System Architectures and Techniques for Efficient, Secure, and - - PowerPoint PPT Presentation

system architectures and techniques for efficient secure
SMART_READER_LITE
LIVE PREVIEW

System Architectures and Techniques for Efficient, Secure, and - - PowerPoint PPT Presentation

Mar 02, 2024 102 likes •601 views

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution Mario Werner May 7, 2020 Graz University of Technology Why do we care about code? www.tugraz.at 10:20 July 18 W i r e l e s s - G A D S L G

slide-1
SLIDE 1

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution

Mario Werner May 7, 2020

Graz University of Technology

slide-2
SLIDE 2

Why do we care about code?

www.tugraz.at

10:20

July 18 W i r e l e s s
  • G
A D S L G a t e w a y

1 Mario Werner | Graz University of Technology

slide-3
SLIDE 3

Problem Statement

www.tugraz.at

  • Most research and vendor solely focus on software security
  • Processors lack protection against physical attacks
  • Adversary can exploit physical properties of a device
  • Active: e.g., induce faults (voltage/clock glitches, laser) [KSV13]
  • Passive: e.g., extract secrets (power/timing analysis) [MOP07]
  • Local and remote attack settings (e.g., cache attacks,

Rowhammer [Kim+14], Plundervolt [Mur+20])

  • Relevant in mobile, IoT, and cloud settings

2 Mario Werner | Graz University of Technology

slide-4
SLIDE 4

Contribution

www.tugraz.at

  • Techniques to protect code execution against physical attacks
  • Providing Control-Flow Integrity and Attestation
  • GPSA: adapt the old scheme as fault-attack countermeasure
  • SCFP: extends GPSA using sponge-based AE techniques
  • Remote attestation and licensing using SCFP-like approaches
  • Counteracting Physical Attacks on the Memory System
  • MEMSEC: hardware framework for memory encryption
  • SCATTERCACHE: cache design hardened against timing attacks
  • Concepts tested in simulation and/or on real hardware
  • Fully integrated into the toolchain for good usability
  • Combined or individual adoption possible

3 Mario Werner | Graz University of Technology

slide-5
SLIDE 5

Paper Relations

www.tugraz.at

S

  • f

t w a r e A t t a c k s A c t i v e

( e . g . , F a u l t )

P a s s i v e

( e . g . , S C )

P h y s i c a l A t t a c k s G P S A / C S M S C F P R e m

  • t

e A t t e s t a t i

  • n

a n d L i c e n s i n g ME MS E C S c a t t e r C a c h e C

  • d

e D a t a

I E A E E

4 Mario Werner | Graz University of Technology

slide-6
SLIDE 6

The PhD in Numbers

www.tugraz.at

  • 16 (co-)authored papers in total
  • 4 papers in this thesis
  • Contributed to 2 lectures
  • System-on-Chip Architectures and Modeling (since WT2014)
  • Computer Organization (ST2019) → Computer Organization and

Networks (WT2019)

  • Supervised 18 student projects
  • 4 bachelor theses
  • 4 master projects
  • 8 master theses
  • 2 internships

5 Mario Werner | Graz University of Technology

slide-7
SLIDE 7

Part I: Providing Control-Flow Integrity and Attestation

slide-8
SLIDE 8

Why Control-Flow Integrity?

www.tugraz.at ✈♦✐❞ ♠❛✐♥✭✮ ④ ❢♦r ✭❀❀✮ ④ ✉♥s✐❣♥❡❞ ♣✐♥ ❂ r❡❛❞❴♣✐♥✭✮❀ ✐♥t ❛✉t❤ ❂ ❝❤❡❝❦❴♣✐♥✭♣✐♥✮❀ ✐❢✭ ❛✉t❤ ✮ ④ ♦♣❡♥❴❞♦♦r✭✮❀ ⑥ ❡❧s❡ ④ r❛✐s❡❴❛❧❛r♠✭✮❀ ⑥ ❧♦❣❴❡✈❡♥t✭✮❀ ⑥ ⑥ main check_pin read_pin

  • pen_door

raise_alarm log_event 6 Mario Werner | Graz University of Technology

slide-9
SLIDE 9

Why Control-Flow Integrity?

www.tugraz.at check_auth: // auth in x1 (0 if authentic) B N E x , x 1 , n

  • t

_ a u t h e n t i c a t e d authenticated: // open door // ... J next not_authenticated: // raise_alarm next: // log event 7 Mario Werner | Graz University of Technology

slide-10
SLIDE 10

Protecting the Control Flow of Embedded Processors against Fault Attacks

Mario Werner, Erich Wenger, and Stefan Mangard. “Protecting the Control Flow of Embedded Processors against Fault Attacks”. In: Smart Card Research and Advanced Applications – CARDIS. 2015, pp. 161–176. DOI: ✶✵✳✶✵✵✼✴✾✼✽✲✸✲✸✶✾✲✸✶✷✼✶✲✷❴✶✵ 8 Mario Werner | Graz University of Technology

slide-11
SLIDE 11

High-Level Concept

www.tugraz.at

C

  • r

e P i p e l i n e

F e t c h F e t c h D e c

  • d

e E x e c u t e Me mo r y Wr i t e B a c k Me mo r y ( R A M/ R O M) Mo n i t

  • r

9 Mario Werner | Graz University of Technology

slide-12
SLIDE 12

Derived Signatures [MM88]

www.tugraz.at

Reset_Handler 0x00000000 0x0000b5b0 b5b0: push {r4, r5, r7, lr} 0x000164b2 af02: add r7, sp, #8 0x0001acbf 480d: ldr r0, [pc, #52] 0x0001f5cd 490e: ldr r1, [pc, #56] 0x00023855 4288: cmp r0, r1 0x00030a62 d20d: bhs #26 Reset_Handler:1 0x00030a62 0x0003546f 4a0d: ldr r2, [pc, #52] ... Reset_Handler:2 0x00030a62 0x00035668 4c06: ldr r4, [pc, #24] ... ? ? ?

10 Mario Werner | Graz University of Technology

slide-13
SLIDE 13

Continuous Signature Monitoring (CSM) [WS88]

www.tugraz.at

%1 (if) // ... %2 // ... // ... %3 // ... %4 // ... // ...

11 Mario Werner | Graz University of Technology

slide-14
SLIDE 14

Continuous Signature Monitoring (CSM) [WS88]

www.tugraz.at

%1 (if) // ... %2 // ... // ... %3 // ... u p d a t e ( s i g 1 ) %4 // ... // ...

11 Mario Werner | Graz University of Technology

slide-15
SLIDE 15

Continuous Signature Monitoring (CSM) [WS88]

www.tugraz.at

%1 (if) // ... %2 // ... // ... %3 // ... u p d a t e ( s i g 1 ) %4 // ... // ... c h e c k ( s i g 2 )

11 Mario Werner | Graz University of Technology

slide-16
SLIDE 16

Continuous Signature Monitoring (CSM) [WS88]

www.tugraz.at

%1 (if) // ... %2 // ... // ... %3 // ... u p d a t e ( s i g 1 ) %4 // ... // ... c h e c k ( s i g 2 )

11 Mario Werner | Graz University of Technology

slide-17
SLIDE 17

Summary

www.tugraz.at

  • First known GPSA/CSM implementation
  • Hybrid (HW+SW) scheme
  • LLVM-based toolchain
  • HDL implementation for an ARMv7-M compatible processor
  • 6.4 % hardware overhead
  • 2 % to 71 % runtime overhead
  • Analysis and evaluation of signature functions (CRCs, MISRs)
  • CRC-32C: Resistant against at least 7 precise bit flips

(injected across two encodings)

  • CSM h = 4: Detect a faulty instruction with 99.9 % within 3 cycles

(arbitrary fault within encoding)

12 Mario Werner | Graz University of Technology

slide-18
SLIDE 18

Sponge-Based Control-Flow Protection for IoT-Devices

Mario Werner, Thomas Unterluggauer, David Schaffenrath, and Stefan Mangard. “Sponge-Based Control-Flow Protection for IoT Devices”. In: European Symposium on Security and Privacy – EuroS&P. Best Paper Award. 2018, pp. 214–226. DOI: ✶✵✳✶✶✵✾✴❊✉r♦❙P✳✷✵✶✽✳✵✵✵✷✸ 13 Mario Werner | Graz University of Technology

slide-19
SLIDE 19

Question

www.tugraz.at

C

  • r

e P i p e l i n e

F e t c h F e t c h D e c

  • d

e E x e c u t e Me mo r y Wr i t e B a c k Me mo r y ( R A M/ R O M) Mo n i t

  • r
  • How can we be sure that the monitor is working?

14 Mario Werner | Graz University of Technology

slide-20
SLIDE 20

High-Level Concept

www.tugraz.at

C

  • r

e P i p e l i n e

F e t c h F e t c h D e c

  • d

e E x e c u t e Me mo r y Wr i t e B a c k Me mo r y ( R A M/ R O M) A E D e c r y p t

  • Make correctness a requirement for functionality

15 Mario Werner | Graz University of Technology

slide-21
SLIDE 21

Decryption/Execution Example

www.tugraz.at

strcmp 0x1b2a0645 0xdd3fbcce : 03 06 05 00 : lb a2, 0(a0) 0xf5a92604 : 83 86 05 00 : lb a3, 0(a1) 0x58c04f0a : 5b 0c 06 00 : b p e q z a 2 , 2 4 0x58c04f0a 0xe70771a6 : 13 05 15 00 : addi a0, a0, 1 0x5b26165e : 93 85 15 00 : addi a1, a1, 1 0xa4e9634c : db 04 d6 fe : b p e q a 2 , a 3 ,

  • 2

4 x a 4 e 9 6 3 4 c : 4d 1b c0 0f : a3 0f 21 3e

apply patch2 apply patch1

16 Mario Werner | Graz University of Technology

slide-22
SLIDE 22

APE-like Decryption Mode

www.tugraz.at

  • Original construction by Andreeva et al. [And+14]

P f f C

1

P a t c h f P

1

C

2

P a t c h

1

x

1

x x

2

C x ' x

1

'

17 Mario Werner | Graz University of Technology

slide-23
SLIDE 23

Summary

www.tugraz.at

  • Sponge-based Control-Flow Protection (SCFP)
  • Hardware-supported CFI scheme
  • Decrypts the instruction stream with instruction granularity
  • Evolution of GPSA and CSM with added

confidentiality/authenticity

  • Maintains protection across indirect calls
  • Supports exception/interrupt handling (enables preemptive OSs)
  • Presented and analyzed two suitable sponge constructions
  • Discussed three SCFP instantiations (IE, AEE, AEE-Light)
  • Implemented AEE-Light into a RISC-V processor
  • 9.1 % runtime overhead
  • 19.8 % code size overhead
  • Manufactured in cooperation with ETH-Zurich

18 Mario Werner | Graz University of Technology

slide-24
SLIDE 24

Remote Attestation and Licensing via Secure Code Execution

www.tugraz.at

  • SCFP-like technique with added challenge response protocol
  • Idea: Reuse the balancing of the internal crypto state
  • Supports all common + a novel attestation mode:
  • Static (arbitrary data/code)
  • Graph (novel approach, attests crypto state)
  • Path (repeated graph attestation)
  • Hybrid (any combination of above the modes)
  • Software-only prototype on top of SCFP
  • Online licensing extension
  • Verifier provides patch values for prover via license tokens
  • Each token is a patch encrypted with the attestation state

19 Mario Werner | Graz University of Technology

slide-25
SLIDE 25

Part II: Counteracting Physical Attacks on the Memory System

slide-26
SLIDE 26

Transparent Memory Encryption and Authentication

Mario Werner, Thomas Unterluggauer, Robert Schilling, David Schaffenrath, and Stefan Mangard. “Transparent memory encryption and authentication”. In: Field Programmable Logic and Applications – FPL. 2017, pp. 1–6.

DOI: ✶✵✳✷✸✾✶✾✴❋P▲✳✷✵✶✼✳✽✵✺✻✼✾✼

20 Mario Werner | Graz University of Technology

slide-27
SLIDE 27

High-Level Concept

www.tugraz.at

L L C a c h e

S l i c e

S

  • C

S l i c e B

  • t

R O M B

  • t

S R A M D D R Me mo r y C

  • n

t r

  • l

l e r Me mo r y C h i p Me mo r y C h i p S C F P C

  • r

e S C F P C

  • r

e Me mo r y E n c r y p t i

  • n

21 Mario Werner | Graz University of Technology

slide-28
SLIDE 28

Main Challenges

www.tugraz.at

  • Transparent translation between two address spaces
  • Aligning requests with cipher block/mode sizes
  • Extracting/inserting data according to the original request
  • Support for interconnect peculiarities (strobes, bursts, . . . )

CPU Memory Request

  • Mem. Start

Block 1 Block 2

  • Mem. End

CPU Memory Layout Physical Memory Physical Block 1 Split Request Block 3

Encrypted Block 3 Nonce Tag Encrypted Block 2 Nonce Tag Encrypted Block 1 Nonce Tag Encrypted Block 0 Nonce Tag

  • Mem. End
  • Mem. Start

Physical Block 2 Physical Block 3 Block 0 Physical Block 0

22 Mario Werner | Graz University of Technology

slide-29
SLIDE 29

AXI4 Encryption/Authentication Pipeline

www.tugraz.at Request Modifjer Memory Reader Decryption Wrap Burst Cache Read Responder Data Modifjer Encryption Memory Writer Data Filter Memory Write Port CPU Write Port Memory Read Port CPU Read Port CPU

  • Addr. Port
  • Writes are always RMW
  • Supports block wise cipher modes (incl. metadata)
  • Optimizes wrapping bursts when reading

23 Mario Werner | Graz University of Technology

slide-30
SLIDE 30

Authentication Tree

www.tugraz.at Data Tag

Nonce

Tag Data Tag Data Tag Data Tag Secure Root (on chip) Memory Nonce

Nonce Nonce

Tag

Nonce Nonce

Tag

Nonce

Data Tag

Nonce

Tag Tree Nodes Data Nodes

Nonce Nonce Nonce

24 Mario Werner | Graz University of Technology

slide-31
SLIDE 31

AXI4 Authentication Tree-Pipeline

www.tugraz.at

Request Modifjer Cache Fetcher Secure Root Memory Reader Nonce Injector Decryption Data Filter Wrap Burst Cache Read Responder Data Modifjer Encryption Memory Writer Nonce Cache Nonce Processing Cache Writer CPU

  • Addr. Port

Memory Write Port CPU Write Port Memory Read Port CPU Read Port

  • Writes are always RMW
  • Single traversal from the root to the leaf
  • Caches for reads, parallel trees for writes
  • Arbitrary tree arity

25 Mario Werner | Graz University of Technology

slide-32
SLIDE 32

Summary

www.tugraz.at

  • Modular VHDL framework for memory encryption/authentication
  • Example pipelines for transparent integration
  • Supports various ciphers and modes of operation
  • Ciphers: Prince, AES, Ascon
  • Modes: ECB, CBC, XTS, TEC-tree
  • AXI4 support (write strobes, narrow transfers, wrapping bursts)
  • Tested using an ARM A9 dual-core CPU and Linux as master
  • Open source: ❤tt♣s✿✴✴❣✐t❤✉❜✳❝♦♠✴■❆■❑✴♠❡♠s❡❝
  • Enables follow-up research [UWM19] and projects

(❤tt♣s✿✴✴♠✐tr❡❝②❜❡r❛❝❛❞❡♠②✳♦r❣✴❝♦♠♣❡t✐t✐♦♥s✴❡❝t❢✲✷✵✶✾✴❡❝t❢✶✾❞❡s❝✳❤t♠❧)

26 Mario Werner | Graz University of Technology

slide-33
SLIDE 33

SCATTERCACHE: Thwarting Cache Attacks via Cache Set Randomization

Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, and Stefan Mangard. “ScatterCache: Thwarting Cache Attacks via Cache Set Randomization”. In: USENIX Security Symposium. 2019, pp. 675–692. URL: ❤tt♣s✿✴✴✇✇✇✳✉s❡♥✐①✳♦r❣✴❝♦♥❢❡r❡♥❝❡✴✉s❡♥✐①s❡❝✉r✐t②✶✾✴♣r❡s❡♥t❛t✐♦♥✴✇❡r♥❡r 27 Mario Werner | Graz University of Technology

slide-34
SLIDE 34

High-Level Concept

www.tugraz.at

L L C a c h e

S l i c e

S

  • C

S l i c e B

  • t

R O M B

  • t

S R A M D D R Me mo r y C

  • n

t r

  • l

l e r Me mo r y C h i p Me mo r y C h i p S C F P C

  • r

e S C F P C

  • r

e Me mo r y E n c r y p t i

  • n

28 Mario Werner | Graz University of Technology

slide-35
SLIDE 35

Caches in a Nutshell

www.tugraz.at

  • Small but fast memory close to the processor
  • Exploit spatial and temporal locality in software to improve performance
  • Access to recently used or close-by (i.e., cached) data is faster

50 100 150 200 250 300 350 400 1 2 3 ·106 Latency [Cycles] # of Accesses Cache Hits Cache Misses

→ Enables cache attacks that infer memory accesses from timing information

❣❡♥❡r❛t❡❞ ✉s✐♥❣ t❤❡ ❈❚❆ ❝❛❧✐❜r❛t✐♦♥ t♦♦❧ ❬●❙▼✶✺❪ ♦♥ ♠② ✐✺✲✹✷✵✵❯ ❧❛♣t♦♣ 29 Mario Werner | Graz University of Technology

slide-36
SLIDE 36

SCATTERCACHE - Idea

www.tugraz.at

Set 0 Set 1 Set 2 Set 3

  • Addr. A

Domain X

  • Addr. A

Domain Y

  • Addr. B
  • Addr. A
  • Addr. B

@DAC [Tri+18], @MICRO [Qur18]

30 Mario Werner | Graz University of Technology

slide-37
SLIDE 37

SCATTERCACHE - Hardware Concept

www.tugraz.at

We want something that is similar in hardware to a traditional cache! instead of this:

  • fgset

set[idx+2] set[idx-2] set[idx-1] set[idx+1] way 0 way 1 way 2 way 3

index tag

let’s do this:

  • fgset

idx0 way 3

index tag

IDF

cache line addr. key

idx1 idx2 idx3 way 1 way 2 way 0

SDID

  • Low latency cryptographic primitives as index derivation function (IDF)
  • Skewed addressing instead of fixed set addressing

31 Mario Werner | Graz University of Technology

slide-38
SLIDE 38

Summary

www.tugraz.at

  • SCATTERCACHE combines skewed caches and low latency

cryptographic primitives

  • Breaks the fixed link between addresses and cache sets
  • Removes the rigid assignment of cache lines to sets
  • Enables software control over the cache congruencies via SDIDs
  • Comparable performance to contemporary caches
  • Harder to attack even in strong attack models
  • Attacks are probabilistic and demand new approaches
  • Still, more analysis is required in more realistic models

32 Mario Werner | Graz University of Technology

slide-39
SLIDE 39

Conclusion

slide-40
SLIDE 40

Conclusion

www.tugraz.at

  • Techniques to protect code execution against physical attacks
  • Control-Flow Integrity: GPSA, SCFP, remote attestation and licensing
  • Memory System: MEMSEC, SCATTERCACHE
  • PoC implementations hint reasonable costs and good performance
  • Fully integrated into the toolchain for good usability
  • Highly configurable concepts with huge design space
  • Foundation for follow-up research (e.g., SCFP

, MEMSEC, SCATTERCACHE)

33 Mario Werner | Graz University of Technology

slide-41
SLIDE 41

Outlook

www.tugraz.at

Potential topics for follow-up research:

  • Hardware supported protection of on-chip data/addresses
  • Side-channel evaluation of SCFP
  • Development of custom cryptographic primitives

(low latency, configurable block size)

  • Quantifying the security of “secure” caches against real attacks
  • Evaluation of our concepts on larger processors

34 Mario Werner | Graz University of Technology

slide-42
SLIDE 42

System Architectures and Techniques for Efficient, Secure, and Trusted Code Execution

Mario Werner May 7, 2020

Graz University of Technology

slide-43
SLIDE 43

Author’s Publications i

www.tugraz.at [Gro+16] Hannes Gross, Manuel Jelinek, Stefan Mangard, Thomas Unterluggauer, and Mario Werner. “Concealing Secrets in Embedded Processors Designs”. In: Smart Card Research and Advanced Applications – CARDIS. 2016, pp. 89–104. DOI: ✶✵✳✶✵✵✼✴✾✼✽✲✸✲✸✶✾✲✺✹✻✻✾✲✽❴✻. [Kal+20] Daniel Kales, Sebastian Ramacher, Christian Rechberger, Roman Walch, and Mario Werner. “Efficient FPGA Implementations of LowMC and Picnic”. In: The Cryptographers’ Track at the RSA Conference – CT-RSA. 2020. URL: ❤tt♣s✿✴✴❡♣r✐♥t✳✐❛❝r✳♦r❣✴✷✵✶✾✴✶✸✻✽. [Sch+18] Robert Schilling, Mario Werner, Pascal Nasahl, and Stefan Mangard. “Pointing in the Right Direction - Securing Memory Accesses in a Faulty World”. In: Annual Computer Security Applications Conference – ACSAC. 2018, pp. 595–604. DOI: ✶✵✳✶✶✹✺✴✸✷✼✹✻✾✹✳✸✷✼✹✼✷✽. [SWM18] Robert Schilling, Mario Werner, and Stefan Mangard. “Securing conditional branches in the presence of fault attacks”. In: Design, Automation & Test in Europe – DATE. 2018,

  • pp. 1586–1591. DOI: ✶✵✳✷✸✾✶✾✴❉❆❚❊✳✷✵✶✽✳✽✸✹✷✷✻✽.
slide-44
SLIDE 44

Author’s Publications ii

www.tugraz.at [UWM17a] Thomas Unterluggauer, Mario Werner, and Stefan Mangard. “Securing Memory Encryption and Authentication Against Side-Channel Attacks Using Unprotected Primitives”. In: Conference on Computer and Communications Security – CCS. 2017, pp. 690–702. DOI: ✶✵✳✶✶✹✺✴✸✵✺✷✾✼✸✳✸✵✺✷✾✽✺. [UWM17b] Thomas Unterluggauer, Mario Werner, and Stefan Mangard. “Side-channel plaintext-recovery attacks on leakage-resilient encryption”. In: Design, Automation & Test in Europe – DATE. 2017, pp. 1318–1323. DOI: ✶✵✳✷✸✾✶✾✴❉❆❚❊✳✷✵✶✼✳✼✾✷✼✶✾✼. [UWM19] Thomas Unterluggauer, Mario Werner, and Stefan Mangard. “MEAS: memory encryption and authentication secure against side-channel attacks”. In: J. Cryptographic Engineering 9 (2019),

  • pp. 137–158. DOI: ✶✵✳✶✵✵✼✴s✶✸✸✽✾✲✵✶✽✲✵✶✽✵✲✷.

[Wei+19] Samuel Weiser, Mario Werner, Ferdinand Brasser, Maja Malenko, Stefan Mangard, and Ahmad-Reza Sadeghi. “TIMBER-V: Tag-Isolated Memory Bringing Fine-grained Enclaves to RISC-V”. In: Network and Distributed System Security Symposium – NDSS. 2019. URL: ❤tt♣s✿✴✴✇✇✇✳♥❞ss✲s②♠♣♦s✐✉♠✳♦r❣✴♥❞ss✲♣❛♣❡r✴t✐♠❜❡r✲✈✲t❛❣✲✐s♦❧❛t❡❞✲♠❡♠♦r②✲ ❜r✐♥❣✐♥❣✲❢✐♥❡✲❣r❛✐♥❡❞✲❡♥❝❧❛✈❡s✲t♦✲r✐s❝✲✈✴.

slide-45
SLIDE 45

Author’s Publications iii

www.tugraz.at [Wer+17] Mario Werner, Thomas Unterluggauer, Robert Schilling, David Schaffenrath, and Stefan Mangard. “Transparent memory encryption and authentication”. In: Field Programmable Logic and Applications – FPL. 2017, pp. 1–6. DOI: ✶✵✳✷✸✾✶✾✴❋P▲✳✷✵✶✼✳✽✵✺✻✼✾✼. [Wer+18] Mario Werner, Thomas Unterluggauer, David Schaffenrath, and Stefan Mangard. “Sponge-Based Control-Flow Protection for IoT Devices”. In: European Symposium on Security and Privacy – EuroS&P. Best Paper Award. 2018, pp. 214–226. DOI: ✶✵✳✶✶✵✾✴❊✉r♦❙P✳✷✵✶✽✳✵✵✵✷✸. [Wer+19a] Mario Werner, Robert Schilling, Thomas Unterluggauer, and Stefan Mangard. “Protecting RISC-V Processors against Physical Attacks”. In: Design, Automation & Test in Europe – DATE. 2019, pp. 1136–1141. DOI: ✶✵✳✷✸✾✶✾✴❉❆❚❊✳✷✵✶✾✳✽✼✶✹✽✶✶. [Wer+19b] Mario Werner, Thomas Unterluggauer, Lukas Giner, Michael Schwarz, Daniel Gruss, and Stefan Mangard. “ScatterCache: Thwarting Cache Attacks via Cache Set Randomization”. In: USENIX Security Symposium. 2019, pp. 675–692. URL: ❤tt♣s✿✴✴✇✇✇✳✉s❡♥✐①✳♦r❣✴❝♦♥❢❡r❡♥❝❡✴✉s❡♥✐①s❡❝✉r✐t②✶✾✴♣r❡s❡♥t❛t✐♦♥✴✇❡r♥❡r.

slide-46
SLIDE 46

Author’s Publications iv

www.tugraz.at [WUW13] Erich Wenger, Thomas Unterluggauer, and Mario Werner. “8/16/32 Shades of Elliptic Curve Cryptography on Embedded Processors”. In: Progress in Cryptology – INDOCRYPT. 2013,

  • pp. 244–261. DOI: ✶✵✳✶✵✵✼✴✾✼✽✲✸✲✸✶✾✲✵✸✺✶✺✲✹❴✶✻.

[WW11] Erich Wenger and Mario Werner. “Evaluating 16-Bit Processors for Elliptic Curve Cryptography”. In: Smart Card Research and Advanced Applications – CARDIS. 2011,

  • pp. 166–181. DOI: ✶✵✳✶✵✵✼✴✾✼✽✲✸✲✻✹✷✲✷✼✷✺✼✲✽❴✶✶.

[WW17] Samuel Weiser and Mario Werner. “SGXIO: Generic Trusted I/O Path for Intel SGX”. In: Conference on Data and Application Security and Privacy – CODASPY. 2017, pp. 261–268.

DOI: ✶✵✳✶✶✹✺✴✸✵✷✾✽✵✻✳✸✵✷✾✽✷✷.

[WWM15] Mario Werner, Erich Wenger, and Stefan Mangard. “Protecting the Control Flow of Embedded Processors against Fault Attacks”. In: Smart Card Research and Advanced Applications –

  • CARDIS. 2015, pp. 161–176. DOI: ✶✵✳✶✵✵✼✴✾✼✽✲✸✲✸✶✾✲✸✶✷✼✶✲✷❴✶✵.
slide-47
SLIDE 47

References i

www.tugraz.at [And+14] Elena Andreeva, Begül Bilgin, Andrey Bogdanov, Atul Luykx, Bart Mennink, Nicky Mouha, and Kan Yasuda. “APE: Authenticated Permutation-Based Encryption for Lightweight Cryptography”. In: Fast Software Encryption – FSE. 2014, pp. 168–186. DOI: ✶✵✳✶✵✵✼✴✾✼✽✲✸✲✻✻✷✲✹✻✼✵✻✲✵❴✾. [GSM15] Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. Cache Template Attacks Repository.

  • 2015. URL: ❤tt♣s✿✴✴❣✐t❤✉❜✳❝♦♠✴■❆■❑✴❝❛❝❤❡❴t❡♠♣❧❛t❡❴❛tt❛❝❦s (visited on 05/05/2020).

[Kim+14] Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. “Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors”. In: International Symposium on Computer Architecture –

  • ISCA. 2014, pp. 361–372. DOI: ✶✵✳✶✶✵✾✴■❙❈❆✳✷✵✶✹✳✻✽✺✸✷✶✵.

[KSV13] Dusko Karaklajic, Jörn-Marc Schmidt, and Ingrid Verbauwhede. “Hardware Designer’s Guide to Fault Attacks”. In: IEEE Trans. Very Large Scale Integr. Syst. 21 (2013), pp. 2295–2306. DOI: ✶✵✳✶✶✵✾✴❚❱▲❙■✳✷✵✶✷✳✷✷✸✶✼✵✼. [MM88] Aamer Mahmood and Edward J. McCluskey. “Concurrent Error Detection Using Watchdog Processors - A Survey”. In: IEEE Trans. Computers 37 (1988), pp. 160–174. DOI: ✶✵✳✶✶✵✾✴✶✷✳✷✶✹✺.

slide-48
SLIDE 48

References ii

www.tugraz.at [MOP07] Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis attacks - revealing the secrets of smart cards. Springer, 2007. ISBN: 978-0-387-30857-9. [Mur+20] Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. “Plundervolt: Software-based Fault Injection Attacks against Intel SGX”. In: IEEE Symposium

  • n Security and Privacy – S&P. 2020. URL:

❤tt♣s✿✴✴✇✇✇✳♣❧✉♥❞❡r✈♦❧t✳❝♦♠✴❞♦❝✴♣❧✉♥❞❡r✈♦❧t✳♣❞❢. [Qur18] Moinuddin K. Qureshi. “CEASER: Mitigating Conflict-Based Cache Attacks via Encrypted-Address and Remapping”. In: IEEE/ACM International Symposium on Microarchitecture – MICRO. 2018, pp. 775–787. DOI: ✶✵✳✶✶✵✾✴▼■❈❘❖✳✷✵✶✽✳✵✵✵✻✽. [Tri+18] David Trilla, Carles Hernández, Jaume Abella, and Francisco J. Cazorla. “Cache side-channel attacks and time-predictability in high-performance critical real-time systems”. In: Design Automation Conference – DAC. 2018, 98:1–98:6. DOI: ✶✵✳✶✶✹✺✴✸✶✾✺✾✼✵✳✸✶✾✻✵✵✸. [WS88] Kent D. Wilken and John Paul Shen. “Continuous Signature Monitoring: Efficient Concurrent-Detection of Processor Control Errors”. In: International Test Conference – ITC. 1988, pp. 914–925. DOI: ✶✵✳✶✶✵✾✴❚❊❙❚✳✶✾✽✽✳✷✵✼✽✽✵.

slide-49
SLIDE 49

Image/Icon Credits

www.tugraz.at

  • “Checklist” icon by Philipp Petzka from the Noun Project.
  • “direction” icon by DinosoftLab from the Noun Project.
  • “lightbulb” icon by Maxim Kulikov from the Noun Project.
  • “presentation” icon by Shmidt Sergey from the Noun Project.
  • “Question” icon by andrewcaliber from the Noun Project.
  • “car” image by bolala kido from Pixabay.
  • “green-light” image by Clker-Free-Vector-Images from Pixabay.
  • “laptop” image by Clker-Free-Vector-Images from Pixabay.
  • “router” image by Clker-Free-Vector-Images from Pixabay.
  • “smartphone” image by 1117826-1117826 from Pixabay.
  • “surveillance” image by OpenClipart-Vectors from Pixabay.