from trust anchors to melt ltdown of f trust
play

From Trust Anchors to Melt ltdown of f Trust Ahmad-Reza Sadeghi - PowerPoint PPT Presentation

Aug 27, 2023 โ€ข167 likes โ€ข1.95k views

Hardware-assisted Security: : From Trust Anchors to Melt ltdown of f Trust Ahmad-Reza Sadeghi Technische Universitt Darmstadt & Intel Collaborative Research Institute for Collaborative & Resilient Autonomous Systems His istorical

  1. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES โ€™14 ] Upper path delay ๐‘‹ ๐‘ฃ Challenge ๐’… ๐Ÿ ๐’… ๐Ÿ ๐’… ๐Ÿ‘ ๐’… ๐Ÿ’ ๐’… ๐Ÿ“ ๐’… ๐Ÿ” ๐’… ๐Ÿ• ๐’… ๐Ÿ– Response 0 Impulse 1 Switch Arbiter Lower path delay ๐‘‹ ๐‘š C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 ๐‘ฟ ๐’— ๐‘ฟ ๐’Ž

  2. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES โ€™14 ] Upper path delay ๐‘‹ ๐‘ฃ Challenge 0 0 0 0 0 0 0 0 Response 0 Impulse 1 Switch Arbiter Lower path delay ๐‘‹ ๐‘š C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 ๐’˜ ๐Ÿ ๐‘ฟ ๐’— ๐’— ๐Ÿ ๐‘ฟ ๐’Ž

  3. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES โ€™14 ] Upper path delay ๐‘‹ ๐‘ฃ Challenge 1 0 0 0 0 0 0 0 Response 0 Impulse 1 Switch Arbiter Lower path delay ๐‘‹ ๐‘š C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 ๐’˜ ๐Ÿ ๐’˜ ๐Ÿ‘ ๐‘ฟ ๐’— ๐’— ๐Ÿ ๐’— ๐Ÿ‘ ๐‘ฟ ๐’Ž

  4. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES โ€™14 ] Upper path delay ๐‘‹ ๐‘ฃ Challenge ๐’… ๐Ÿ ๐’… ๐Ÿ ๐’… ๐Ÿ‘ ๐’… ๐Ÿ’ ๐’… ๐Ÿ“ ๐’… ๐Ÿ” ๐’… ๐Ÿ• ๐’… ๐Ÿ– Response 0 Impulse 1 Switch Arbiter Lower path delay ๐‘‹ ๐‘š C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 ๐’˜ ๐Ÿ ๐’˜ ๐Ÿ‘ ๐‘ฟ ๐’— ๐’— ๐Ÿ ๐’— ๐Ÿ‘ ๐‘ฟ ๐’Ž

  5. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES โ€™14 ] Characterize each switch box in the Arbiter PUF by calculating Upper path delay ๐‘‹ the delay differences for upper and lower paths ๐‘ฃ Challenge ๐’… ๐Ÿ ๐’… ๐Ÿ ๐’… ๐Ÿ‘ ๐’… ๐Ÿ’ ๐’… ๐Ÿ“ ๐’… ๐Ÿ” ๐’… ๐Ÿ• ๐’… ๐Ÿ– Response 0 Impulse 1 Switch Arbiter Lower path delay ๐‘‹ ๐‘š C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 ๐’˜ ๐Ÿ ๐’˜ ๐Ÿ‘ ๐‘ฟ ๐’— ๐’— ๐Ÿ ๐’— ๐Ÿ‘ ๐‘ฟ ๐’Ž

  6. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES โ€™14 ] Characterize each switch box in the Arbiter PUF by calculating Upper path delay ๐‘‹ the delay differences for upper and lower paths ๐‘ฃ Challenge ๐’… ๐Ÿ ๐’… ๐Ÿ ๐’… ๐Ÿ‘ ๐’… ๐Ÿ’ ๐’… ๐Ÿ“ ๐’… ๐Ÿ” ๐’… ๐Ÿ• ๐’… ๐Ÿ– Response 0 Impulse 1 Switch Arbiter Lower path delay ๐‘‹ ๐‘š C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 ๐’˜ ๐Ÿ ๐’˜ ๐Ÿ‘ ๐‘ฟ ๐’— ๐’— ๐Ÿ ๐’— ๐Ÿ‘ ๐‘ฟ ๐’Ž

  7. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES โ€™14 ] Characterize each switch box in the Arbiter PUF by calculating Upper path delay ๐‘‹ the delay differences for upper and lower paths ๐‘ฃ Challenge ๐’… ๐Ÿ ๐’… ๐Ÿ ๐’… ๐Ÿ‘ ๐’… ๐Ÿ’ ๐’… ๐Ÿ“ ๐’… ๐Ÿ” ๐’… ๐Ÿ• ๐’… ๐Ÿ– ๐’—๐Ÿ โˆ’ ๐’™ ๐Ÿ ๐’—๐Ÿ ๐’˜ ๐Ÿ โˆ’ ๐’˜ ๐Ÿ‘ = ๐’™ ๐Ÿ Response 0 Impulse 1 Switch Arbiter Lower path delay ๐‘‹ ๐‘š C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 ๐’˜ ๐Ÿ ๐’˜ ๐Ÿ‘ ๐‘ฟ ๐’— ๐’— ๐Ÿ ๐’— ๐Ÿ‘ ๐‘ฟ ๐’Ž

  8. Physical Attacks: : Example: [T [Taji jik et t al., l., CH CHES โ€™14 ] Characterize each switch box in the Arbiter PUF by calculating Upper path delay ๐‘‹ the delay differences for upper and lower paths ๐‘ฃ Challenge ๐’… ๐Ÿ ๐’… ๐Ÿ ๐’… ๐Ÿ‘ ๐’… ๐Ÿ’ ๐’… ๐Ÿ“ ๐’… ๐Ÿ” ๐’… ๐Ÿ• ๐’… ๐Ÿ– ๐’—๐Ÿ โˆ’ ๐’™ ๐Ÿ ๐’—๐Ÿ ๐’˜ ๐Ÿ โˆ’ ๐’˜ ๐Ÿ‘ = ๐’™ ๐Ÿ Response 0 Impulse 1 ๐‘š0 โˆ’ ๐‘ฅ 0 ๐‘š0 ๐’— ๐Ÿ โˆ’ ๐’— ๐Ÿ‘ = ๐‘ฅ 1 Switch Arbiter Lower path delay ๐‘‹ ๐‘š C 0x00 0x01 0x02 0x04 0x08 0x10 0x20 0x40 0x80 ๐’˜ ๐Ÿ ๐’˜ ๐Ÿ‘ ๐‘ฟ ๐’— ๐’— ๐Ÿ ๐’— ๐Ÿ‘ ๐‘ฟ ๐’Ž

  9. Beyond CMOS-based PUFs CMOS-based PUFs exhibit linear behavior => vulnerable to machine learning One Solution: Add components with non-linear behavior to complicate/escape machine learning attacks, e.g., Memristors

  10. โˆž Memris istors โ€ข A resistor that changes it resistance as voltage is applied โ€ข Applications: โ€ข Oscillators Current โ€ข Learners (Neural Networks) โ€ข Memories โ€ข PUFs! โ€ข The top (bottom) figure shows Current-Voltage charcteristics of a memristor (resistor) Voltage Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  11. CMOS-based APUF vs. . Memris istor-based APUF Challenge ๐’… ๐Ÿ ๐’… ๐Ÿ ๐’… ๐Ÿ‘ ๐’… ๐Ÿ’ ๐’… ๐Ÿ“ ๐’… ๐Ÿ” ๐’… ๐Ÿ• ๐’… ๐Ÿ– Response 0 Impulse 1 Arbiter Challenge ๐’… ๐Ÿ ๐’… ๐Ÿ ๐’… ๐Ÿ‘ ๐’… ๐Ÿ’ ๐’… ๐Ÿ“ ๐’… ๐Ÿ” ๐’… ๐Ÿ• ๐’… ๐Ÿ– โˆž โˆž โˆž โˆž โˆž โˆž โˆž โˆž Response 0 Impulse โˆž โˆž โˆž โˆž โˆž โˆž โˆž โˆž 1 Arbiter Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  12. CMOS-based APUF vs. . Memris istor-based APUF CMOS-based Arbiter PUF: Voltage at the upper path Memristor-based Arbiter PUF: Voltage at the upper path Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  13. Conclu lusio ion โ€ข Many PUF designs, no unified security model โ€ข Several successful attacks โ€ข Non-destructive physical attacks โ€ข Modeling attacks โ€ข Designing secure PUFs is challenging? โ€ข What are the costs? โ€ข PUFs based on advanced memory technologies โ€ข E.g., Memristors

  14. Our Current Work: Framework for Evaluation of f Memristor-based PUFs

  15. Framework for Evaluation of f Memristor-based PUFs Memristor model Advanced Machine Spice PUF Secure/Insecure Challenge- Learning PUF Description circuit CRPs PUF PUF Circuit Response Generation Pairs Generation Analysis of PUF properties: Reproducibility, uniqueness, etc

  16. In Integrated Securit ity Devic ices: The TPM Promise Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  17. Tru rusted Computing โ€ข Authenticated Boot and Attestation App 1 App 2 App 3 App 4 Software Stack Operating System Hardware Peripherals CPU Memory I/O TPM Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  18. Tru rusted Computing โ€ข Authenticated Boot and Attestation App 1 App 1 App 2 App 2 App 3 App 3 App 4 App 4 Software Stack Operating System Operating System Hardware Peripherals CPU Memory I/O TPM Example: IBM Integrity Measurement Architecture (IMA) Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  19. Tru rusted Computing โ€ข Authenticated Boot and Attestation App 1 App 2 App 3 App 4 Software Stack Operating System Runtime attacks (e.g., Code-reuse Attacks) Hardware Peripherals CPU Memory I/O TPM Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  20. Summary ry: : TPM-based Tru rusted Computing TPM assumptions and shortcomings โ€ข Binary hashes express trustworthiness of code โ€ข Runtime attacks (e.g., code reuse) undermine this assumption โ€ข Unforgeability of measurements โ€ข TPM 1.2 uses deprecated SHA1 โ€ข Protection against software attacks only โ€ข Hardware attacks on TPM Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  21. Our Current Work: Control-Flow Attestation Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  22. Ongoing Work rk: : Towards Run-time Attestation โ€ข Control Flow Attestation [Davi et al, CCS 2016 & DAC 2017] Prover Verifier Challenge Memory App A Online: Offline: Control-Flow Graph (CFG) Runtime Analysis & Path Measurement Validation Processor LP 1 Attestation Engine P* x P* 2 Controller Hash Measurement Database P 1 P 2 Resilient to memory attacks Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  23. Trusted Executio ion Envir ironment (TEE) Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  24. ARM Tru rustZone Assumptions: โ€ข Apps in Secure World are trustworthy โ€ข Normal World cannot influence Secure World App 1 App 2 App 3 App 4 Software Stack Operating System Hardware Peripherals CPU Memory I/O IMEI: International Mobile Equipment Identifier Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  25. โ€ข Subsidy Lock Android ARM Tru rustZone โ€ข โ€ข IMEI Protection Full-Disk Encryption (FDE) โ€ข Samsung KNOX Assumptions: iOS โ€ข Secure-I/O, Attestation โ€ข Device Encryption โ€ข โ€ข Apps in Secure World are trustworthy Real-time Kernel โ€ข Touch ID, Apple Pay Protection (TIMA) โ€ข Normal World cannot influence Secure World Secure World DRM โ€ข Netflix โ€ข App 1 App 2 App 3 Trustlet Trustlet Trustlet Spotify โ€ข Widevine 1 2 3 Software Stack Operating System Operating System Hardware Peripherals CPU Memory I/O IMEI: International Mobile Equipment Identifier Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  26. ARM Tru rustZone Assumptions: โ€ข Apps in Secure World are trustworthy โ€ข Normal World cannot influence Secure World Secure World App 1 App 2 App 3 Trustlet Trustlet Trustlet 1 2 3 Software Stack Operating System Operating System Hardware Peripherals CPU Memory I/O IMEI: International Mobile Equipment Identifier Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  27. ARM Tru rustZone Assumptions: โ€ข Apps in Secure World are trustworthy โ€ข Normal World cannot influence Secure World Secure World App 1 App 2 App 3 Trustlet Trustlet Trustlet Trustlet Trustlet Trustlet 1 1 2 2 3 3 Software Stack โ€ข Reflections on trusting TrustZone Operating System Operating System Operating System [Dan Rosenberg, BlackHat US, 2014] โ€ข Attacking your Trusted Core [Di Shen, BlackHat US, 2015] โ€ข Hardware Peripherals CPU Memory I/O Breaking Android Full Disc Encryption [laginimaineb from Project Zero, 2016] IMEI: International Mobile Equipment Identifier Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  28. Summary ry: : ARM Tru rustZone โ€ข ARM TrustZone โ€“ Outdated? โ€ข Deployed for almost two decades โ€ข Trusted computing for vendors and friends only โ€ข No access for app developer โ€ข Many attacks have been shown over the last years โ€ข On the positive side โ€ข Secure I/O Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  29. Our Current Work: โ€œArbitraryโ€ Number of TEEs in Normal World on ARM TZ Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  30. Intel Software Guard Extensions (SGX) App 1 App 2 App 3 App 4 Enclave 1 Enclave 2 Enclave 3 Enclave 4 Software Stack Operating System Hardware Peripherals CPU Memory I/O Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  31. Intel Software Guard Extensions (SGX) App 1 App 2 App 3 App 4 Enclave 1 Enclave 2 Enclave 3 Enclave 4 Software Stack Operating System Hardware Peripherals CPU Memory I/O Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  32. SGX (A (Adversary ry) Model Host Enclave Application N Application Attacker Operating System NIC CPU MMU DRAM Isolation NIC: Network Interface Controller Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 MMU: Memory Management Unit

  33. SGX (A (Adversary ry) Model Host Host Enclave Application N Application Application Attacker Application N Operating System Operating System NIC NIC CPU MMU DRAM DRAM Isolation NIC: Network Interface Controller Summer School on real-world crypto and privacy, ล ibenik (Croatia), June 11 โ€“ 15, 2018 MMU: Memory Management Unit

  34. Run-time Attacks Inside the Enclave

  35. SGX SDK and The Guardโ€™s Dilemma App Enclave Source Function 0 Function 1 Function 2 Function 3 Compiler Trusted Runtime System (tRTS) Untrusted Runtime System (uRTS) App-to-Enclave SGX function call SDK (ECALL) App Code [Biondo et al., USENIX Sec. 2018] Summer School on real-world crypto and privacy, ล ibenik (Croatia), June 11 โ€“ 15, 2018

  36. SGX SDK and The Guardโ€™s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  37. SGX SDK and The Guardโ€™s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) Restore State [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  38. SGX SDK and The Guardโ€™s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) Restore State [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  39. SGX SDK and The Guardโ€™s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) Counterfeit Restore State state [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  40. SGX SDK and The Guardโ€™s Dilemma App Enclave Function 0 Function 1 Function 2 Function 3 State Trusted Runtime System (tRTS) Counterfeit Restore State state [Biondo et al., USENIX Sec. 2018] Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  41. Leakage in Intelโ€™s SGX Summer School on real-world crypto and privacy, ล ibenik (Croatia), June 11 โ€“ 15, 2018

  42. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Enclave 1 Enclave 2 App 1 App 2 App 3 OS CPU RAM EPC EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 PF: Page-Fault

  43. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Enclave 1 Enclave 2 App 1 App 2 App 3 OS PT PT CPU RAM EPC EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 PF: Page-Fault

  44. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Enclave 1 Enclave 2 App 1 App 2 App 3 OS PF Handler PT PT IRQ CPU RAM EPC EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 PF: Page-Fault

  45. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Original Recovered Enclave 1 Enclave 2 App 1 App 2 App 3 OS PF Handler PT PT IRQ CPU RAM EPC [Xu et al., IEEE S&Pโ€™15] EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 PF: Page-Fault

  46. Page Fault lt Attacks on SGX Granularity: page 4K, good for big data structures Original Recovered Enclave 1 Enclave 2 App 1 App 2 App 3 Single-trace RSA key recovery from RSA key generation OS PF Handler PT PT procedure of Intel SGX SSL via controlled-channel attack on the binary Euclidean algorithm (BEA) IRQ CPU [ Weiser et al., AsiaCCSโ€™18] RAM EPC [Xu et al., IEEE S&Pโ€™15] EPC: Enclave Page Cache PT: Page Tables Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 PF: Page-Fault

  47. Cache Attacks on SGX: : Hack in in The Box Enclave 1 Enclave 2 App 1 App 2 App 3 CPU Cache RAM EPC Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 EPC: Enclave Page Cache

  48. Cache Attacks on SGX: : Hack in in The Box Enclave 1 Enclave 2 App 1 App 2 App 3 CPU Cache RAM EPC Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 EPC: Enclave Page Cache

  49. Cache Attacks on SGX: : Hack in in The Box Enclave 1 Enclave 2 App 1 App 2 App 3 observe uses CPU Cache RAM EPC Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 EPC: Enclave Page Cache

  50. Sid ide-Channel l Attacks Basic ics: Prim ime + Probe Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  51. Cache-based Sid ide-Channel l Attacks Prim ime + Probe Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  52. Cache-based Sid ide-Channel l Attacks Prim ime + Probe Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  53. Cache-based Sid ide-Channel l Attacks Prim ime + Probe Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  54. Cache-based Sid ide-Channel l Attacks Prim ime + Probe Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  55. Cache-based Sid ide-Channel l Attacks cache line 2 Prim ime + Probe was used by victim Prime Victim Probe if (keybit[i] == 0) For each cline Z for each cline Z Code write(Z) read(X) read(Z) else measure_time(read) read(Y) cache line 0 cache line 0 cache line 0 cache line 1 cache line 1 cache line 1 Cache cache line 2 cache line 2 cache line 2 cache line 3 cache line 3 cache line 3 cache line 4 cache line 4 cache line 4 cache line 5 cache line 5 cache line 5 t 0 t 1 t 2 Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  56. Sid ide-Channel Attacker Challe lenge: Nois ise โ€ข โ€œClassicalโ€ scenario: unprivileged attacker โ€ข OS* is not collaborating with the attacker โ€ข OS can directly access process memory containing the victimโ€™s secret โ€ข System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  57. Sid ide-Channel Attacker Challe lenge: Nois ise โ€ข โ€œClassicalโ€ scenario: unprivileged attacker โ€ข OS* is not collaborating with the attacker โ€ข OS can directly access process memory containing the victimโ€™s secret โ€ข System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  58. Sid ide-Channel Attacker Challe lenge: Nois ise โ€ข โ€œClassicalโ€ scenario: unprivileged attacker โ€ข OS* is not collaborating with the attacker โ€ข OS can directly access process memory containing the victimโ€™s secret โ€ข System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  59. Sid ide-Channel Attacker Challe lenge: Nois ise โ€ข โ€œClassicalโ€ scenario: unprivileged attacker โ€ข OS* is not collaborating with the attacker โ€ข OS can directly access process memory containing the victimโ€™s secret โ€ข System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  60. Sid ide-Channel Attacker Challe lenge: Nois ise โ€ข โ€œClassicalโ€ scenario: unprivileged attacker โ€ข OS* is not collaborating with the attacker โ€ข OS can directly access process memory containing the victimโ€™s secret โ€ข System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) Probe Prime Other Process Victim cl 0 cl 0 cl 0 cl 0 cl 0 cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  61. Sid ide-Channel Attacker Challe lenge: Nois ise โ€ข โ€œClassicalโ€ scenario: unprivileged attacker โ€ข OS* is not collaborating with the attacker โ€ข OS can directly access process memory containing the victimโ€™s secret โ€ข System operates normally, impacting the caches (process scheduling, context switches, interrupts, etc.) cl0 and cl2 were usedโ€ฆ Probe Prime Other Process Victim โ€ฆ by the cl 0 cl 0 cl 0 cl 0 cl 0 victim? cl 1 cl 1 cl 1 cl 1 cl 2 cl 2 cl 2 cl 2 t k t l t m t n *OS: Operating System and any other privileged system software Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  62. Cache Attacks on SGX Enclave 1 Enclave 2 App 2 App 3 OS SMT SMT CPU Core Level 1 Branch Pred. Level 2 CPU Level 3 RAM EPC EPC: Enclave Page Cache Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 SMT: Simultaneous Multithreading

  63. Cache Attacks on SGX Enclave 1 Enclave 2 App 2 App 3 OS SMT SMT CPU Core Level 1 Branch Pred. Level 2 CPU Level 3 RAM EPC EPC: Enclave Page Cache Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 SMT: Simultaneous Multithreading

  64. Cache Attacks on SGX Enclave 1 Enclave 2 App 2 App 3 Use CPU internal caches to infer OS control flow SMT SMT [Lee et al., Usenix Secโ€™17] & CPU Core Level 1 Branch Pred. [arXiv:1611.06952] Level 2 CPU Level 3 RAM EPC EPC: Enclave Page Cache Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 SMT: Simultaneous Multithreading

  65. Cache Attacks on SGX Enclave 1 Enclave 2 App 2 App 3 Use CPU internal caches to infer OS control flow SMT SMT [Lee et al., Usenix Secโ€™17] & CPU Core Level 1 Branch Pred. [arXiv:1611.06952] Level 2 CPU Level 3 Use standard prime + probe to detect key dependent memory Use prime + probe to extract key accesses, interrupt enclave from synchronized victim enclave RAM EPC [Moghimi et al., arXiv:1703.06986] [Gรถtzfried et al., EuroSecโ€™17] EPC: Enclave Page Cache Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 SMT: Simultaneous Multithreading

  66. Cache Attacks on SGX A malicious enclave prime + probes another enclave, evading detection [Schwarz et al., DIMVAโ€™17 & arXiv:1702.08719] Enclave 1 Enclave 2 App 2 App 3 Use CPU internal caches to infer OS control flow SMT SMT [Lee et al., Usenix Secโ€™17] & CPU Core Level 1 Branch Pred. [arXiv:1611.06952] Level 2 CPU Level 3 Use standard prime + probe to detect key dependent memory Use prime + probe to extract key accesses, interrupt enclave from synchronized victim enclave RAM EPC [Moghimi et al., arXiv:1703.06986] [Gรถtzfried et al., EuroSecโ€™17] EPC: Enclave Page Cache Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 SMT: Simultaneous Multithreading

  67. Cache Attacks on SGX A malicious enclave prime + probes another enclave, evading detection [Schwarz et al., DIMVAโ€™17 & arXiv:1702.08719] Enclave 1 Enclave 2 App 2 App 3 Use CPU internal caches to infer OS control flow SMT SMT [Lee et al., Usenix Secโ€™17] & CPU Core Level 1 Branch Pred. [arXiv:1611.06952] Our attack: prime + probe attack from Level 2 CPU malicious OS extracting genome data [Brasser et al., WOOTโ€™17] Level 3 Use standard prime + probe to detect key dependent memory Use prime + probe to extract key accesses, interrupt enclave from synchronized victim enclave RAM EPC [Moghimi et al., arXiv:1703.06986] [Gรถtzfried et al., EuroSecโ€™17] EPC: Enclave Page Cache Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018 SMT: Simultaneous Multithreading

  68. SGX Sid ide-Channel Attacks Comparison Observed Interrupting Cache Eviction Attacker Attacked Attack Type Cache Victim Measurement Code Victim Branch Execution RSA & SVM Lee et al. BTB / LBR Yes OS Shadowing Timing classifier Prime + Moghimi et al. L1(D) Yes Access timing OS AES Probe Prime + Gรถtzfried et al. L1(D) No PCM OS AES Probe RSA & Prime + Our Attack L1(D) No PCM OS Genome Probe Sequencing Prime + Counting Schwarz et al. L3 No Enclave AES Probe Thread PCM: Performance Counter Monitor BTB: Branch Target Buffer LBR: Last Branch Record Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  69. Our Attack [Brasser et al., WOOTโ€™17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  70. Our Attack [Brasser et al., WOOTโ€™17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  71. Our Attack [Brasser et al., WOOTโ€™17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  72. Our Attack [Brasser et al., WOOTโ€™17] Modified Linux scheduler to exclude one core Process Process Process Process Process Attacker Victim (two threads) from assigning task m+1 m โ€ข 1 2 n Attacker assigns victim enclave to first SMT thread APIC: Advanced Programmable Interrupt Controller โ€ข Attacker assigns Prime+Probe code to second SMT thread OS PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  73. Our Attack [Brasser et al., WOOTโ€™17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS Handler Handler Handler Handler PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  74. Our Attack [Brasser et al., WOOTโ€™17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS Handler Handler PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  75. Our Attack [Brasser et al., WOOTโ€™17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller Use kernel sysfs interface to assign interrupts to other cores โ€ข Timer interrupt (per thread) cannot be reassigned โ€ข Lowered timer frequency to 100Hz (i.e., every 10ms) OS Handler Handler PCM: Performance Counter Monitor SMT: Simultaneous Multithreading SMT SMT SMT SMT APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  76. Our Attack [Brasser et al., WOOTโ€™17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS Handler Handler PCM: Performance Counter Monitor SMT: Simultaneous Multithreading Probe SMT SMT SMT SMT APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  77. Our Attack [Brasser et al., WOOTโ€™17] Process Process Process Process Process Attacker Victim m+1 m 1 2 n APIC: Advanced Programmable Interrupt Controller OS Handler Handler PCM: Performance Counter Monitor Prime+Probe attack using L1 data cache SMT: Simultaneous Multithreading Probe โ€ข Eviction detection using Performance Counter Monitor (L1D_REPLACEMENT) โ€ข SMT SMT Anti Side-Channel Interference (ASCI) not effective, SMT SMT monitoring cache events of attacker possible APIC PCM L1 L1 Core 0 Core n Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

  78. Spatial vs. Temporal Resolution Victim Enclave Cache Attacker while ( i > 0) { prime() { PC PC prepare(); write_cache(); x = table[secret]; } wait(); Probe() { process(x); test_evic(); } } Summer School on real- world crypto and privacy, ล ibenik (Croatia), June 11โ€“ 15, 2018

Recommend

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust Your Local Mental Health NHS Trust Implementation of Involvement Agenda National accreditation for Memory Service Team (Bloxwich Hospital)

763 views โ€ข 14 slides
PGP web of trust Web of trust From:

PGP web of trust Web of trust From:

PGP web of trust Web of trust From: h2p://pgp.cs.uu.nl/plot/ The PGP web of trust can be viewed as a directed graph where the points are

558 views โ€ข 10 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views โ€ข 17 slides
Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization creates opportunities and risks Page 2 And its common truth We cant expect people to actively support the digital transformation if we cannot

499 views โ€ข 11 slides
The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability

The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability

The Economics of Trust in Organisations Trust Trust is the voluntary acceptance of vulnerability based upon positive expectations of the intention or behaviour of another. Key components of TRUST include (1) the recognition of vulnerability

471 views โ€ข 13 slides
Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust:

Gods stories Gods stories Trust Trust To Rely Upon Something Totally Trust trust: confidence in, or an assured reliance on, the character, integrity, ability, strength, or truth of someone or something faith: Confidence or

784 views โ€ข 33 slides
Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions

Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions

Trust rust What is Trust? A Definition Trust is a phenomenon of reliance on the good intentions and/or adequate competences of others in situations characterized by dependence, vulnerability and risk.* *Luhmann (1968), Baier (1986, 1992),

573 views โ€ข 7 slides
Seeding Clouds with Trust Anchors Joshua Schiffman , Thomas Moyer, Hayawardh Vijayakuamar,

Seeding Clouds with Trust Anchors Joshua Schiffman , Thomas Moyer, Hayawardh Vijayakuamar,

668 views โ€ข 40 slides
Dynamics, robustness and fragility Private trust Public trust of trust Conclusions Dusko

Dynamics, robustness and fragility Private trust Public trust of trust Conclusions Dusko

Dynamics of trust Dusko Pavlovic Introduction Dynamics, robustness and fragility Private trust Public trust of trust Conclusions Dusko Pavlovic Kestrel Institute and Oxford University FAST Malaga, October 2008 Dynamics of trust

596 views โ€ข 46 slides
Its all about trust(s) Its all about trust(s) Housekeeping We want you to have a great

Its all about trust(s) Its all about trust(s) Housekeeping We want you to have a great

Its all about trust(s) Its all about trust(s) Housekeeping We want you to have a great experience, so: If youre having any sound or viewing issues during the live webinar, please contact the GoToWebinar support team using the link

945 views โ€ข 68 slides
ENLIGHTENED NEGOTIATION Dr. Mehrad Nazari, MBA The Law of Trust Trust is the foundation of

ENLIGHTENED NEGOTIATION Dr. Mehrad Nazari, MBA The Law of Trust Trust is the foundation of

ENLIGHTENED NEGOTIATION Dr. Mehrad Nazari, MBA The Law of Trust Trust is the foundation of any relationship, collaboration, and negotiation Trust is the congruity of words and actions Trust is a moral credit rating; it is the

466 views โ€ข 15 slides
Islands Trust Council September 15, 2011 The Islands Trust Trust Council 26 elected

Islands Trust Council September 15, 2011 The Islands Trust Trust Council 26 elected

Islands Trust Council September 15, 2011 The Islands Trust Trust Council 26 elected representatives of island communities The Islands Trust Act To preserve and protect the unique amenities and environment of this area for:

354 views โ€ข 31 slides
Trust Speak Overview with dialogue all along the way: Definition of trust Three

Trust Speak Overview with dialogue all along the way: Definition of trust Three

Trust Speak Overview with dialogue all along the way: Definition of trust Three roads to trust: 1. Personal: one-on-one 2. Strategy: confidence in what we are doing 3. Process: how things are done Four principles

529 views โ€ข 4 slides
@richardfagerlin I DONT Jim TRUST Larry Gayle THEM 2 | T R U S T O L O G Y

@richardfagerlin I DONT Jim TRUST Larry Gayle THEM 2 | T R U S T O L O G Y

@richardfagerlin I DONT Jim TRUST Larry Gayle THEM 2 | T R U S T O L O G Y IMPACT HIGH TRUST LOW TRUST OF TRUST 3 | T R U S T O L O G Y People at high-trust companies report: LOW 74% less stress

402 views โ€ข 19 slides
Session 1 The New Codex Trust Fund Purpose of the Codex Trust Fund? The Codex Trust Fund supports

Session 1 The New Codex Trust Fund Purpose of the Codex Trust Fund? The Codex Trust Fund supports

Session 1 The New Codex Trust Fund Purpose of the Codex Trust Fund? The Codex Trust Fund supports countries to build strong, solid and sustainable national capacity to engage in Codex Scope and focus of support from the Codex Trust Fund Well

679 views โ€ข 37 slides
Castle Trust Innovative loans with no monthly payments required 1 Who are Castle Trust? Castle

Castle Trust Innovative loans with no monthly payments required 1 Who are Castle Trust? Castle

Scott Apps Business Development Manager Castle Trust Intermediary use only Castle Trust Innovative loans with no monthly payments required 1 Who are Castle Trust? Castle Trust was launched in October 2012 by an experienced team of senior

152 views โ€ข 11 slides
Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization

Charter of Trust on Cybersecurity charter-of-trust.com | #Charter of Trust Digitalization creates opportunities and risks Page 2 April 2019 Digitalization creates Opportunities Connected Facilities/Plant/Site Billions of devices are

407 views โ€ข 12 slides
Public Trust Trustee 1.1 Public Trust Who we are Crown Entity Public Trust is one

Public Trust Trustee 1.1 Public Trust Who we are Crown Entity Public Trust is one

Public Trust Trustee 1.1 Public Trust Who we are Crown Entity Public Trust is one of the largest trustee organisations in New Zealand Operational independence Governance model Corporate Trustee Services (CTS)

694 views โ€ข 9 slides
31 st July 2020 nilesh@nmkca.com Meaning of Trust A trust is a relationship in which :

31 st July 2020 nilesh@nmkca.com Meaning of Trust A trust is a relationship in which :

CA Nilesh M Kapadia 31 st July 2020 nilesh@nmkca.com Meaning of Trust A trust is a relationship in which : a person or entity (the trustee) holds legal title to certain property (the trust property or trust corpus), but is bound by

839 views โ€ข 50 slides
Trust but verify: Why and how to establish trust in embedded devices Aurlien Francillon This

Trust but verify: Why and how to establish trust in embedded devices Aurlien Francillon This

Trust but verify: Why and how to establish trust in embedded devices Aurlien Francillon This talk Introduction Economic aspects Why make secure products? Trust in embedded devices Verifying trust Conclusion Aurlien

649 views โ€ข 37 slides
Towards a Swiss Trust : Pondering Models Prof. Luc Thvenoz Swiss trust: who for? what

Towards a Swiss Trust : Pondering Models Prof. Luc Thvenoz Swiss trust: who for? what

www.cdbf.ch STEPSATC Lausanne Conference 2015 Towards a Swiss Trust : Pondering Models Prof. Luc Thvenoz Swiss trust: who for? what for? Promoting a Swiss trust requires clear choices: n family planning or commercial

271 views โ€ข 14 slides
Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL

Trust Management in Shibboleth Trust Management in Shibboleth and InCommon and InCommon RL Bob Morgan University of Washington and Internet2 TERENA TF-EMC2 Florence, Italy March 2007 Trust management in SAML Trust management in SAML

566 views โ€ข 9 slides
Trust But Verify Trust But Verify Trust But Verify Trust But Verify What Is CEC Entertainment?

Trust But Verify Trust But Verify Trust But Verify Trust But Verify What Is CEC Entertainment?

Trust But Verify Trust But Verify Trust But Verify Trust But Verify What Is CEC Entertainment? CEC Entertainment, Irving TX Founded by Nolan Bushnell Revenue What Is CEC Entertainment? What Is CEC Entertainment? What Is CEC Entertainment?

305 views โ€ข 19 slides
Trust To Rely Upon Something Totally Trust trust: confidence in, or an assured reliance

Trust To Rely Upon Something Totally Trust trust: confidence in, or an assured reliance

John - Chapters 14 to 17 A new command I give you: Love one another. As I have loved you, so you must love one another. By this all men will know that you are my disciples, if you love one another John 13: 34-35 (NIV) Trust To Rely Upon

198 views โ€ข 19 slides

More recommend