tresor runs encryption securely outside ram
play

TRESOR Runs Encryption Securely Outside RAM 20th USENIX Security - PowerPoint PPT Presentation

May 02, 2023 •199 likes •504 views

TRESOR Runs Encryption Securely Outside RAM 20th USENIX Security Symposium August 8 12, 2011 San Francisco, CA Tilo Mller Felix C. Freiling Andreas Dewald Department of Computer Science University of Erlangen Who we are Chair

  1. TRESOR Runs Encryption Securely Outside RAM 20th USENIX Security Symposium August 8 – 12, 2011 • San Francisco, CA Tilo Müller Felix C. Freiling Andreas Dewald Department of Computer Science University of Erlangen

  2. Who we are Chair for IT-Security Infrastructures University of Erlangen-Nuremberg www1.cs.fau.de Nuremberg Franconia, Germany August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 2

  3. PART I Introduction

  4. Motivation Cold Boot Attacks Firewire Attacks Other DMA Attacks - PCI - PC-Card - Thunderbolt? → RAM is insecure → Disk encryption which stores the key in RAM is insecure Affected: BitLocker, FileVault, dm-crypt, TrueCrypt and more August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 4

  5. TRESOR's Security Policy TRESOR Runs Encryption Securely Outside RAM: - AES implementation solely on the microprocessor - Secret keys and states never enter RAM - Instead, only processor registers are used as storage August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 5

  6. PART II Implementation

  7. Key management : key storage The key registers must be: - big enough to store AES-128/192/256 keys ( size ) - a privileged ring-0 resource (security) - seldom used by applications and compensable in software ( compatibility ) → fulfilled by the set of debug registers August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 7

  8. Key management : debug regs TRESOR (mis)uses debug registers as persistent key storage → supports AES-128/192/256 on 64-bit machines supports AES-128 on 32-bit machines August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 8

  9. Key management : key derivation August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 9

  10. AES Algorithm : guideline Security Policy: No valuable information about the AES key or state should be visible in RAM at any time Challenge: Implement AES without using RAM at all → no runtime variables in data segment (stack, heap, …) → use SSE registers and GPRs to store intermediate states → written in assembly language (x86) August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 10

  11. AES Algorithm : assembly implementation 1. Generic x86 assembler instructions → possible, but far too slow 2. Intel's new AES instruction set (AES-NI) - hardware accelerated AES instructions aesenc, aesenclast, aesdec, aesdeclast - runs without RAM (instead: SSE) - short and efficient AES code → does perfectly meet our needs /* Encrypt */ /* Decrypt */ .macro encrypt_block rounds .macro decrypt_block rounds movdqu 0(%rsi),rstate movdqu 0(%rsi),rstate read_key rk0 rk1 \rounds read_key rk0 rk1 \rounds pxor rk0,rstate generate_rks_\rounds generate_rks_\rounds pxor rk\rounds,rstate aesenc rk1,rstate .if (\rounds > 12) aesenc rk2,rstate read_key rk0,rk1,10 aesenc rk3,rstate aesdec_ rk13,rstate aesenc rk4,rstate aesdec_ rk12,rstate aesenc rk5,rstate .endif aesenc rk6,rstate .if (\rounds > 10) aesenc rk7,rstate aesdec_ rk11,rstate aesenc rk8,rstate aesdec_ rk10,rstate aesenc rk9,rstate .endif .if (\rounds > 10) aesdec_ rk9,rstate aesenc rk10,rstate aesdec_ rk8,rstate aesenc rk11,rstate aesdec_ rk7,rstate .endif aesdec_ rk6,rstate .if (\rounds > 12) aesdec_ rk5,rstate aesenc rk12,rstate aesdec_ rk4,rstate aesenc rk13,rstate aesdec_ rk3,rstate .endif aesdec_ rk2,rstate aesenclast rk\rounds,rstate aesdec_ rk1,rstate epilog aesdeclast rk0,rstate .endm epilog .endm August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 11

  12. AES Algorithm : key schedule Conventional AES: round keys are calculated once and then stored in RAM ( for performance reasons) TRESOR: on-the-fly round key generation (since the entire key schedule is too big to be stored inside CPU) /* generate next round key */ /* generate round keys rk1 to rk10 */ .macro key_schedule r0 r1 r2 rcon .macro generate_rks_10 pxor rhelp,rhelp key_schedule rk0 rk0 rk1 0x1 movdqu \r0,\r2 key_schedule rk1 rk1 rk2 0x2 shufps $0x1f,\r2,rhelp key_schedule rk2 rk2 rk3 0x4 pxor rhelp,\r2 key_schedule rk3 rk3 rk4 0x8 shufps $0x8c,\r2,rhelp key_schedule rk4 rk4 rk5 0x10 pxor rhelp,\r2 key_schedule rk5 rk5 rk6 0x20 aeskeygenassist $\rcon,\r1,rhelp key_schedule rk6 rk6 rk7 0x40 .if (\rcon == 0) key_schedule rk7 rk7 rk8 0x80 shufps $0xaa,rhelp,rhelp key_schedule rk8 rk8 rk9 0x1b .else key_schedule rk9 rk9 rk10 0x36 shufps $0xff,rhelp,rhelp .endm .endif pxor rhelp,\r2 .endm August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 12

  13. Kernel Patch We have to patch the operating system kernel for two reasons: 1. Problem: unprivileged user access to debug registers → Solution: patch ptrace syscall 2. Problem: scheduling and context switching of SSE /GPRs → Solution: introduce atomicity Hence, TRESOR is implemented in kernel space (currently Linux 2.6.36) August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 13

  14. Kernel Patch : key protection Risks: 1. Malicious user access to debug registers → compromised key 2. Writing to debug registers accidentally (e.g., starting gdb) → polluting key storage → data corruption int ptrace_set_debugreg (tsk_struct *t,int n,long v) { thread_struct *thread = &(t->thread); Solution: int rc = 0; if (n == 4 || n == 5) deny access to debug return -EIO; registers from userland + #ifdef CONFIG_CRYPTO_TRESOR + else if (n == 6 || n == 7) + return -EPERM; + else + return -EBUSY; + #endif if (n == 6) { thread->debugreg6 = v; goto ret_path; } if (n < HBP_NUM) { rc=ptrace_set_breakpoint_addr(t,n,v); if (rc) return rc; } [...] ret_path: return rc; } August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 14

  15. Kernel Patch : atomicity • OS regularly performs CPU context switches • when TRESOR is active this context comprises sensitive data (general purpose and SSE registers) ⇒ run TRESOR atomically (per 128-bit input block) /* Encrypt one TRESOR block */ void tresor_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) { struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm); unsigned long irq_flags; // enter atomicity preempt_disable(); local_irq_save(*irq_flags); // encrypt block switch(ctx->key_length) { case AES_KEYSIZE_128: tresor_encblk_128(dst,src); break; case AES_KEYSIZE_192: tresor_encblk_192(dst,src); break; case AES_KEYSIZE_256: tresor_encblk_256(dst,src); break; } // leave atomicity local_irq_restore(*irq_flags); preempt_enable(); } August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 15

  16. PART III Security Evaluation

  17. Security Analysis : memory attacks TRESOR: nothing but the output block is written actively to RAM But: sensitive data may be copied into RAM passively by OS side effects (e.g., interrupt handling, scheduling, swapping, ACPI suspend, etc.) → observe RAM of a TRESOR system at runtime Test-Setup: - KVM/Qemu - guest1: unpatched Linux, no encryption - guest2: unpatched Linux, generic AES encryption - guest3: patched Linux, TRESOR encryption - examine guests main memories from the host Generic physical TRESOR AES memory no enc August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 17

  18. Security Analysis : memory attacks Test 1: Browse guest's main memory with AESKeyFind . Result: - guest 1 (no enc): no key recovered - guest 2 (generic AES): key recovered - guest 3 (TRESOR): no key recovered But: AESKeyFind is heavily based on the AES key schedule. Since TRESOR does not store a key schedule, this may be the only reason why the key cannot be recovered. August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 18

  19. Security Analysis : memory attacks Test 2: Unlike real attackers we are aware of the secret key. → we don't need the key schedule but can search for the key bit pattern directly. Result: - guest 1 (no enc): -/- - guest 2 (generic AES): match found - guest 3 (TRESOR): no match found But: The key could be stored discontiniously, in another endianess, etc. August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 19

  20. Security Analysis : memory attacks Test 3: Search for the longest match of the key pattern, its reverse and any part of those, in little and in big endian. Result: - guest 1 (no enc): -/- - guest 2 (generic AES): 32-byte longest match - guest 3 (TRESOR): 3-byte longest match But: The key could enter RAM only seldom, in special situations. August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 20

  21. Security Analysis : memory attacks Test 4: Search for the longest match of the key pattern during ACPI suspend and during swapping. Result (suspend-to-RAM): - guest 2 (generic AES): 32-byte longest match - guest 3 (TRESOR): 3-byte longest match Result (swapping): - guest 2 (generic AES): 3-byte longest match on disk - guest 3 (TRESOR): 3-byte longest match on disk But: These are only the most important special states of the Linux kernel. Unfortunately, it is practically impossible to put the Linux kernel into all it's different states and analyze it's memory at the right moment. August 11, 2011 · 20 th USENIX SECURITY · TRESOR · Tilo Müller 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key.

How to Keep a Secret Key Securely Information can be secured by encryption under a secret key. The ciphertext can be replicated. Even if one replicated copy is lost, or stolen, Secret Sharing the information

181 views • 6 slides
FORWARD PRIVATE SEARCHABLE ENCRYPTION &amp; BEYOND 22/02/2017 MIT - RAPHAEL BOST DATE

FORWARD PRIVATE SEARCHABLE ENCRYPTION &amp; BEYOND 22/02/2017 MIT - RAPHAEL BOST DATE

FORWARD PRIVATE SEARCHABLE ENCRYPTION &amp; BEYOND 22/02/2017 MIT - RAPHAEL BOST DATE Searchable Encryption Outsource data securely keep search functionalities Generic Solutions Fully Homomorphic Encryption, MPC, ORAM

578 views • 37 slides
Firecracker How to Securely Run Thousands of Workloads on a Single Host What is Firecracker? -

Firecracker How to Securely Run Thousands of Workloads on a Single Host What is Firecracker? -

Firecracker How to Securely Run Thousands of Workloads on a Single Host What is Firecracker? - Open Source Project - Virtual Machine Monitor (VMM) - Runs on top of KVM - Security and isolation of VMs - Speed and density of container - Low

697 views • 30 slides
Alice and Bob want to communicate securely Achieve confidentiality and

Alice and Bob want to communicate securely Achieve confidentiality and

Alice and Bob want to communicate securely Achieve confidentiality and integrity/authenticity Both know each others public key Example: A-&gt;B: E Bob (M), S Alice (M) Works, but expensive Recall hybrid encryption

488 views • 16 slides
Fractional Factorial Designs Each replicate of a 2 k design requires 2 k runs. E.g. 64 runs for k =

Fractional Factorial Designs Each replicate of a 2 k design requires 2 k runs. E.g. 64 runs for k =

ST 516 Experimental Statistics for Engineers II Fractional Factorial Designs Each replicate of a 2 k design requires 2 k runs. E.g. 64 runs for k = 6, or 1024 runs for k = 10. When this is infeasible, we use a fraction of the runs. As a result, we

580 views • 18 slides
Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced SSH ssh user@server -p port SSH Keys SSH Encryption SSH uses symmetrical encryption The session key is negotiated securely under

530 views • 25 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Facebook encryption approach Cecilia Zappal EU Policy Manager, Facebook 1.3 billion users

Facebook encryption approach Cecilia Zappal EU Policy Manager, Facebook 1.3 billion users

Facebook encryption approach Cecilia Zappal EU Policy Manager, Facebook 1.3 billion users 180 countries Give people the power to build community and bring the world closer together - securely I grew up in a society where everything you

403 views • 16 slides
2 An Aqueduct Runs Through It 3 An Aqueduct Runs Through It 4 An Aqueduct Runs Through It 5

2 An Aqueduct Runs Through It 3 An Aqueduct Runs Through It 4 An Aqueduct Runs Through It 5

An Aqueduct Runs Through It A Series on the Future of Californias Water Supply Southern California Planning Congress in cooperation with the California Center for Land and Water Stewardship, Cal Poly Pomona Barry Lehrman Director, Aqueduct

658 views • 10 slides
Virtual Private Networks -Prekshu Ajmera Virtual Private Network Internet runs on public

Virtual Private Networks -Prekshu Ajmera Virtual Private Network Internet runs on public

Virtual Private Networks -Prekshu Ajmera Virtual Private Network Internet runs on public lines that are insecure Need to communicate securely Private lines : costly option VPN Secure private communications over public

671 views • 27 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Observing Facts Andreas Zeller 1 Reasoning about Runs Experimentation n controlled runs

Observing Facts Andreas Zeller 1 Reasoning about Runs Experimentation n controlled runs

Observing Facts Andreas Zeller 1 Reasoning about Runs Experimentation n controlled runs Induction n runs Observation 1 run Deduction 0 runs 2 2 Reasoning about Runs Observation 1 run Deduction 0 runs 3 3 Principles of

559 views • 9 slides
Folding Carton Point of Purchase Display Purchasing Small runs Large runs Combo runs

Folding Carton Point of Purchase Display Purchasing Small runs Large runs Combo runs

Folding Carton Point of Purchase Display Purchasing Small runs Large runs Combo runs VMI In House Graphic Design In House Structural Design Stock Items WHO ARE WE? Packaging Technologies Inc. 310 Courtland Ave.

602 views • 5 slides
Generic Architecture Architecture Generic for Securely Securely Managing Managing for

Generic Architecture Architecture Generic for Securely Securely Managing Managing for

Trusted Architecture for Trusted Architecture for Securely Shared Services Securely Shared Services Generic Architecture Architecture Generic for Securely Securely Managing Managing for Employability &amp; Healthcare Employability &amp;

161 views • 14 slides
RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of

RSA Encryption 10 February 2012 RSA Encryption 10 February 2012 1/35 We saw some methods of encryption Wednesday, but none of these is good enough to be used in actual situations. Today well talk about one method, RSA Encryption, which is

1.01k views • 59 slides
- chisq.test(x, y) runs &lt;- 1000 rbeta(runs, shape1, shape2) runs &lt;- 1000 experiment_1

- chisq.test(x, y) runs &lt;- 1000 rbeta(runs, shape1, shape2) runs &lt;- 1000 experiment_1

- chisq.test(x, y) runs &lt;- 1000 rbeta(runs, shape1, shape2) runs &lt;- 1000 experiment_1 &lt;- rbeta(runs, shape1, shape2) experiment_2 &lt;- rbeta(runs, shape1, shape2) runs &lt;- 1000 experiment_1 &lt;- rdirichlet(runs, alpha = c(a, b,

482 views • 20 slides
DAQ installation + noise measurements Dario Autiero, E.Bechetoille, B.Carlus, F.Doizon, S.Galymov,

DAQ installation + noise measurements Dario Autiero, E.Bechetoille, B.Carlus, F.Doizon, S.Galymov,

DAQ installation + noise measurements Dario Autiero, E.Bechetoille, B.Carlus, F.Doizon, S.Galymov, C.Girerd, J. Marteau, H.Mathez, E. Pennacchio, D.Pugnere, W.Tromeur 19/1/2017 We had several campaigns of measurements of the noise and grounding

401 views • 21 slides
Surveyor Implementation Report RFC 2679-2680 Matt Zekauskas matt@internet2.edu IETF 60,

Surveyor Implementation Report RFC 2679-2680 Matt Zekauskas matt@internet2.edu IETF 60,

Surveyor Implementation Report RFC 2679-2680 Matt Zekauskas matt@internet2.edu IETF 60, 2-Aug-2004 Platform Dell PCs (old 400 MHz GXEs) TrueTime GPS-PC cards BSDI/OS 3.2+ Custom driver for the TT GPS card Generally

472 views • 5 slides
Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva expiration: 09/10 Karen Lu Ksheerabdhi Krishna Challenges Installing crypto providers Breaks mobility Breaks ubiquity of web

425 views • 8 slides
Issues in Cryptography Ronald L. Rivest MIT Laboratory for Computer Science Outline

Issues in Cryptography Ronald L. Rivest MIT Laboratory for Computer Science Outline

Issues in Cryptography Ronald L. Rivest MIT Laboratory for Computer Science Outline Wheres Alice? ---The Secure Platform Problem Digital Signatures Repudiation The Alice abstraction Assumes Alice can generate and

429 views • 20 slides
Timing and Bandwidth Issues in Active Measurement or Physical Constraints on Active Probing

Timing and Bandwidth Issues in Active Measurement or Physical Constraints on Active Probing

Timing and Bandwidth Issues in Active Measurement or Physical Constraints on Active Probing MICRO-TUTORIAL ISMA 2003 Bandwidth Estimation Workshop (BEst) Darryl Veitch Essentials of Active Measurement Tap Tap

240 views • 7 slides
Jill Leonetti Contact Centers Suppressed usage / email billing Thin Client vs PC

Jill Leonetti Contact Centers Suppressed usage / email billing Thin Client vs PC

Jill Leonetti Contact Centers Suppressed usage / email billing Thin Client vs PC Transportation Subsidy Kudough - employee recognition Green Team: Reduction in garbage &amp; plastic bags o Recycling boxes at each

403 views • 8 slides
Galileo Readout Electronics For the AGATA Upgrade M. Bellato INFN Padova The Target

Galileo Readout Electronics For the AGATA Upgrade M. Bellato INFN Padova The Target

Galileo Readout Electronics For the AGATA Upgrade M. Bellato INFN Padova The Target Instrument Galileo with a readout that is AGATA 100% compatible Use the new readout as un upgrade to AGATA FEE Exploit state of the art

450 views • 17 slides
Towards a library of formalised undecidable problems in Coq: The undecidability of intuitionistic

Towards a library of formalised undecidable problems in Coq: The undecidability of intuitionistic

Towards a library of formalised undecidable problems in Coq: The undecidability of intuitionistic linear logic Yannick Forster and Dominique Larchey-Wendling LOLA 2018 July 12 saarland university computer science Y. Forster and D.

327 views • 30 slides

More recommend