Hardware-Software Integrated Approaches to Defend Against Software Cache-based Side Channel Attacks Jingfei Kong* University of Central Florida Onur Acıiçmez.

Slides:



Advertisements
Similar presentations
AES Side Channel Attacks
Advertisements

Performance Evaluation of Cache Replacement Policies for the SPEC CPU2000 Benchmark Suite Hussein Al-Zoubi.
Performance of Cache Memory
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
1 Lecture 3: Secret Key Cryptography Outline concepts DES IDEA AES.
Exploiting Spatial Locality in Data Caches using Spatial Footprints Sanjeev Kumar, Princeton University Christopher Wilkerson, MRL, Intel.
White-Box Cryptography
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Block Ciphers and the Data Encryption Standard
Cryptography and Network Security
Overview of Cache and Virtual MemorySlide 1 The Need for a Cache (edited from notes with Behrooz Parhami’s Computer Architecture textbook) Cache memories.
Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
1 Improving Hash Join Performance through Prefetching _________________________________________________By SHIMIN CHEN Intel Research Pittsburgh ANASTASSIA.
1  Caches load multiple bytes per block to take advantage of spatial locality  If cache block size = 2 n bytes, conceptually split memory into 2 n -byte.
1 Balanced Cache:Reducing Conflict Misses of Direct-Mapped Caches through Programmable Decoders ISCA 2006,IEEE. By Chuanjun Zhang Speaker: WeiZeng.
Memory: Virtual MemoryCSCE430/830 Memory Hierarchy: Virtual Memory CSCE430/830 Computer Architecture Lecturer: Prof. Hong Jiang Courtesy of Yifeng Zhu.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
1  1998 Morgan Kaufmann Publishers Chapter Seven Large and Fast: Exploiting Memory Hierarchy (Part II)
Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.
SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Secure Embedded Processing through Hardware-assisted Run-time Monitoring Zubin Kumar.
Intel Architecture. Changes in architecture Software architecture: –Front end (Feature changes such as adding more graphics, changing the background colors,
A Compact and Efficient FPGA Implementation of DES Algorithm Saqib, N.A et al. In:International Conference on Reconfigurable Computing and FPGAs, Sept.
A Novel Cache Architecture with Enhanced Performance and Security Zhenghong Wang and Ruby B. Lee.
 Higher associativity means more complex hardware  But a highly-associative cache will also exhibit a lower miss rate —Each set has more blocks, so there’s.
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
Chapter 20 Symmetric Encryption and Message Confidentiality.
LOGO Hardware side of Cryptography Anestis Bechtsoudis Patra 2010.
Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaoton Zhuang, Tao Zhang, Hsien-Hsin S. Lee, Santosh Pande HIDE: An Infrastructure.
1 Fast and Efficient Partial Code Reordering Xianglong Huang (UT Austin, Adverplex) Stephen M. Blackburn (Intel) David Grove (IBM) Kathryn McKinley (UT.
The Memory Hierarchy 21/05/2009Lecture 32_CA&O_Engr Umbreen Sabir.
How to Build a CPU Cache COMP25212 – Lecture 2. Learning Objectives To understand: –how cache is logically structured –how cache operates CPU reads CPU.
Garo Bournoutian and Alex Orailoglu Proceedings of the 45th ACM/IEEE Design Automation Conference (DAC’08) June /10/28.
1 Vulnerabilities on high-end processors André Seznec IRISA/INRIA CAPS project-team.
TinySec : Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Anil Karamchandani 10/01/2007.
Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.
A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.
Precomputation- based Prefetching By James Schatz and Bashar Gharaibeh.
By Sandeep Gadi 12/20/  Design choices for securing a system affect performance, scalability and usability. There is usually a tradeoff between.
Chapter 5 Memory III CSE 820. Michigan State University Computer Science and Engineering Miss Rate Reduction (cont’d)
COMP SYSTEM ARCHITECTURE HOW TO BUILD A CACHE Antoniu Pop COMP25212 – Lecture 2Jan/Feb 2015.
Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.
Chapter 2 Symmetric Encryption.
DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.
Virtual Memory Review Goal: give illusion of a large memory Allow many processes to share single memory Strategy Break physical memory up into blocks (pages)
Block Ciphers and the Data Encryption Standard. Modern Block Ciphers  One of the most widely used types of cryptographic algorithms  Used in symmetric.
On the Importance of Optimizing the Configuration of Stream Prefetches Ilya Ganusov Martin Burtscher Computer Systems Laboratory Cornell University.
Overview on Hardware Security
Cache Performance Samira Khan March 28, 2017.
Virtual Memory - Part II
Triple DES.
New Cache Designs for Thwarting Cache-based Side Channel Attacks
Virtual Memory Use main memory as a “cache” for secondary (disk) storage Managed jointly by CPU hardware and the operating system (OS) Programs share main.
5.2 Eleven Advanced Optimizations of Cache Performance
Cache Memory Presentation I
RANDOM FILL CACHE ARCHITECTURE
Implementation of IDEA on a Reconfigurable Computer
Professor, No school name
Gurunath Kadam (College of William and Mary)
Morgan Kaufmann Publishers Memory Hierarchy: Virtual Memory
CSE451 Virtual Memory Paging Autumn 2002
Paging and Segmentation
Virtual Memory: Working Sets
Cache - Optimization.
ARM920T Processor This training module provides an introduction to the ARM920T processor embedded in the AT91RM9200 microcontroller.We’ll identify the.
Presentation transcript:

Hardware-Software Integrated Approaches to Defend Against Software Cache-based Side Channel Attacks Jingfei Kong* University of Central Florida Onur Acıiçmez Samsung Electronics Jean-Pierre Seifert TU Berlin & Deutsche Telekom Laboratories Huiyang Zhou University of Central Florida

University of Central Florida2 Why Should We Care about Side Channel Attacks? Cryptographic applications are the very important software component in modern computers( e.g. secure online transactions) Cryptographic algorithms are designed to impose unreasonable time and resource cost on a successful attack  To break a 128-bit symmetric key in brute-force: possibilities, a device that can check 2 60 /second still requires around 9.4*2 40 years, about 700 times the age of the universe. By exploiting certain features of modern microprocessors, it may just take few hours to get the secret key!

University of Central Florida3 What are Software Cache-based Side Channel Attacks? Side channel attacks  exploit any observable information generated as a byproduct of the cryptosystem implementation, e.g. power trace, electromagnetic radiation  infer the secret information, e.g. the secret key Software cache-based side channel attacks  exploit latency difference between cache access and memory access  the source of information leakage: cache misses of critical data whose addresses are dependent on the secret information  mainly access-driven attacks and time-driven attacks

University of Central Florida4 An Example: Advanced Encryption Standard (AES) one of the most popular algorithms in symmetric key cryptography  16-byte input (plaintext)  16-byte output (ciphertext)  16-byte secret key (for standard 128-bit encryption)  several identical rounds of 16 XOR operations and 16 table lookups in a performance-efficient software implementation index byte secret key byte input/output byte Lookup Table

University of Central Florida5 Access-driven Attacks Cache Main Memory spy process’s datavictim process’s data a b c d b>(a≈c≈d)

University of Central Florida6 Time-driven Attacks cache hit/miss computation cache hit/miss computation Total execution time is affected by cache misses indices of table lookups secret key byteinput/output byte

University of Central Florida7 Cache-collision Time-driven Attacks on AES XiXj cache hit/miss i computation cache hit/miss j computation KiKj Case 2: Xj Kj = Xi Ki Case 1: Xj Kj ≠ Xi Ki Statistically speaking, Case 1 takes longer execution time than Case 2. Only when Ki Kj = Xi Xj, AES encryption exhibits the shortest execution time Xj Kj = Xi Ki => Ki Kj = Xi Xj cache access j is a cache miss assuming no same cache access before cache access j is a cache hit assuming no conflict miss in between

University of Central Florida8 The Foundation of Cache-Collision Attacks the number of collisions in the final round of AES A higher number of collisions, a smaller number of cache misses, thus a shorter encryption time one Pentium 4 processor

University of Central Florida9 Current Proposed Software/Hardware Countermeasures Software proposals + easy to deploy with no hardware changes −application specific −substantial performance overhead −data layout and code have to be changed −no security guarantee Hardware proposals + generic (not application specific) + performance efficient −still with some security issues −hardware changes −not flexible

University of Central Florida10 Hardware-Software Integrated Approaches Hardware tackles the source of information leakage: cache misses over critical data Software offers the flexibility, even against future attacks Three approaches for enhancing the security of various cache designs with tradeoffs between hardware complexity and performance overhead  preloading to protect PLcache (from ISCA’07)  securing RPcache (from ISCA’07) with informing loads  securing regular caches with informing loads

University of Central Florida11 Informing Loads Approach: Informing Memory Operations Informing load instructions  work as normal load instructions upon cache hits  generate an user-level exception upon cache misses  originally proposed as a lightweight support for memory optimization (ISCA’96) Leverage the same information exploited by attacks  Use informing load instructions to read data from lookup tables  The flexible countermeasures are provided by software implementation in the exception handler

University of Central Florida12 Defend against access-driven attacks !Even the very first cache miss is security-critical to access-driven attacks software random permutation in AES implementation +randomize the mapping between table indices and cache lines +obfuscate attackers’ observation !Fixed software random permutation is vulnerable detect the event of cache misses using informing loads and perform permutation update in the exception handler +every time there is a chance ( cache miss ) to leak the information, the permutation is changed randomly +balance the tradeoff between security and performance  Overall, a software random permutation scheme with permutation update only when necessary ( cache misses )

University of Central Florida13 Defend against time-driven attacks !The correlation between the secret key and number of cache misses detect the event of cache misses using informing loads load all the critical data into cache in the exception handler +avoid cache misses for subsequent cache access +break the correlation

University of Central Florida14 The Defense Procedure 0. AES implementation uses the software random permutation version instead of the original one 1. Informing load instructions are used to load those critical data 2. The cache miss over critical data is detected by informing load instructions. The program execution is redirected to the user-level exception handler. 3. Inside the exception handler, all critical data are preloaded into cache. Also permutation update is performed between the missing cache line and a randomly-chosen cache line. Cache Main Memory other process’s dataAES’ data

University of Central Florida15 The Implementation of Software Random Permutation in AES converted lookup tablesoriginal lookup table

University of Central Florida16 Countermeasure Implementation in the Exception Handler  permutation update to defend against access-driven attacks by swapping both the pointers and the data  preload all table data to defend against time-driven attacks through prefetching from address pointers T’[0], T’[1], …, T’[K-1]

University of Central Florida17 Experiments Experimental Setup  Default processor configuration in a MIPS-like SimpleScalar simulator pipeline bandwidth:4, 128 ROB, 64 IQ, 64 LSQ 32KB 2-way I/D L1, 2MB L2, cache block size 64B fetch policy for SMT: round-robin  AES software implementation (baseline): OpenSSL 0.9.7c implementation  AES performance microbenchmark: OpenSSL speed test program Security Evaluation  impact of ILP and MLP on cache collision time-driven attacks  security analysis on our regular caches with informing loads approach Performance Evaluation  performance impact on AES  performance impact on an SMT processor

University of Central Florida18 Impact of ILP and MLP on Cache-collision Time-driven Attacks the less correlation between the number of cache collisions and the execution time the more ILP and MLP, the less observable trend the number of cache collisions in the final round of AES the less correlation between the key and execution time, the more number of samples required for a successful attack

University of Central Florida19 Security Evaluation on Regular Caches with Informing Loads Mitigation against access-driven attacks (see the theoretical proof from Wang et al. at ISCA’07) Mitigation against cache collision time-driven attacks the number of cache collisions in the final round of AES

University of Central Florida20 Performance Impact on AES performance takes a hit because of cache conflict misses between the lookup table data and other data, which causes lots of exception handling performance improves as cache conflict misses between lookup table data and other data are almost gone because of larger caches/more associativties most of the overhead is because of the indirection table introduced for software randomization

University of Central Florida21 Performance Impact on a 2-way SMT Processor AES running with SPEC2000 INT With larger caches / more associativities, the performance overheads on throughput and fairness from the exception handling are diminishing Still the indirection table lookup imposes certain performance overhead on the throughput

University of Central Florida22 Conclusions Software cache-based side channel attacks are emerging threats Cache misses are the source of information leakage We proposed hardware-software integrated approaches to provide stronger security protection over various cache designs  A light-weight hardware support, informing loads, is proposed to protect regular caches with flexible software countermeasures and it incurs certain performance overhead  Preloading and informing loads are also proposed to enhance the security of previously proposed secure cache designs.

University of Central Florida23 Thank you! Questions?