Fi Fix x the the leak: k: Side de-Cha Channe nnel Protect ction for SGX using Data Locatio Lo ion Ran andomiz izatio ion Alexandra Dmitrienko Julius-Maximilians-Universität Würzburg alexandra.dmitrienko@uni-wuerzburg.de MARCH 4, 2020 2019 CROSSING Summer School on Sustainable Security & Privacy High-Tech Women: From Cybersecurity to Artificial Intelligence 1
WhoamI? • High-tech woman • Was born and grown up in Russia • BSc and MSc in Information Security • from St. Petersburg State Polytechnic University • 10+ years in security research in large research hubs in Europe • Ruhr-University Bochum • Center for Advanced Security Research in Darmstadt (CASED) • ETH Zurich • Now, Professor at Uni Würzburg • Secure Software Systems research group 2
Did you know? It is generally hard to get professorship in Germany It is double as hard for a female in technical disciplines It is triple as hard for a foreigner High-Tech Women: From Cybersecurity to Artificial Intelligence 3 March 4, 2020
Key Success Factors Passion Hard Luck Work Never Support giving up Ambitions High-Tech Women: From Cybersecurity to Artificial Intelligence 4 March 4, 2020
Last but not least: Keeping yourself motivated High-Tech Women: From Cybersecurity to Artificial Intelligence 5 March 4, 2020
What are high-tech women capable of? • Anything what women typically do… anything that men typically do and beyond! High-Tech Women: From Cybersecurity to Artificial Intelligence 6 March 4, 2020
Leaky Intel SGX High-Tech Women: From Cybersecurity to Artificial Intelligence 7 March 4, 2020
Intel Software Guard eXtensions Sensitive Application Application code OS RAM High-Tech Women: From Cybersecurity to Artificial Intelligence 8 March 4, 2020
Intel Software Guard eXtensions Application Enclave Application OS EPC RAM EPC: Enclave Page Cache High-Tech Women: From Cybersecurity to Artificial Intelligence 9 March 4, 2020 EPC: Enclave Page Cache
Intel Software Guard eXtensions Application Enclave Application OS EPC RAM EPC: Enclave Page Cache High-Tech Women: From Cybersecurity to Artificial Intelligence 10 March 4, 2020 EPC: Enclave Page Cache
Intel Software Guard eXtensions Application Enclave Application OS EPC RAM EPC: Enclave Page Cache High-Tech Women: From Cybersecurity to Artificial Intelligence 11 March 4, 2020 EPC: Enclave Page Cache
Intel Software Guard eXtensions Application Enclave Application OS EPC RAM EPC: Enclave Page Cache High-Tech Women: From Cybersecurity to Artificial Intelligence 12 March 4, 2020 EPC: Enclave Page Cache
Intel Software Guard Extensions Enclave Application Application OS Paging Caches RAM EPC High-Tech Women: From Cybersecurity to Artificial Intelligence 13 March 4, 2020
Background: Intel Software Guard Extensions Enclave Application Application OS Paging Caches RAM EPC High-Tech Women: From Cybersecurity to Artificial Intelligence 14 March 4, 2020
Leaking Information through Side-Channels Observe Attacker Entity 1 Entity 2 Victim Utilize Observe System High-Tech Women: From Cybersecurity to Artificial Intelligence 15 March 4, 2020
Le Leakage t throu ough P Paging Si Side Ch Channel Original Recovered Single-trace RSA key recovery from RSA key generation procedure of Intel SGX SSL via controlled-channel attack on the binary Euclidean algorithm (BEA) [Weiser et al., AsiaCCS’18] [Xu et al., IEEE S&P’15] High-Tech Women: From Cybersecurity to Artificial Intelligence 16 March 4, 2020
Information Leakage through shared hashes CPU Core 1 Core 0 Logical Logical Logical Logical Processor 0 Processor 1 Processor 2 Processor 3 (App) (Enclave) (Enclave) (App) Cache L1 Branch Pred. Cache L1 Branch Pred. Cache L2 Cache L2 Cache L3 High-Tech Women: From Cybersecurity to Artificial Intelligence 17 March 4, 2020
Information Leakage through shared hashes CPU [Lee et al., Usenix Sec’17] & [Brasser et al., WOOT’17] [arXiv:1611.06952] Core 1 Core 0 Extract RSA key and genome data Use CPU branch prediction caches from synchronized victim to infer control flow of a victim Logical Logical Logical Logical Logical Processor 0 Processor 1 Processor 2 Processor 3 Processor 3 (App) (Enclave) (Enclave) (Enclave) (App) [Schwarz et al., DIMVA’17 & arXiv:1702.08719] Cache L1 Branch Pred. Cache L1 Branch Pred. An attacker resides in another enclave, thus evading detection Cache L2 Cache L2 [Moghimi et al., arXiv:1703.06986] [Götzfried et al., EuroSec’17] Cache L3 Extract AES from key Extract AES key from synchronized victim Attack requires enclave interruption enclave (no enclave interruption required) (incurs detectable delays) High-Tech Women: From Cybersecurity to Artificial Intelligence 18 March 4, 2020
Side-Channel Mitigations: State-of-the-art Side-channel Annotation-based Oblivious resilient code protections Execution Extremely high Requires: overhead Requires: High expertise (83x, up to 220×) • High expertise • [Obfuscuro, Significant • Vast effort • Ahmad et al., NDSS effort 2019] High-Tech Women: From Cybersecurity to Artificial Intelligence 19 March 4, 2020
[ACSAC 2019] Our Recent Work: DR.SGX: Automated and Adjustable Side-Channel Protection for SGX using Data Location Randomization Joint work with Ferdinand Brasser 1 , Tommaso Frassetto 1 , Kari Kostiainen 2 , Srdjan Capkun 2 , Ahmad-Reza Sadeghi 1 1 TU Darmstadt, 2 ETH Zurich
The Big Picture SGX Side channel leakage RAM DR .SGX High-Tech Women: From Cybersecurity to Artificial Intelligence 21 March 4, 2020
Features compiler-based solution does not require any code annotations continuously (re-)randomizes memory locations at runtime balances between side-channel protection and performance overhead through a configurable parameter High-Tech Women: From Cybersecurity to Artificial Intelligence 22 March 4, 2020
DR.SGX DR GX R Re-ra randomization FFX Format-Preserving Encryption scheme with AES as a block cipher Layout 1 Initial layout Layout 2 A F G B C D C G B Permutation π 1 Permutation π 2 D E E E D C F H A AES-NI AES-NI G A F H B H Re-randomization window Time High-Tech Women: From Cybersecurity to Artificial Intelligence 23 March 4, 2020
Performance Evaluation using Nbench • Without runtime re-randomization (geometric mean about 4x) 30 × 25 × 20 × Overhead 15 × 10 × 5 × 0 × t t s t r n A n T U n r r a e p g a E a o o E L o i o r i m e S S D N s l u t F M s m g I ff N i o B m A n F u u o i E H r N e t S G High-Tech Women: From Cybersecurity to Artificial Intelligence 24 March 4, 2020
Performance Evaluation using Nbench • With different re-randomization windows (geometric mean up to 12x) No re-random. w = 10M w = 3M w = 1M w = 300K 30 × 25 × 20 × Overhead 15 × 10 × 5 × 0 × NumSort StringSort Bitops EmFloat Fourier Assign IDEA Hu ff man NNET LU Geo Mean High-Tech Women: From Cybersecurity to Artificial Intelligence 25 March 4, 2020
Conclusion • Leaky SGX • Side-channel attacks are a major threat to Intel SGX • Were deemed as ‘too difficult’ and were left out of the attacker model • Research has shown it otherwise • Dr.SGX • provides a generic protection for Intel SGX enclaves • configurable and developer-friendly • much more efficient than ORAM High-Tech Women: From Cybersecurity to Artificial Intelligence 26 March 4, 2020
Recommend
More recommend