covert and side channel attacks and defenses
play

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 - PowerPoint PPT Presentation

Nov 28, 2023 •356 likes •1.03k views

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

  1. Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

  2. Reminder • Lab assignment will be released 09/21 Monday • Recommend to read ”Cache missing for fun and profit.” (2005). • Check out the presentation schedule on course website • 7 slots empty, volunteer or invited speaker or Mengjia/Miles 6.888 L4-Covert and Side Channels 2

  3. Resources • Side channel tutorial website • https://sites.google.com/view/arch-sec/home • External resources • Mastik, a toolkit for uarch side channels: https://cs.adelaide.edu.au/~yval/Mastik/ • Survey on microarchitectural timing attacks: https://eprint.iacr.org/2016/613.pdf • Survey on transient execution attacks: https://arxiv.org/abs/1811.05441 6.888 L4-Covert and Side Channels 3

  4. What is Covert and Side Channel? Covert channel: • Intended communication between two or more security parties Side channel: • Unintended communication between two or more security parties 6.888 L4-Covert and Side Channels 4

  5. What is Covert and Side Channel? Covert channel: • Intended communication between two or more security parties Side channel: • Unintended communication between two or more security parties In both cases: • Communication should not be possible, following system semantics • The communication medium is not designed to be a communication channel 6.888 L4-Covert and Side Channels 4

  6. What is Covert and Side Channel? Covert channel: • Intended communication between two or more security parties Side channel: • Unintended communication between two or more security parties In both cases: • Communication should not be possible, following system semantics • The communication medium is not designed to be a communication channel Covert channel can show “best case” leakage 6.888 L4-Covert and Side Channels 4

  7. Scope CIA: Confidentiality, Integrity, Availability 6.888 L4-Covert and Side Channels 5

  8. Scope CIA: Confidentiality, Integrity, Availability Confidentiality: was data being computed upon not revealed to an un-permitted party? Integrity: was the computation performed correctly, returning the correct result? Availability: did the computational resource carry out the task at all? 6.888 L4-Covert and Side Channels 5

  9. Scope CIA: Confidentiality, Integrity, Availability Confidentiality/Privacy Confidentiality: was data being computed upon not revealed to an un-permitted party? Integrity: was the computation performed correctly, returning the correct result? Availability: did the computational resource carry out the task at all? 6.888 L4-Covert and Side Channels 5

  10. Scope CIA: Confidentiality, Integrity, Availability Confidentiality/Privacy Side/covert channels Confidentiality: was data being computed upon not revealed to an un-permitted party? Integrity: was the computation performed correctly, returning the correct result? Availability: did the computational resource carry out the task at all? 6.888 L4-Covert and Side Channels 5

  11. Scope CIA: Confidentiality, Integrity, Availability Confidentiality/Privacy Side/covert channels Confidentiality: was data being computed upon not revealed to an un-permitted party? Microarchitectural channels Integrity: was the computation performed correctly, returning the correct result? Availability: did the computational resource carry out the task at all? 6.888 L4-Covert and Side Channels 5

  12. Side Channels Are Almost Everywhere

  13. Daily Life Examples • Acoustic side channels • Monitor keystrokes • You only need: a cheap microphone + an ML model 6.888 L4-Covert and Side Channels 7

  14. Daily Life Examples • Acoustic side channels • Monitor keystrokes • You only need: a cheap microphone + an ML model • Network traffic contention side channel • If you want to be an active attacker, try stress test 6.888 L4-Covert and Side Channels 7

  15. “Hear” The Screen frequency time Sound Spectogram Genkin et. al. Synesthesia: Detecting Screen Content via Remote Acoustic Side Channels. S&P’19 6.888 L4-Covert and Side Channels 8

  16. “Hear” The Screen (A) is the LCD panel, (B) is the screen’s digital logic and image rendering board and, (C) is the screen’s power supply board. 6.888 L4-Covert and Side Channels 9

  17. Network Side Channels • Website Fingerprinting Lescisin et. al. Tools for Active and Passive Network Side-Channel Detection for Web Applications. WOOT’18 Cai et. al. Touching from a distance: Website fingerprinting attacks and defenses. CCS’12. 6.888 L4-Covert and Side Channels 10

  18. Network Side Channels • Website Fingerprinting • Response dependent: • iSideWith.com • Real-time feedback: • Google Search auto-complete Lescisin et. al. Tools for Active and Passive Network Side-Channel Detection for Web Applications. WOOT’18 Cai et. al. Touching from a distance: Website fingerprinting attacks and defenses. CCS’12. 6.888 L4-Covert and Side Channels 10

  19. Physical v.s. Timing v.s. uArch Channel • What can the adversary observe? 6.888 L4-Covert and Side Channels 11

  20. Physical v.s. Timing v.s. uArch Channel • What can the adversary observe? Physical channels Power, EM, sound, etc. Processor Victim Attacker requires measurement equipment à physical access 6.888 L4-Covert and Side Channels 11

  21. Physical v.s. Timing v.s. uArch Channel • What can the adversary observe? Timing channels Physical channels Power, EM, sound, etc. Processor Processor Response time Victim Victim Attacker requires measurement Attacker may be remote (e.g., equipment à physical access over an internet connection) 6.888 L4-Covert and Side Channels 11

  22. Physical v.s. Timing v.s. uArch Channel • What can the adversary observe? Microarchitectural Timing channels Physical channels channels Microarch events (e.g., timing, perf. Power, EM, counters, etc.) sound, etc. Processor Processor Processor Response Victim time Victim Victim Attacker Attacker requires measurement Attacker may be remote (e.g., Attacker may be remote, equipment à physical access over an internet connection) or be co-located 6.888 L4-Covert and Side Channels 11

  23. Power Analysis from https://en.wikipedia.org/wiki/Power_analysis 6.888 L4-Covert and Side Channels 12

  24. Victim Application: RSA • Square-and-multiply based exponentiation Input : base b , modulo m , exponent e = ( e n −1 ... e 0 ) 2 Output : b e mod m r = 1 for i = n −1 down to 0 do r = sqr ( r ) r = mod ( r , m ) if e i == 1 then r = mul ( r , b ) r = mod ( r , m ) end end return r 6.888 L4-Covert and Side Channels 13

  25. Victim Application: RSA • Square-and-multiply based exponentiation Input : base b , modulo m , exponent e = ( e n −1 ... e 0 ) 2 Output : b e mod m r = 1 for i = n −1 down to 0 do r = sqr ( r ) r = mod ( r , m ) if e i == 1 then r = mul ( r , b ) r = mod ( r , m ) end end return r 6.888 L4-Covert and Side Channels 13

  26. Power Analysis 6.888 L4-Covert and Side Channels 14

  27. Power Analysis • Various signal processing techniques to de-noise. • More advanced: differential power analysis (DPA) 6.888 L4-Covert and Side Channels 14

  28. Benign Usage: Non-intrusive Software Monitoring • How to efficiently monitor application for anomaly detection? Sehatbakhsh et al. Spectral Profiling: Observer-Effect-Free Profiling by Monitoring EM Emanations. MICRO’16 6.888 L4-Covert and Side Channels 15

  29. Benign Usage: Non-intrusive Software Monitoring • How to efficiently monitor application for anomaly detection? Sehatbakhsh et al. Spectral Profiling: Observer-Effect-Free Profiling by Monitoring EM Emanations. MICRO’16 6.888 L4-Covert and Side Channels 15

  30. What can you do with these channels? • Violate privilege boundaries • Inter-process communication • Infer an application’s secret • (Semi-Invasive) application profiling 6.888 L4-Covert and Side Channels 16

  31. What can you do with these channels? • Violate privilege boundaries • Inter-process communication • Infer an application’s secret • (Semi-Invasive) application profiling Different from traditional software or physical attacks: • Stealthy. Sophisticated mechanisms needed to detect channel • Usually no permanent indication one has been exploited 6.888 L4-Covert and Side Channels 16

  32. uArch Side Channels

  33. Recap: Process Isolation Process 1 Physical Address Space Page Table per process (limited by DRAM size) VA 4KB PA 4KB Process 2 4KB 4KB Virtual Address Space (Programmer's View) 6.888 L4-Covert and Side Channels 18

  34. Recap: Process Isolation Process 1 Physical Address Space Page Table per process (limited by DRAM size) VA 4KB PA 4KB Process 2 4KB 4KB How to communicate across processes? Virtual Address Space (Programmer's View) 6.888 L4-Covert and Side Channels 18

  35. Normal Cross-process Communication include <socket.h> void send(bit msg) { socket.send(msg); } bit recv() { return socket.recv(msg); } 6.888 L4-Covert and Side Channels 19

  36. Normal Cross-process Communication include <socket.h> How to communication void send(bit msg) { without letting OS know? socket.send(msg); } bit recv() { return socket.recv(msg); } 6.888 L4-Covert and Side Channels 19

Recommend

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from

Covert and Side Channel Attacks and Defenses Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder Lab assignment will be released 09/21 Monday Recommend to read Cache missing for fun and profit. (2005).

562 views • 38 slides
Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science &amp; Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

154 views • 14 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides
Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman

Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman

Abusing the Windows WiFi native API to create a covert channel Andrs Blanco Ezequiel Gutesman 1 Outline Covert Channels Attack Vectors and Scenarios IEEE 802.11 Fundamentals Covert Channel Design Implementation

766 views • 38 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto &amp; Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz MIT CSAIL Microsoft Research Security is a big concern in cloud adoption Why are cache-based side channel

588 views • 38 slides
CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security Introduction Meltdown Papers Spectre Attacks: Exploiting Speculative Execution, IEEE Security and Privacy (S&amp;P), 2019 (Dustin)

726 views • 44 slides
Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet GREYC - LMNO Universit e de Caen Darmstadt 29th of April 2010 1 / 59 Outline Pairing over elliptic curves 1 Definition and properties of

1.55k views • 111 slides
Side-Channel Attacks and Human Secrets Yossi Oren, BGU https://iss.oy.ne.ro @yossioren

Side-Channel Attacks and Human Secrets Yossi Oren, BGU https://iss.oy.ne.ro @yossioren

Side-Channel Attacks and Human Secrets Yossi Oren, BGU https://iss.oy.ne.ro @yossioren CROSSING Conference,TU Darmstadt, Germany September 2019 Joint work with Anatoly Shusterman, Lachlan Kang, Yosef Meltser, Yarden Haskal, Prateek Mittal

288 views • 27 slides
The impact of side-channel attacks on the design of cryptosystems D. J. Bernstein University of

The impact of side-channel attacks on the design of cryptosystems D. J. Bernstein University of

The impact of side-channel attacks on the design of cryptosystems D. J. Bernstein University of Illinois at Chicago The standard model of senders, receivers, attackers, etc.: 1. Parties perform computation, send messages to other parties.

550 views • 32 slides
Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA August 2, 2007 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

533 views • 41 slides

More recommend