research efforts spanning over multiple p r f t c h e , n s o m a e v 0 ] i o r e c h i [ 3 c a t a t u c e a e s fi f e c t i t o s i t . years. The obtained success rate exceeds 96% for a closed world g p r a w n e b r i n f - o w . s e e - o s h d i t e i n a t e e n z e b s n g s t b e g n i w e of 100 websites and 94% for our biggest closed world of 900 e h e c o e r c w i t a v r e p h y e s a l r e s h e s c t l a c n t i t u a c r e t r s e [ classes. In our open world evaluation, the most performant e a r o o r 0 0 e s f p p % c h 1 s a 6 i t s i e d - 9 w u r e a n deep learning model is 2% more accurate than the state-of- o s 9 1 e s a t c o p f s i t f e k s P r o e b v e t a s c y w t i s u r a 0 0 n c t h i 2 the-art attack. Furthermore, we show that the implicit features c c 1 s t i r , g e s a o f d i v e n o n e t n g e o h a t i a s d i o r h c n fi n M i t v automatically learned by our approach are far more resilient to 3 ] i a t s . w F 1 t h i t e u p W ] , [ w b s p 2 4 h o w e e e h e [ s f o k T 6 dynamic changes of web content over time. We conclude that k s n o t 9 ] . o r i o h a s [ s w n i t e 0 ] , c e s e i r o g h [ 2 u c T h e c a s , s 7 the ability to automatically construct the most relevant traffic r r y 4 ] h e a t e s a l [ d t u r e r c o t e o r c c d v t o g a f a e a p r o s t i e p 3 features and perform accurate traffic recognition makes our f o r t h v e s t o r o r k i n o n f w o t c t i l y e t n r a h i s deep learning based approach an efficient, flexible and robust o s t n a s x t t 6 c h e h e i n b e n t f a r u r e s s i s a t d r e e d h u f e d u c y t h e e a 0 o d n i t t w t r u e s a t i n m m m a t t h o o m c u t l e e . c h o a o b u r e a r h p r e a t 8 e s w e y f r e r k i s c k h e n g t t a t n i n technique for website fingerprinting. a i s e a r d o 0 a n h i s l s e o f T n e b a n . c h i s , - i o m a e s r o c a t o c w 7 t p i fi n a l p r r a I NTRODUCTION h a a s s o a l o f l t c l d i t i n u o n o o r a m a t i t d f t a n t a 1 o n p e o i s s e h e a t i e l o k . e p n g r e o t n i c e v o r s t r i e p t I . u d w a l e e a r a n t m m l y n t i g i n d e v : o v e s ’ s e n fi n e l e c c t i s e r e s e e o t r o r s a a u A n u r e , t o s m v i a n i t s e a t d g m e n o r ) i s o f F l e r e e v ( T I t y g . w a e r s . a c n t s r i n n o h a t b g u t e e r i v t e e e t k t t o i n i R o u s p r o n i n e r i c s e d a r n n e t h e e c n g x p i s t o v l e X o r n t t h e d e e r p r e O n i n t e r e s t s a n a c t n g i n I s u y p a r r i c h e n c r c h e e m a e n g i n e n r a