Micro-architectural Attacks Chester Rebeiro IIT Madras 1
Things we thought gave us security! Cryptography • • Passwords • Information Flow Policies • Privileged Rings • ASLR • Virtual Machines and confinement • Javascript and HTML5 (due to restricted access to system resouces) • Enclaves (SGX and Trustzone) 2
Micro-Architectural Attacks (can break all of this) Cryptography • • Passwords Cache timing attack • Information Flow Policies Branch prediction attack • Privileged Rings • ASLR Speculation Attacks • Virtual Machines and confinement Row hammer • Javascript and HTML5 (due to restricted access to system Fault Injection Attacks resouces) • Enclaves (SGX and Trustzone) cold boot attacks DRAM Row buffer (DRAMA) ….. and many more 3
Causes Most micro-architectural attacks caused by performance optimizations Others due to inherent device properties security Third, due to stronger attackers performance 4
Copy on Write pies of a process) cess if (fork() > 0){ // in parent process } else{ Parent // in child process Page } Table ss) Child created is an exact replica of the parent process. - Page tables of the parent duplicated in the child - New pages created only when parent (or child) modifies data Child - Postpone copying of pages as much as possible, thus Page Table optimizing performance Physical Memory - Thus, common code sections (like libraries) would be shared across processes. � 5
Process Tree init Physical Memory : : SSLEncryption() SSLEncryption() : : Virtual Memory Virtual Memory (process 2) (process 1) 6
Interaction with the LLC : SSLEncryption() Processes Processes : cache misses slow Core 2 Core 1 LLC 7
Interaction with the LLC : : SSLEncryption() SSLEncryption() Processes Processes : : fast cache hits Core 2 Core 1 LLC One process can affect the execution time of another process 8
Flush + Reload Attack on LLC Part of an encryption algorithm clflush Instruction Takes an address as input. Flushes that address from all caches clflush (line 8) executed only when e i = 1 Flush+Reload Attack, Yuval Yarom and Katrina Falkner (https://eprint.iacr.org/2013/448.pdf) 9
Flush + Reload Attack : : SSLEncryption() Clflush(line 8) Processes Processes : : Core 2 Core 1 flush attacker reload victim access LLC 10
Flush+Reload Attack 11
Countermeasures • Do not use copy-on-write – Implemented by cloud providers Permission checks for clflush • – Do we need clflush? Non-inclusive cache memories • – AMD – Intel i9 versions • Fuzzing Clocks • Software Diversification – Permute location of objects in memory (statically and dynamically) 12
Cache Collision Attacks • External Collision Attacks – Prime + Probe • Internal Collision Attacks – Time-driven attacks 13
Prime + Probe Attack Victim Spy Core 2 Core 1 Last Level Cache Set 0 Set 1 Victim Spy Set 2 Set 3 SMT Core Set N-2 Set N-1 L1 Cache Memory way 0 way 1 way 2 way 3 14
Prime Phase While(1){ for(each cache set){ start = time(); Set 0 access all cache ways Set 1 end = time(); access_time = end – start Set 2 } Set 3 wait for some time } way 0 way 1 way 2 way 3 15
Victim Execution The execution causes some of the spy data to get evicted Set 0 Set 1 Set 2 Set 3 way 0 way 1 way 2 way 3 16
Probe Phase While(1){ for(each cache set){ start = time(); Set 0 access all cache ways Set 1 end = time(); access_time = end – start Set 2 } Set 3 wait for some time } Time taken by sets that have victim data is more due to the cache way 0 way 1 way 2 way 3 misses 17
Probe Time Plot 63 0 Each row is an iteration of the while loop; darker shades imply higher memory access time 18
Prime + Probe in Cryptography char Lookup[] = {x, x, x, . . . x}; char RecvDecrypt(socket){ char key = 0x12; Key dependent memory accesses char pt, ct; read(socket, &ct, 1); pt = Lookup[key ^ ct]; return pt; } The attacker know the address of Lookup and the ciphertext (ct) The memory accessed in Lookup depends on the value of key Given the set number, one can identify bits of key ^ ct. 19
Keystroke Sniffing Keystroke à interrupt à kernel mode switch à ISR execution à add to keyboard • buffer à … à return from interrupt Set 0 Set 1 Set 2 Set 3 way 0 way 1 way 2 way 3 20
Keystroke Sniffing • Regular disturbance seen in Probe Time Plot Period between disturbance used to predict passwords • Svetlana Pinet, Johannes C. Ziegler, and F.-Xavier Alario. 2016. Typing Is Writing: Linguistic Properties Modulate Typing Execution. Psychon Bull Rev 23, 6 21
Web Browser Attacks • Prime+Probe in – Javascript – pNACL – Web assembly 22
Extract Gmail secret key https://www.cs.tau.ac.il/~tromer/drivebycache/drivebycache.pdf 23
Website Fingerprinting • Privacy: Find out what websites are being browsed. 24
Cross VM Attacks (Cache) Placement Placement Placement How does the attacker co-reside in the same physical machine as the victim ? *Ristenpart et.al., Hey, you, get off of my cloud: exploring information leakage in third-party compute 25 clouds , CCS- 2009 A Survey of Micro-Architectural Side Channel Attacks in the Cloud D.A.Balaraju 6/45
Cross VM Attacks (DRAM) 26
Internal Collision Attacks Victim (Adversary) 27
Internal Collisions on a Cipher Part of a Cipher P P 0 4 K K 0 4 P ⊕ K P ⊕ K 0 0 4 4 Table Table (Adversary) P 0 ,P 4 If cache hit (less time) : If cache miss (more time) : P K P K ⊕ ≠ ⊕ P K P K ⊕ = ⊕ 0 4 0 4 0 4 0 4 K K P P ⇒ ⊕ ≠ ⊕ K K P P ⇒ ⊕ = ⊕ 4 4 0 0 4 4 28 28 0 0
P 4 P 0 Random Suppose P4 Average DOM (K 0 = 00 and k 4 = 50) Time 00 2945.3 1.8 P 0 = 0, all other inputs are • Block Cipher random 10 2944.4 0.9 Make N time measurements • 20 2943.7 0.2 Segregate into Y buckets • based on value of P 4 30 2943.7 0.2 Find average time of each • Cipher Text 40 2944.8 1.3 bucket P 0 P 4 50 2937.4 -6.3 Find deviation of each • average from overall 60 2943.3 -0.2 K 0 K 4 average (DOM) 70 2945.8 2.3 T T : : : F0 Average : 2943.57 2941.8 -1.7 K K P P ⊕ = ⊕ Maximum : -6.3 4 4 0 0
Implementation Difference of Easiness to attack Means AES (OpenSSL 0.9.8a ) -6.5 DES (PolarSSL 1.1.1 ) +11 CAMELLIA (PolarSSL 1.1.1) 19.2 CLEFIA (Ref. 23.4 Implementation 1.0) 30
Speculation Attacks Some of the slides motivated from Yuval Yarom’s talk on Meltdown and Spectre at the Cyber security research bootcamp 2018 31
Out-of-order execution How instructions are How they may be How the results are fetched executed committed load r0, addr1 sub r4, r5, r6 r0 mov r2, r1 store r1, add2 r2 add r2, r2, r3 mov r2, r1 r2 store r1, add2 add r2, r2, r3 addr2 sub r4, r5, r6 load r0, addr1 r4 inorder order restored out-of-order Out the processor core, execution looks in-order Insider the processor core, execution is done out-of-order 32
Speculative Execution cmp r0, r1 jnz label cmp r0, r1 load r0, addr1 r0 jnz label load r0, addr1 mov r2, r1 r2 mov r2, r1 add r2, r2, r3 r2 add r2, r2, r3 store r1, add2 add2 store r1, add2 sub r4, r5, r6 r4 sub r4, r5, r6 : : : : : : : : : label: label: more instructions more instructions How instructions are How results are How instructions are fetched committed when executed speculation is correct Speculative execution (transient instructions) 33
Speculative Execution cmp r0, r1 jnz label cmp r0, r1 load r0, addr1 jnz label load r0, addr1 mov r2, r1 mov r2, r1 add r2, r2, r3 add r2, r2, r3 store r1, add2 store r1, add2 sub r4, r5, r6 sub r4, r5, r6 : : : : : : : : : label: label: more instructions more instructions How instructions are How results are How instructions are fetched committed when executed speculation is incorrect Speculative execution (transient instructions) 34
Speculative Execution cmp r0, r1 div r0, r1 cmp r0, r1 load r0, addr1 div r0, r1 load r0, addr1 mov r2, r1 mov r2, r1 add r2, r2, r3 add r2, r2, r3 store r1, add2 store r1, add2 sub r4, r5, r6 sub r4, r5, r6 : : : : : : : : : label: label: more instructions more instructions How instructions are How results are How instructions are fetched committed when executed speculation is incorrect Speculative execution (eg. If r1 = 0) 35
Speculative Execution and Micro-architectural State data=84 Even though line 3 is not reached, the micro-architectural state is modified due to Line 3. 36
Meltdown Virtual address space of process Normal Circumstances Kernel space i = *pointer y = array[i * 256] Cache Memory Set 0 Set 1 *pointer Set 2 User space Set 3 array way 0 way 1 way 2 way 3 37
Meltdown Virtual address space of process Not normal Circumstances Kernel space i = *pointer y = array[i * 256] *pointer Cache Memory Set 0 Set 1 Set 2 User space Set 3 array way 0 way 1 way 2 way 3 38
Recommend
More recommend