pixelvault using gpus for securing cryptographic opera ons
play

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! - PowerPoint PPT Presentation

Jul 14, 2023 •381 likes •737 views

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis+ + +gvasil@ics.forth.gr+ 1! Mo%va%on! Secret!keys!may!remain!unencrypted!in!CPU! Registers,!RAM,!etc.! Memory!disclosure!a?acks! Heartbleed!

  1. PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis+ + +gvasil@ics.forth.gr+ 1!

  2. Mo%va%on! • Secret!keys!may!remain!unencrypted!in!CPU! Registers,!RAM,!etc.! – Memory!disclosure!a?acks! • Heartbleed! – DMA/Firewire!a?acks! – Physical!a?acks! • ColdGboot!a?acks! – …! 3!

  3. PixelVault!Overview! • Runs!encryp%on! Host! securely!outside!CPU/ RAM! Host!CPU! • Only!onGchip!memory! of!GPU!is!used!as! PLAINTEXT CIPHERTEXT storage! • Secret!keys!are!never! CIPHER observed!from!host! Graphics+Card+ 4!

  4. Cryptographic!Processing!with!GPUs! • GPUGaccelerated!SSL! SSH! Web! IMAP! Server! Server! Server! – [CryptoGraphics,!CTGRSA’05]! – [Harrison!et!al.,!Sec’08]! – [SSLShader,!NSDI’11]! OpenSSL!stub! – …! • HighGperformance! • CostGeffec%ve! GPU! 5!

  5. Cryptographic!Processing!with!GPUs! • GPUGaccelerated!SSL! SSH! Web! IMAP! Server! Server! Server! – [CryptoGraphics,!CTGRSA’05]! – [Harrison!et!al.,!Sec’08]! – [SSLShader,!NSDI’11]! OpenSSL!stub! – …! • HighGperformance! • CostGeffec%ve! GPU! Can+we+also+make+it+secure?+ 6!

  6. Implementa%on!Challenges! • How!to!isolate!GPU!execu%on?! • Who!holds!the!keys?! • Where!is!the!code?! 7!

  7. Implementa%on!Challenges! • How!to!isolate!GPU!execu%on?! • Who!holds!the!keys?! • Where!is!the!code?! 8!

  8. GPU!as!a!coprocessor! • Typically!handled!by!the!host! – Load!parameters,!launch!GPU!program,!transfer! data,!etc.! • Not!secure!for!our!purposes! – Crypto!keys!have!to!be!transferred!every!%me! 9!

  9. Autonomous!GPU!execu%on! • Force!GPU!program!to!run!indefinitely! – i.e.,!using!an!infinite! while !loop! • GPUs!are!nonGpreemp%ve! – No!other!program!can!run!at!the!same!%me! • We!use!a!shared!memory!segment!for! communica%on!between!the!CPU!and!the! GPU! 10!

  10. Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • Page%locked+ memory! Server! Server! Server! – Accessed!by!the!GPU! directly,!via!DMA! – Cannot!be!swapped!to! OpenSSL!stub! disk! Shared+Memory+Segment+ • Processing!requests!are! issued!through!this! shared!memory!space! GPU+ 11!

  11. Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • GPU!con%nuously! Server! Server! Server! monitors!the!shared! space!for!new!requests! OpenSSL!stub! ! Shared+Memory+Segment+ GPU+ 12!

  12. ���������� ���������� Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • When!a!new!request!is! Server! Server! Server! available,!it!is! transferred!to!the! memory!space!of!the! OpenSSL!stub! GPU! REQUEST msg# Shared+Memory+Segment+ offsets[msg#] ! keyIDs[msg#] msg_buf[] GPU+ 13!

  13. ���������� ���������� ���������� ���������� Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • The!request!is! Server! Server! Server! processed!by!the!GPU! OpenSSL!stub! ! Shared+Memory+Segment+ RESPONSE REQUEST msg# msg# offsets[msg#] offsets[msg#] keyIDs[msg#] keyIDs[msg#] enc_msg_buf[] msg_buf[] 14!

  14. ���������� ���������� Shared!Memory!between!CPU/GPU! SSH! Web! IMAP! • When!processing!is! Server! Server! Server! finished,!the!host!is! no%fied!by!secng!the! response!parameter! OpenSSL!stub! fields!accordingly! RESPONSE msg# Shared+Memory+Segment+ offsets[msg#] keyIDs[msg#] enc_msg_buf[] GPU+ 15!

  15. Autonomous!GPU!execu%on! SSH! Web! IMAP! • NonGpreemp%ve! Server! Server! Server! execu%on! OpenSSL!stub! • Only!the!output!block!is! being!wri?en!back!to! host!memory! Shared+Memory+Segment+ input output non-preemptive exec GPU+ 16!

  16. Implementa%on!Challenges! • How!to!isolate!GPU!execu%on?! • Who!holds!the!keys?! • Where!is!the!code?! 17!

  17. Who!holds!the!keys?! GPU! Mul%processor!N! Host!Memory! Mul%processor!2! Global!Memory! Mul%processor!1! CPU! Regs! (Host)! Shared! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris%cs! 18!

  18. Who!holds!the!keys?! GPU! Mul%processor!N! Host!Memory! Mul%processor!2! Global!Memory! Mul%processor!1! CPU! Regs! (Host)! Shared! OffGchip!global!memory.! Memory! Cache! No!protec%on;!data!can! SP! SP! SP! SP! be!acquired!by!the!CPU! directly.!! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris%cs! 19!

  19. Who!holds!the!keys?! GPU! Mul%processor!N! OnGchip!memories! Host!Memory! Mul%processor!2! Global!Memory! Mul%processor!1! CPU! Regs! (Host)! Shared! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris%cs! 20!

  20. Who!holds!the!keys?! GPU! Comparable!with! scratchpad!RAM!in!other! Mul%processor!N! architectures.! Host!Memory! ! Mul%processor!2! Global!Memory! Unfortunately ,!its!contents! Mul%processor!1! can!be!acquired!by!a! CPU! Regs! subsequent!GPU!program.!! (Host)! Shared! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris%cs! 21!

  21. Who!holds!the!keys?! GPU! Mul%processor!N! Host!Memory! Many!different!data!caches! Mul%processor!2! (L1GL3,!texture,!constant).! Global!Memory! Mul%processor!1! Unfortunately ,!the!data!stored! CPU! there!cannot!be!managed!by! Regs! (Host)! Shared! the!programmer! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris%cs! 22!

  22. Who!holds!the!keys?! GPU! Mul%processor!N! Host!Memory! Reset!to!zero!on!each! Mul%processor!2! Global!Memory! GPU!kernel!execu%on.! Mul%processor!1! CPU! Regs! (Host)! Shared! Memory! Cache! SP! SP! SP! SP! SP! SP! SP! SP! • GPUs!contain!different!memory!hierarchies!of!…! – different!sizes,!and!…! – different!characteris%cs! 23!

  23. Keeping!secrets!on!GPU!registers! • Secret!keys!are!loaded!on!GPU!registers!at!an! early!stage!of!the!bootstrapping!phase! – Remain!there!as!long!as!the!autonomous!GPU! program!is!running! • Unfortunately,!the!number!of!available! registers!in!current!GPU!models!is!small! – Enough!for!a!single/few!secret!keys,!but! what+ about+if+we+want+to+store+more?+ 24!

  24. Support!for!an!arbitrary!number!of!keys! • We!can!use!a!separate!KeyStore!array!that! holds!an!arbitrary!number!of!secret!keys! encrypted!keys!are! stored!in!GPU!global! each!key!is!decrypted!in!registers! during!encryp%on/decryp%on:! device!memory:! KeyStore+ GPU+Registers+File+ Master! Key! copy!to!registers! Enc’ed!Key! Dec’ed!Key! 25!

  25. Implementa%on!Challenges! • How!to!isolate!GPU!execu%on?! • Who!holds!the!keys?! • Where!is!the!code?! 26!

  26. Where!is!the!code?! • GPU!code!is!ini%ally!stored!in!global!device! memory!for!the!GPU!to!execute!it! – An!adversary!could!replace!it!with!a!malicious! version! Global+Device+ Memory+ 27!

  27. Prevent!GPU!code!modifica%on!a?acks! • Three!levels!of!instruc%on!caching!(icache)! – 4KB,!8KB,!and!32KB,!respec%vely! – HardwareGmanaged! • Opportunity: !Load!the!code!to!the!icache,!and! then!erase!it!from!global!device!memory! – The!code!runs!indefinitely!from!the!icache! – Not!possible!to!be!flushed!or!modified! 28!

  28. PixelVault!Crypto!Suite! • Currently!implemented!algorithms! – AESG128! – RSAG1024! • Implemented!completely!using!onGchip! memory!(i.e.!registers,!scratchpad!memory)! – The!only!data!that!is!wri?en!back!to!global,!offG chip!device!memory!is!the!output!block! 33!

  29. AESG128!CBC!Performance! 6 6 GPU PixelVault 3 3 PixelVault (w/ KeyStore) 5 5 Throughput (Gbit/s) Throughput (Gbit/s) CPU Throughput (Gbit/s) Throughput (Gbit/s) Up!to!13%!overhead!! 4 4 Up!to!20%!overhead! 2 2 on!GPU!execu%on! 3 3 on!GPU!execu%on! 2 2 1 1 1 1 0 0 0 0 1 16 64 128 1024 4096 1 16 64 128 1024 4096 Number of Messages Number of Messages Number of Messages Number of Messages Encryp%on! Decryp%on! 37!

  30. AESG128!CBC!Performance! 6 6 GPU PixelVault 3 3 PixelVault (w/ KeyStore) 5 5 Throughput (Gbit/s) Throughput (Gbit/s) CPU 3xG4x!faster!than!CPU! Throughput (Gbit/s) Throughput (Gbit/s) 4 4 2 2 for!a!sufficient!number! Intel!Nehalem! 3 3 of!messages! single!core!(2.27GHz)!! 2 2 1 1 1 1 0 0 0 0 1 16 64 128 1024 4096 1 16 64 128 1024 4096 Number of Messages Number of Messages Number of Messages Number of Messages Encryp%on! Decryp%on! 38!

  31. RSA!1024Gbit!Decryp%on! #Msgs CPU GPU [25] PixelVault PixelVault (w/ KeyStore) 1 1632.7 15.5 15.3 14.3 16 1632.7 242.2 240.4 239.2 64 1632.7 954.9 949.9 939.6 112 1632.7 1659.5 1652.4 1630.3 128 1632.7 1892.3 1888.3 1861.7 1024 1632.7 10643.2 10640.8 9793.1 4096 1632.7 17623.5 17618.3 14998.8 8192 1632.7 24904.2 24896.1 21654.4 • PixelVault!adds!an!1%G15%!overhead!over!the!default!! GPUGaccelerated!RSA! 39!

Recommend

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis + +

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis + +

PixelVault:+Using+GPUs+for+Securing+ Cryptographic+Opera;ons+ ! Giorgos+Vasiliadis + + +gvasil@ics.forth.gr+ Elias!Athanasopoulos ! !elathan@ics.forth.gr! Michalis!Polychronakis ! !mikepo@cs.columbia.edu! So=ris!Ioannidis! ! !

931 views • 38 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Preliminary Results of the OPERA I and OPERA II Open-Label Extension Study RT Naismith, M

Preliminary Results of the OPERA I and OPERA II Open-Label Extension Study RT Naismith, M

Preliminary Results of the OPERA I and OPERA II Open-Label Extension Study RT Naismith, M Cascione, LME Grimaldi, SL Hauser, L Kappos, X Montalban, J Wolinsky, P Chin, H Garren, L Julian, F Model, D Honeycutt OPERA I, NCT01247324; OPERA II,

198 views • 15 slides
The OPERA Collaboration 140 physicists, 28 institutions in 11 countries Korea Israel Belgium

The OPERA Collaboration 140 physicists, 28 institutions in 11 countries Korea Israel Belgium

Neutrino Oscillations in the OPERA Experiment e e e e Umut KOSE on behalf of OPERA Collaboration NUFACT2014, XVIth

339 views • 23 slides
Welcome to CSE 506 Introduc/on & Review Don Porter 1 2 CSE 506: Opera.ng Systems CSE 506:

Welcome to CSE 506 Introduc/on & Review Don Porter 1 2 CSE 506: Opera.ng Systems CSE 506:

3/14/16 CSE 506: Opera.ng Systems CSE 506: Opera.ng Systems Why Grad OS? Primary Goal: Demys/fy how computers work Welcome to CSE 506 Introduc/on & Review Don Porter 1 2 CSE 506: Opera.ng Systems CSE 506: Opera.ng Systems An

355 views • 6 slides
Outline Integer representa+on and opera+ons Bit opera+ons

Outline Integer representa+on and opera+ons Bit opera+ons

Outline Integer representa+on and opera+ons Bit opera+ons Floa+ng point numbers Reading Assignment: Chapter 2 Integer & Float Number Representa+on

798 views • 50 slides
Outline Integer representa+on and opera+ons Bit opera+ons

Outline Integer representa+on and opera+ons Bit opera+ons

Outline Integer representa+on and opera+ons Bit opera+ons Floa+ng point numbers Reading Assignment: Chapter 2 Integer & Float Number Representa+on

479 views • 45 slides
The Status of the OPERA experiment O.Sato(Nagoya Univ.) On behalf of OPERA collaboration

The Status of the OPERA experiment O.Sato(Nagoya Univ.) On behalf of OPERA collaboration

The Status of the OPERA experiment O.Sato(Nagoya Univ.) On behalf of OPERA collaboration 2007.Jun.13 DBD07 OPERA Oscillation Project with Emulsion-tRacking Apparatus An Emulsion-Counter Hybrid experiment for CNGS Tau neutrino Beam

1.06k views • 62 slides
l O O O pra de pra de P P oche P l l pra de oche oche The Pocket Opera The

l O O O pra de pra de P P oche P l l pra de oche oche The Pocket Opera The

l O O O pra de pra de P P oche P l l pra de oche oche The Pocket Opera The Pocket Opera The Pocket Opera www.operadepoche.fr Appel dAirs Association Loi 1901 03220 Chtelperron France SIREN: 482 379 146 Licences

333 views • 8 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
Opera=ng Systems 2 Schedule Today Opera=ng Systems

Opera=ng Systems 2 Schedule Today Opera=ng Systems

Computer Systems and Networks ECPE 170 Jeff Shafer University of the Pacific Opera=ng Systems 2 Schedule Today Opera=ng Systems

544 views • 32 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Opera Productions Old and New 5. Grandest of the Grand Grand Opera Essentially a French

Opera Productions Old and New 5. Grandest of the Grand Grand Opera Essentially a French

Opera Productions Old and New 5. Grandest of the Grand Grand Opera Essentially a French phenomenon of the 1830s through 1850s, although many of its composers were foreign. Large-scale works in five acts (sometimes four), calling for

247 views • 23 slides
Opera Europa Digital Platform The whole world of opera free, live and on demand A free website

Opera Europa Digital Platform The whole world of opera free, live and on demand A free website

Opera Europa Digital Platform The whole world of opera free, live and on demand A free website A single, authoritative, accessible go to online destination for discovering the world of European opera. far-reaching editorial content

397 views • 21 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Gunrock High-Performance Graph Analytics for the GPU Muhammad Osama University of California, Davis Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found everywhere Found everywhere Road &

560 views • 23 slides
The HTML5 & CSS3 Landscape Chris Mills, Opera Software , all the way from sunny

The HTML5 & CSS3 Landscape Chris Mills, Opera Software , all the way from sunny

The HTML5 & CSS3 Landscape Chris Mills, Opera Software , all the way from sunny Manchester, UK Slides available At my.opera.com/ODIN (search for chrismills tag) I work for Opera Open web standards evangelist Technologist

1.34k views • 95 slides
Open the Web Making the Web open for everyone by David Storey Bio Chief Web Opener at Opera

Open the Web Making the Web open for everyone by David Storey Bio Chief Web Opener at Opera

Open the Web Making the Web open for everyone by David Storey Bio Chief Web Opener at Opera Software Product Manager Opera Presto & Opera Dragonfly W3C Mobile Web Best Practices WG Member Author, CSS3.info Value of Open Standards

438 views • 31 slides
Opera&onal Status of MINOS+ Fermilab Opera&ons Review 8

Opera&onal Status of MINOS+ Fermilab Opera&ons Review 8

Opera&onal Status of MINOS+ Fermilab Opera&ons Review 8 February, 2013 Rob PlunkeD, PPD Introduc&on MINOS+ collabora&on Readiness of near

751 views • 40 slides
Implementation of RSA 2048 on GPUs Marcelo E. Kaihara EPFL LACAL Nov. 4, 2010 Motivation

Implementation of RSA 2048 on GPUs Marcelo E. Kaihara EPFL LACAL Nov. 4, 2010 Motivation

Implementation of RSA 2048 on GPUs Marcelo E. Kaihara EPFL LACAL Nov. 4, 2010 Motivation NIST Recommendations for Key Management (SP 800-57) NIST DRAFT recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes (SP

710 views • 32 slides
Welcome to CSE 506 Introduc)on & Review Don Porter 1 CSE 506: Opera.ng Systems Why Grad

Welcome to CSE 506 Introduc)on & Review Don Porter 1 CSE 506: Opera.ng Systems Why Grad

CSE 506: Opera.ng Systems Welcome to CSE 506 Introduc)on & Review Don Porter 1 CSE 506: Opera.ng Systems Why Grad OS? Primary Goal: Demys)fy how computers work 2 CSE 506: Opera.ng Systems An example progression Undergrad OS:

603 views • 31 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
Signals and Inter-Process Communica.on Don Porter 1 CSE 506: Opera.ng Systems Housekeeping

Signals and Inter-Process Communica.on Don Porter 1 CSE 506: Opera.ng Systems Housekeeping

CSE 506: Opera.ng Systems Signals and Inter-Process Communica.on Don Porter 1 CSE 506: Opera.ng Systems Housekeeping Paper reading assigned for next class 2 CSE 506: Opera.ng Systems Logical Diagram Binary Memory Threads Formats

960 views • 36 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides

More recommend