side channel attacks in a microkernel environment
play

Side-channel attacks in a microkernel environment Thomas Frase - PowerPoint PPT Presentation

Apr 25, 2023 •295 likes •580 views

Side-channel attacks in a microkernel environment Thomas Frase Thomas.b.Frase@student.hs-rm.de Fabian Seiberling Fabian.b.Seiberling@student.hs-rm.de 1st Wiesbaden Workshop on 13.02.2014 Advanced Microkernel Operating Systems Table of

  1. Side-channel attacks in a microkernel environment Thomas Frase Thomas.b.Frase@student.hs-rm.de Fabian Seiberling Fabian.b.Seiberling@student.hs-rm.de 1st Wiesbaden Workshop on 13.02.2014 Advanced Microkernel Operating Systems

  2. Table of contents 2 Introduction 1 2 Public Key Cryptography 3 Side-channel Attacks Real-world Examples 4 Conclusion 5

  3. Introduction 3 Side-channel attacks use the physical implementation of a cryptographic function to gain information about the key. Cryptographic Implementation Ciphertext Decryption function Message Key Side-channel information Side-channel attack

  4. Public Key Cryptography 4 Alice Bob Generate big primes p and q

  5. Public Key Cryptography 4 Alice Bob Calculate n = p · q

  6. Public Key Cryptography 4 Alice Bob Find e with gcd ( e , n ) = 1

  7. Public Key Cryptography 4 Alice Bob Find d with e · d ≡ 1 ( mod n )

  8. Public Key Cryptography 4 Alice Bob Public key: ( e , n ) Private key: ( d , n )

  9. Public Key Cryptography 4 Public Key ( e , n ) Alice Bob

  10. Public Key Cryptography 4 Alice Bob Encrypt mes- sage: c = m e ( mod n )

  11. Public Key Cryptography 4 Encrypted message c Alice Bob

  12. Public Key Cryptography 4 Alice Bob Decrypt mes- sage: m = c d ( mod n )

  13. Exponentiation by squaring 5 Algorithm Input : c , d , n Output : m let d 1 , ..., d n be the bits of d ; let bits ( x ) be the bit-length of x ; m ← 1; for i = bits ( d ) down to 1 do m ← m 2 ( mod n ) ; if d i = 1 then m ← m · c ( mod n ) ; end end

  14. Side-channel Attacks 6 Types of side channel attacks: Acoustic cryptanalysis Data remanence Differential fault analysis Electromagnetic attacks Power monitoring attack Timing attack

  15. Side-channel Attacks 7 Acoustic cryptanalysis Attacks which use the noise emitted by the computer while using the cryptographic function. Data remanence attacks which use to read the data which was used by a cryptographic function. The data can be restored after the cryptographic function delete them.

  16. Side-channel Attacks 8 Differential fault analysis This attack create a fault in the cryptographic function to gain information about the current state of the function. A fault can be created with high temperature, to high or low voltage or with electric or magnetic fields. Electromagnetic attacks Attacks which use the electromagnetic field to gain information about the secret of the cryptographic function.

  17. Side-channel Attacks 9 Power monitoring attack This attack used the characteristic of the power consumption for each instruction of the CPU. Timing attack Attacks which measure the execution time of parts of the cryptographic function to gain information.

  18. Example: Power monitoring attack 10 Square-and-multiply algorithm Different amount of power Digital oscilloscope Differential power analysis

  19. Acoustic Attack 11 Genkin, Shamir and Tromer RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis Extraction of full 4096-bit RSA key Attack using various microphones Uses adaptive chosen-ciphertext Target: GnuPG on Laptops

  20. Acoustic Attack 12 Electrical components produce high-frequency noise Voltage regulator noise depends heavily on CPU instructions / load Various CPU instructions distinguishable in acoustic spectrum

  21. Acoustic Attack 13 GnuPG uses optimization (RSA-CRT) m p = c d p m q = c d q ( mod p ) ( mod q ) Attack targets each bit of q individually Choose c Determine q i = 1 or q i = 0 Modify c according to last step Repeat Factorize n from q

  22. Acoustic Attack 14 Consequences for microkernels? Attack is independent of operating system Mitigation best done on algorithm-level Self-eavesdropping can be mitigated by considering the microphone a security critical resource

  23. Access-driven Cross-VM Attack 15 Yinqian, Juels, Reiter, and Ristenpart Cross-VM Side Channels and Their Use to Extract Private Keys Almost complete extraction of private key Required brute-force search of about 10,000 keys Target: GnuPG in a Xen-based VM

  24. Access-driven Cross-VM Attack 16 Attacker and victim on different guest VMs Attacker spies on the instruction cache Cache-based delays reveals used code paths in victim

  25. Access-driven Cross-VM Attack 17 Preempting the victim Noise-reduction Classification SVM (Support vector machines) HMM (Hidden Markov model) Fragment stitching

  26. Access-driven Cross-VM Attack 18 Consequences for microkernels? Side-channel resistant algorithms Scheduling Make it hard for the attacker to preempt the victim Flushing caches Flush instruction cache on context switch for critical tasks

  27. Conclusion 19 Side-channel attacks can be used on a microkernel Some attacks can be prevented by additional security Implementations on the microkernel Some attacks can only prevented by changing the Implementation of the cryptographic function

Recommend

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks

Performing Low-cost Electromagnetic Side-channel Attacks using RTL-SDR and Neural Networks Pieter Robyns Motivation and introduction Motivation Information about performing EM side-channel attacks using SDR is quite scarce A few

758 views • 42 slides
HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume

HOST Differential Power Attacks ECE 525 Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately,

363 views • 12 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS SIDE CHANNEL ATTACKS

Nicolas Belleville 1 Damien Courouss 1 Karine Heydemann 2 1 Univ Grenoble Alpes, CEA, List, F-38000 Grenoble, France Henri-Pierre Charles 1 firstname.lastname@cea.fr 2 Sorbonne Universit, CNRS, LIP6, F-75005, Paris, France

715 views • 53 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz MIT CSAIL Microsoft Research Security is a big concern in cloud adoption Why are cache-based side channel

588 views • 38 slides
CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security

CPU Side-Channel Attacks the Meltdown Attack Heechul Yun 1 This Week: Hardware Security Introduction Meltdown Papers Spectre Attacks: Exploiting Speculative Execution, IEEE Security and Privacy (S&P), 2019 (Dustin)

726 views • 44 slides
Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet

Arithmetic of pairings, performance and weakness toward side channel attacks Nadia El Mrabet GREYC - LMNO Universit e de Caen Darmstadt 29th of April 2010 1 / 59 Outline Pairing over elliptic curves 1 Definition and properties of

1.55k views • 111 slides
Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer

Open Source Enclave Workshop 2019 Side-Channel Attacks and Defenses for SGX and SEV Yinqian Zhang Associate Professor Computer Science & Engineering The Ohio State University Userland TEEs on Commodity Processors Application VM VM

154 views • 14 slides
Side-Channel Attacks and Human Secrets Yossi Oren, BGU https://iss.oy.ne.ro @yossioren

Side-Channel Attacks and Human Secrets Yossi Oren, BGU https://iss.oy.ne.ro @yossioren

Side-Channel Attacks and Human Secrets Yossi Oren, BGU https://iss.oy.ne.ro @yossioren CROSSING Conference,TU Darmstadt, Germany September 2019 Joint work with Anatoly Shusterman, Lachlan Kang, Yosef Meltser, Yarden Haskal, Prateek Mittal

288 views • 27 slides
The impact of side-channel attacks on the design of cryptosystems D. J. Bernstein University of

The impact of side-channel attacks on the design of cryptosystems D. J. Bernstein University of

The impact of side-channel attacks on the design of cryptosystems D. J. Bernstein University of Illinois at Chicago The standard model of senders, receivers, attackers, etc.: 1. Parties perform computation, send messages to other parties.

550 views • 32 slides
Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA August 2, 2007 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

533 views • 41 slides
LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me PhD student at Hasselt University since 2014 Since 2016 on FWO SBO research grant Researching wireless security Protocol security,

803 views • 57 slides
Optimal Attacks for Multivariate and Multimodel Side-Channel Leakages Nicolas Bruneau, Sylvain

Optimal Attacks for Multivariate and Multimodel Side-Channel Leakages Nicolas Bruneau, Sylvain

Introduction Solution Results Conclusions and perspectives Optimal Attacks for Multivariate and Multimodel Side-Channel Leakages Nicolas Bruneau, Sylvain Guilley, Annelie Heuser, Damien Marion and Olivier Rioul Saturday August 20, 2016

1.11k views • 36 slides
Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World Mengjia Yan , Read

Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World Mengjia Yan , Read

Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World Mengjia Yan , Read Sprabery, Bhargava Gopireddy, Christopher W. Fletcher, Roy Campbell, Josep Torrellas University of Illinois at Urbana-Champaign S&P19 May

304 views • 16 slides

More recommend