side channel attacks and human secrets
play

Side-Channel Attacks and Human Secrets Yossi Oren, BGU - PowerPoint PPT Presentation

Side-Channel Attacks and Human Secrets Yossi Oren, BGU https://iss.oy.ne.ro @yossioren CROSSING Conference,TU Darmstadt, Germany September 2019 Joint work with Anatoly Shusterman, Lachlan Kang, Yosef Meltser, Yarden Haskal, Prateek Mittal


  1. Side-Channel Attacks and Human Secrets Yossi Oren, BGU https://iss.oy.ne.ro @yossioren CROSSING Conference,TU Darmstadt, Germany September 2019 Joint work with Anatoly Shusterman, Lachlan Kang, Yosef Meltser, Yarden Haskal, Prateek Mittal and Yuval Yarom

  2. https://orenlab.sise.bgu.ac.il

  3. Implementation Attacks Radiation Heat EM μ-Arch Input Output Secure Device Errors Bad Input Secret Timing Power Vibration 3

  4. Types of Secrets Crypto Secrets State Secrets Human Secrets Short-Term Addresses of Sensitive Identity Session Keys Instructions Passwords Long-Term Inventory of Installed Browsing History Signing Keys Vulnerable Software Images on Screen Long-Term Random Number Health Sensors Decryption Keys Generator State • What if the secret is compromised? • How do we protect the secret from attack?

  5. Target PC Target Adversary Sensitive Target Website Browser

  6. Tor Network Target PC Target Adversary Sensitive Target Website Browser

  7. Website Fingerprinting • Collect Labeled Network Traces Automated Website Fingerprinting • Extract through Deep Learning Vera Rimmer ∗ , Davy Preuveneers ∗ , Marc Juarez § , Tom Van Goethem ∗ and Wouter Joosen ∗ Features ∗ imec-DistriNet, KU Leuven e n . b v e e u u l . k @ c s } § imec-COSIC, ESAT, KU Leuven m e a t n l a s h e e . t a m a t t n b e o n fi r s e n . t i { u v c a l : e u n i c a l • Train Classifier m a i k u l m l o E a t . m d e s c o a n @ a s e z o f S P a r n I t . . j u i o t s i s i r c a t e n v m a t i n e v e r s : e s p r u s a i l d u s s s E m n d t h i t e o u a e b s e r i g i n u r w e s r i e c t e a o i t t h c y , h e c h n g v a e d t a r y i p r i w v e r ’ s t i f r l o n e T o r e n T o a l i d n h a t Abstract —Several studies have shown that the network traffic m e . m o t i r o c h e d a e t s f a r e a l b y m e r e s e e v d s a r v r r t e that is generated by a visit to a website over Tor reveals b s e u s a s i s i (classical/deep) o i o w v r k e v fi c e r e o m w o p r a f w f r e t o f t r e s k s information specific to the website through the timing and n l t o r k i t e a s u w b s l r e e t w e o n - a r n h a t i d i A s T o i c m h e sizes of network packets. By capturing traffic traces between f w h o r t o r n f o m n e l f e g i f r a n i n i n y , e - c h t o f y e l i d users and their Tor entry guard, a network eavesdropper can e - y n t i c i s s s i d s a r d e r e h i s e r e i p s t d v T h o r e A 7 a m s . i t leverage this meta-data to reveal which website Tor users are a l 4 ] . , k e t e , o c [ 1 a t a a c s i t a l r - d p e b u s e e t a r k w 1 visiting. The success of such attacks heavily depends on the r m w o fi c l a s e t c i n g c u o n ’ n p e w i r t i t i e d a s l o p a c a y p t r a l 0 particular set of traffic features that are used to construct the u n i c r f o u s m e n u e t h d • Classify m f q t , t e c o s o u n i r i n i s i h e z e n r p v 2 fingerprint. Typically, these features are manually engineered t s i t e g e a s n d o f fi n w a i s e t e n s n q u b s i t i o t i o n i w e and, as such, any change introduced to the Tor network can e c m a u r o r m a c h n f r h i c i f o w n n e l t o a l s o render these carefully constructed features ineffective. In this a n d v e c k c h g e r e t a e r a o a t v e s t d . F ) paper, we show that an adversary can automate the feature l e e r t e W 4 ] , b e p p e r a ( [ 2 D n r o e n n g ] , c a s d g n t i 1 9 a v e i t r i [ engineering process, and thus automatically deanonymize Tor e a t e r p 1 ] , r k t h n g [ 3 s i - w o fi c F i ] , a s e t a f e 2 5 c l Unknown n t r s i t [ a traffic by applying our novel method based on deep learning. We h e e b i e s a s n t W u d d y 5 o f s t a t e a l l e d o o f r e n u a s i t y s t m a collect a dataset comprised of more than three million network b b i l r i e i s s i s e c k s t , f e a a t a fi r e e n a t y , h e s T h d i h e b t traces, which is the largest dataset of web traffic ever used for s e t e d n g e s k s , l v y i ] a s s o r s o s i f s w s l a s s . w a e d m i c h m R website fingerprinting, and find that the performance achieved by r a t e e n i t T o r e l b l t h g o r e p r o n d a l t h s a g our deep learning approaches is comparable to known methods n h i c e s i n a - I T r a r n fi c 2 ] . m . c t e a s s i Network Traces C [ 3 l e f fi e l c l a o b r a i n a which include various research efforts spanning over multiple p r f t c h e , n s o m a e v 0 ] i o r e c h i [ 3 c a t a t u c e a e s fi f e c t i t o s i t . years. The obtained success rate exceeds 96% for a closed world g p r a w n e b r i n f - o w . s e e - o s h d i t e i n a t e e n z e b s n g s t b e g n i w e of 100 websites and 94% for our biggest closed world of 900 e h e c o e r c w i t a v r e p h y e s a l r e s h e s c t l a c n t i t u a c r e t r s e [ classes. In our open world evaluation, the most performant e a r o o r 0 0 e s f p p % c h 1 s a 6 i t s i e d - 9 w u r e a n deep learning model is 2% more accurate than the state-of- o s 9 1 e s a t c o p f s i t f e k s P r o e b v e t a s c y w t i s u r a 0 0 n c t h i 2 the-art attack. Furthermore, we show that the implicit features c c 1 s t i r , g e s a o f d i v e n o n e t n g e o h a t i a s d i o r h c n fi n M i t v automatically learned by our approach are far more resilient to 3 ] i a t s . w F 1 t h i t e u p W ] , [ w b s p 2 4 h o w e e e h e [ s f o k T 6 dynamic changes of web content over time. We conclude that k s n o t 9 ] . o r i o h a s [ s w n i t e 0 ] , c e s e i r o g h [ 2 u c T h e c a s , s 7 the ability to automatically construct the most relevant traffic r r y 4 ] h e a t e s a l [ d t u r e r c o t e o r c c d v t o g a f a e a p r o s t i e p 3 features and perform accurate traffic recognition makes our f o r t h v e s t o r o r k i n o n f w o t c t i l y e t n r a h i s deep learning based approach an efficient, flexible and robust o s t n a s x t t 6 c h e h e i n b e n t f a r u r e s s i s a t d r e e d h u f e d u c y t h e e a 0 o d n i t t w t r u e s a t i n m m m a t t h o o m c u t l e e . c h o a o b u r e a r h p r e a t 8 e s w e y f r e r k i s c k h e n g t t a t n i n technique for website fingerprinting. a i s e a r d o 0 a n h i s l s e o f T n e b a n . c h i s , - i o m a e s r o c a t o c w 7 t p i fi n a l p r r a I NTRODUCTION h a a s s o a l o f l t c l d i t i n u o n o o r a m a t i t d f t a n t a 1 o n p e o i s s e h e a t i e l o k . e p n g r e o t n i c e v o r s t r i e p t I . u d w a l e e a r a n t m m l y n t i g i n d e v : o v e s ’ s e n fi n e l e c c t i s e r e s e e o t r o r s a a u A n u r e , t o s m v i a n i t s e a t d g m e n o r ) i s o f F l e r e e v ( T I t y g . w a e r s . a c n t s r i n n o h a t b g u t e e r i v t e e e t k t t o i n i R o u s p r o n i n e r i c s e d a r n n e t h e e c n g x p i s t o v l e X o r n t t h e d e e r p r e O n i n t e r e s t s a n a c t n g i n I s u y p a r r i c h e n c r c h e e m a e n g i n e n r a

Recommend


More recommend