aegis
play

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant - PowerPoint PPT Presentation

Apr 08, 2023 •271 likes •520 views

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S Cases for Physical Security Applications

  1. AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S

  2. Cases for Physical Security • Applications on untrusted hosts with untrusted owners – Digital Rights Management (DRM), Software licensing – Distributed computation on Internet – Mobile agents • New challenges – Untrusted OS – Physical attacks Music/Movie Make Incorrect Results; Illegal Copies Break the System Program Distributed Computing, Peer-to-Peer Network Software G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  3. Conventional Tamper-Proof Packages • Processing system in a tamper-proof package (IBM 4758) – Expensive: many detecting sensors – Needs to be continuously powered: battery-backed RAM $2,690 in 2001 Memory 99MHz 486 Source: IBM website G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  4. Single-Chip Secure Processors • Only trust a single chip: tamper-resistant – Off-chip memory: verify the integrity and encrypt – Untrusted OS: identify a core part or protect against OS attacks • Cheap, Flexible, High Performance Identify or Protect against Check Integrity, Encrypt Trusted Environment Untrusted OS I/O Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  5. Related Research • XOM (eXecution Only Memory): David Lie et al – Stated goal: Protect integrity and privacy of code and data – Operating system is completed untrusted – Memory integrity checking does not prevent replay attacks – Privacy is expensive but not necessary for all applications • Palladium/NGSCB: Microsoft – Stated goal: Protect from software attacks – Combination of hardware and software mechanisms – Adds "curtained" memory to avoid DMA attacks – Uses a security kernel (Nexus) – Memory integrity and privacy are assumed (only software attacks). G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  6. AEGIS: High-Level Architecture L C S

  7. Secure Execution Environments • Tamper-Evident (TE) environment – Guarantees a valid execution and the identity of a program; no privacy – Any software or physical tampering to alter the program behavior should be detected • Private Tamper-Resistant (PTR) environment – TE environment + privacy – Encrypt instructions and data – Assume programs do not leak information via memory access patterns • Implementation – Either have a trusted part of the OS or completely untrust the OS – Secure context manager, encryption and integrity verification G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  8. Secure Context Manager (SCM) • A specialized module in the processor Standard Processor SCM • Assign a secure process ID Processor (SPID) for each secure Core SPID … Regs process … … • Implements new instructions L1 L1 Instruction Data … – enter_aegis cache cache – set_aegis_mode – random On-Chip L2 – sign_msg Cache • Maintains a secure table – Even operating system cannot modify Off-Chip Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  9. SCM: Program Start-Up • ‘ enter_aegis ’: TE mode – Start protecting the enter_aegis integrity of a program code_end Program – Compute and store the .text enter_aegis EKey1 = 0xA4523BC2E435D; hash of the stub code: EKey2 = 0xB034D2C654F32; E1Msg = … H(Prog) Secret=GetSecret(Challenge); Stub Segment Key1=Decrypt(EKey1, Secret); Key2=Decrypt(EKey2, Secret); CheckMAC(Key1, Key2, MAC); SHA-1 � Tampering of a program Msg = Decrypt(E1Msg, Key1); E2Msg = Encrypt(Msg, Key2); Output(E2Msg); results in a different hash Secret=GetSecret(Challenge); Key1=Decrypt(EKey1, Secret); Key2=Decrypt(EKey2, Secret); H(Prog) CheckMAC(Key1, Key2, MAC); – Stub code verifies the rest Msg = Decrypt(E1Msg, Key1); E2Msg = Encrypt(Msg, Key2); of the code and data Output(E2Msg); Protected Table • ‘ set_aegis_mode ’ – Start PTR mode on top of the TE mode G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  10. SCM: On-Chip Protection • Registers on interrupts Standard Processor SCM – SCM saves Regs on interrupts, and restore on Processor resume Core Interrupt SPID … Regs H(Prog) … Regs … Resume • On-chip caches … SPID Tags SPID Tags L1 L1 – Need to protect against Instruction Data cache cache software attacks – Use SPID tags and virtual memory address SPID Tags On-Chip L2 – Allow accesses from the Cache cache only if both SPID and the virtual address match Off-Chip Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  11. Memory Encryption Untrusted RAM Processor Program write ENCRYPT DECRYPT read Trusted State • Encrypt on an L2 cache block granularity – Use symmetric key algorithms with CBC mode – Randomize initial vectors G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  12. Integrity Verification Untrusted RAM Processor Program write Address 0x45 V ENCRYPT E E(124), R MAC(0x45, 124) I F DECRYPT Y read E(120), Trusted IGNORE MAC(0x45, 120) State Cannot simply MAC on writes and check the MAC on reads � Replay attacks Hash trees for integrity verification G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  13. Hash Trees Processor root = h(h 1 .h 2 ) VERIFY Logarithmic overhead h 1 =h(V 1 .V 2 ) h 2 =h(V 3 .V 4 ) for every cache miss VERIFY � Low performance L2 block � Cached hash trees Data Values V 1 V 2 V 3 V 4 MISS READ Untrusted Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  14. Cached Hash Trees (HPCA’03) Processor root = h(h 1 .h 2 ) VERIFY h 1 =h(V 1 .V 2 ) h 2 =h(V 3 .V 4 ) Cache hashes in L2 VERIFY In L2 VERIFY DONE!!! � L2 is trusted � Stop checking earlier � Less overhead In L2 V 1 V 2 V 3 V 4 MISS MISS Untrusted Memory G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  15. Message Authentication • Processor � Other systems – The processor signs a message for a program � sign_msg M : {H(Prog), M} SKproc – Unique for each program because H(Prog) is always included • Other systems � Processor – Embed the user’s public key in a program – Incoming messages are signed with the user’s private key Program with P user {Message} Suser {H(Prog), Message} Sproc G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  16. Applications L C S

  17. Certified Execution • Execution certified by the secure processor – Dispatcher provides a program and data – Processor returns the results with the signature • Requires the TE environment � enter_aegis � Verify results � Execute - H(Prog) � Get results - signature Program, Data RESULT Processor’s Processor’s Private Key Public Key RESULT Job Dispatcher Secure Processor G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  18. Digital Rights Management • Protects digital contents from illegal copying – Trusted software (player) on untrusted host – Content provider only gives contents to the trusted player • Requires the PTR environment � Verify � Run Player - H(Player) - nonce - enter_aegis - signature - enter PTR Player Content Random nonce Signed nonce Processor’s Processor’s Public Key Private Key Content Provider Authenticated & Encrypted Secure Processor Channel (SSL) G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  19. Performance L C S

  20. Performance Implication: TE processing • Major performance degradation is from off-chip integrity checking – Start-up and context switches are infrequent – no performance overhead for on-chip tagging 1.2 256KB 1MB 4MB 1 Worst case 50% degradation Most cases < 25% degradation 0.8 Normalized IPC 0.6 0.4 0.2 L2 Caches with 64B blocks 0 gcc gzip mcf twolf vortex vpr applu art swim (a) 64B G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

  21. Performance Implication: PTR processing • Major performance degradation is from off-chip integrity checking and encryption 1.2 256KB 1MB 4MB 1 0.8 Worst case 60% degradation Normalized IPC Most cases < 40% degradation 0.6 0.4 0.2 L2 Caches with 64B blocks 0 gcc gzip mcf twolf vortex vpr applu art swim G. Edward Suh — MIT Lab for Computer Science International Conference on Supercomputing — June 23-26, 2003

Recommend

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iMinds DIAC 2016 AEGIS 1 AEGIS: A shield carried by Athena and Zeus DIAC 2016 AEGIS 2 Different Design

524 views • 18 slides
Science Achievements of the DEEP2 &amp; AEGIS surveys by Koo, Faber, and the DEEP &amp; AEGIS

Science Achievements of the DEEP2 &amp; AEGIS surveys by Koo, Faber, and the DEEP &amp; AEGIS

Science Achievements of the DEEP2 &amp; AEGIS surveys by Koo, Faber, and the DEEP &amp; AEGIS Teams Supported by CARA, UCO/Lick Observatory, the National Science Foundation, and NASA DEEP2 basics Officially finished: 53,000 spectra

505 views • 31 slides
AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz

AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz

AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz (NGI_AEGIS Technical Manager) Dusan Vudragovic (NGI_AEGIS Deputy Manager) SCL, Institute of Physics Belgrade EGI-InSPIRE SA1 Kickoff Meeting 1

506 views • 15 slides
AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting

AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting

AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting Angela Gligorova, Nicola Pacifico 23.08.2012, IFT, University of Bergen Outline Overview of the Aegis apparatus for the May-June 2012 run

738 views • 24 slides
The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN

The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN

The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN on behalf of the AEgIS collaboration LEAP 2013, 10/6/2013 AEgIS Collaboration University of Oslo and University CERN, Switzerland of Bergen,

1.35k views • 35 slides
GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI

GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI

GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI BRESCIA &amp; INFN PAVIA on behalf of the AEgIS collaboration TAUP 2017 - XV International Conference on Topics in Astroparticle and Underground

338 views • 15 slides
Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1

Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1

Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1 Blockwise Stream Ciphers 2 Presentation of AEGIS 3 Linear Biases in AEGIS 1/22 Blockwise Stream Ciphers 2/22 Authenticated Encryption Schemes C

1.07k views • 39 slides
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological University, Katholieke Universiteit Leuven Presented at DIAC 1 Classification of Authenticated Encryption AEGIS Design rationale

635 views • 19 slides
RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat

RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat

RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat Provincial Reconstruction Team Capt Rockie Wilson Civil Affairs CAT-E (Engineer) Team Leader, Qalat PRT Training - Mission 5-week Combat Skills

961 views • 29 slides
Philip Harrison, Khangelani Moyo &amp; Yan Yang Introduction Within the broad aegis of de

Philip Harrison, Khangelani Moyo &amp; Yan Yang Introduction Within the broad aegis of de

Strategy and Tactics: Chinese Immigrants and Diasporic Spaces in Johannesburg, South Africa Philip Harrison, Khangelani Moyo &amp; Yan Yang Introduction Within the broad aegis of de Certeaus work, we engage the historical and

935 views • 56 slides
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. ODonnell, Ishan Sachdev, and Srinivas Devadas Massachusetts Institute of Technology 1 New Security Challenges

356 views • 31 slides
AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018

AEGIS : An Automated Permission Generation and Verification System for SDNs ACM SIGCOMM 2018 Workshop on SecSoN Heedo Kang, Seungwon Shin, Vinod Yegneswaran*, Shalini Ghosh*, Phillip Porras* KAIST, SRI International* Contents 1. B Background

585 views • 29 slides
AEGI S AEGI S A European framework for task-sharing in PGR conservation Jan Engels AEGIS

AEGI S AEGI S A European framework for task-sharing in PGR conservation Jan Engels AEGIS

AEGI S AEGI S A European framework for task-sharing in PGR conservation Jan Engels AEGIS Coordinator SEEDNet workshop on PGR international policy and legislation 24-25 October, 2007 Banjaluka, Republika Srpska Content of presentation

247 views • 21 slides
MAURITIUS Your Strategic Partner The Economic Development Board , operates under the aegis of the

MAURITIUS Your Strategic Partner The Economic Development Board , operates under the aegis of the

MAURITIUS Your Strategic Partner The Economic Development Board , operates under the aegis of the Prime Ministers Office Strategic Economic Planning Trade &amp; Business Mandate Investment Facilitation Promotion Country Branding

224 views • 19 slides
Recent Highlights from the DEEP &amp; AEGIS Surveys David C. Koo &amp; DEEP Team UCO/Lick

Recent Highlights from the DEEP &amp; AEGIS Surveys David C. Koo &amp; DEEP Team UCO/Lick

Recent Highlights from the DEEP &amp; AEGIS Surveys David C. Koo &amp; DEEP Team UCO/Lick Observatory University of California, Santa Cruz 28 Aug 2007 A Century of Cosmology, Venice, Italy DEIMOS KECK Outline 1) Whats DEEP? Why useful

464 views • 25 slides
The Navy Modernization Program: Estimating the Cost of Upgrading AEGIS Guided Missile Cruisers

The Navy Modernization Program: Estimating the Cost of Upgrading AEGIS Guided Missile Cruisers

The Navy Modernization Program: Estimating the Cost of Upgrading AEGIS Guided Missile Cruisers Jeremy Goucher, Herren Associates Krystian Jenkins, Naval Surface Warfare Center 11 June 2015 1 Agenda Background Induction Phase

352 views • 18 slides
ON THE FRINGE PRESENTED BY: AEGIS Risk Management Services Belinda Scott Managing Director

ON THE FRINGE PRESENTED BY: AEGIS Risk Management Services Belinda Scott Managing Director

WORKERS COMPENSATION: ON THE FRINGE PRESENTED BY: AEGIS Risk Management Services Belinda Scott Managing Director BJS Insurance Brokers Pty Ltd Seminar Format Committed to getting you out on time Save questions for the panel

843 views • 57 slides
Validating a Simulex Model Brian Thompson, P.E. AEGIS Engineering Considerations Evacuation

Validating a Simulex Model Brian Thompson, P.E. AEGIS Engineering Considerations Evacuation

Validating a Simulex Model Brian Thompson, P.E. AEGIS Engineering Considerations Evacuation conditions Validation of software Simulex algorithm Selection of occupants Construction of geometry In practice 2 Evacuation

622 views • 59 slides
LTM SURVEY A peer based study commissioned by Aegis Identity Software, Inc. to identify key

LTM SURVEY A peer based study commissioned by Aegis Identity Software, Inc. to identify key

LTM SURVEY A peer based study commissioned by Aegis Identity Software, Inc. to identify key issues regarding the management of identities in HE institutions . . . STUDY PURPOSE Gather peer based information to assess Key Drivers &amp; Issues

371 views • 12 slides
AERO 4907 SPACE DESIGN PROJECT Tarik Kaya tkaya@mae.carleton.ca Office: 3144ME ; Phone: 5692

AERO 4907 SPACE DESIGN PROJECT Tarik Kaya tkaya@mae.carleton.ca Office: 3144ME ; Phone: 5692

AERO 4907 SPACE DESIGN PROJECT Tarik Kaya tkaya@mae.carleton.ca Office: 3144ME ; Phone: 5692 Carleton University Department of Mechanical and Aerospace Engineering 2010 2004-05 &amp; 2005-06 PROJECT AEGIS AEGIS (Air-launched

220 views • 11 slides
Deflection of Secondary Beamline for AEgIS Collaboration Gerard Lawler Boston University CERN

Deflection of Secondary Beamline for AEgIS Collaboration Gerard Lawler Boston University CERN

Beamline Deflection of Secondary Beamline for AEgIS Collaboration Gerard Lawler Boston University CERN glawler@bu.edu May 11, 2015 Gerard Lawler Deflection of Secondary Beamline Einzel lens Beamline Subsection Example Overview Go over

248 views • 12 slides
Abstract Book 37th World Congress on Military Medicine H Ho on no or ra ar ry y C Ch ha

Abstract Book 37th World Congress on Military Medicine H Ho on no or ra ar ry y C Ch ha

REPUBLIC OF TUNISIA Under the High Patronage of His Excellency Mister Zine El Abidine BEN ALI President of the Republic of Tunisia Supreme Chief of the Armed Forces And under the aegis of the International Committee of Military Medecine 37th

341 views • 3 slides
LC/MS/MS and GC/MS Applications in Testing Illicit Substances Substances Dr. Darcie Wallace

LC/MS/MS and GC/MS Applications in Testing Illicit Substances Substances Dr. Darcie Wallace

LC/MS/MS and GC/MS Applications in Testing Illicit Substances Substances Dr. Darcie Wallace Duckworth Assistant Director of Training Aegis Sciences Corporation March 17, 2009 What is forensic toxicology? ABFT defines as the study and

459 views • 44 slides
The OIL Group of Companies www.oil.bm www.ocil.bm Tools for Risk Transfer Presentation to

The OIL Group of Companies www.oil.bm www.ocil.bm Tools for Risk Transfer Presentation to

The OIL Group of Companies www.oil.bm www.ocil.bm Tools for Risk Transfer Presentation to University of Houston April 5, 2012 The Evolution of Energy Mutuals TOPS 1993-99 sEnergy OIL 2002-2011 1972 Traditional AEGIS OCIL

591 views • 58 slides

More recommend