Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leveraging Intel SGX to Create a Nondisclosure Cryptographic library

Published byErik Bridges Modified over 7 years ago

Similar presentations

Presentation on theme: "Leveraging Intel SGX to Create a Nondisclosure Cryptographic library"— Presentation transcript:

1 Leveraging Intel SGX to Create a Nondisclosure Cryptographic library
CS Computer and Network Security Project presentation Leveraging Intel SGX to Create a Nondisclosure Cryptographic library Mohammad H. Mofrad & Spencer L. Gray University of Pittsburgh Thursday, December 15, 2016 &

2 Preface Motivation Intel Software Guard Extension (SGX) SGX simulator
Linux SGX SDK Project details Cryptographic Algorithms Key generation Hashes SHA 256 HMAC SHA 256 Encryption AES ECB AES CBC Discussion Future work

3 Motivation Threat Model
An adversary has complete access to the OS No access to the hardware of the machine Need a way to keep important data confidential under this model Solution: a cryptographic library inside trusted hardware Cryptographic keys never leave the enclave

4 Introducing the Intel® SGX
Intuition: Computing devices are not trustworthy Inspired by Trusted Platform Module (TPM) TPM implemented the context of software attestation using hardware modules Enclaves are isolated regions of memory for code and data Encrypted Enclave Page Caches (EPCs) in RAM In SGX only CPU is trusted Added 18 new ISA Instructions Supervisor instructions: ECREATE, EINIT, … User instructions: EENTER, EEXIT, … Features: Reduced attack surface Attestation (local/remote) & Sealing Enclave APP APP APP X OS HW + SGX Trusted Untrusted

5 Related Work SGX1 (Initial release) SGX2 (Latest release)
Innovative instructions and software model for isolated execution Introducing the new instruction set Using innovative instructions to create trustworthy software solutions One Time Password (OTP), Secure Video Conferencing (SVC), and etc. case studies Innovative technology for CPU based attestation and sealing How to add SGX into Software lifecycle SGX2 (Latest release) Intel SGX support for dynamic memory management inside an enclave Added support for dynamic memory management Added support for changing permissions Secure exception handling Applications: Cloud, Network Function Virtualization (NFV), Containeraization

6 SGX Emulator Linux SGX SDK from 01.org
INTEL OPEN SOURCE .org Linux SGX SDK from 01.org Code: C and C++ Github repository at Supported OS Ubuntu LTS 64-bit References Intel SGX SDK for Linux OS programming reference Intel SGX SDK for Linux OS developer reference Intel Developer Zone Our implementations servers as an example in SampleCode directory of linux-sgx CryptoEnclave project Github repository: Algorithms from libtomcrypt Hashes: SHA 256 and HMAC SHA 256 Symmetric key: AES ECB and CBC with 128|192|256 key lengths

7 Cryptographic Library
We chose LibTomCrypt Designed to be extremely modular Easy to take only the algorithms we needed Minimize our trusted computing base Other options explored: OpenSSL and Crypto++ OpenSSL was designed to be fully downloaded Crypto++ was very unorganized (all files were in 1 directory)

8 Implementation Details
Ubuntu Virtual Machine Architecture: 64-bit virtual Machine RAM: 2GB Disk: 8GB Crypto Enclave project (~500) Application code Command line I/O interface Utility functions (~2300) Enclave implementation (~1600) Modified libtomcrypt borrowed codes (~700) Enclave crypto wrappers for crypto operations (~50) Enclave.edl Enclave.config.xml Makefile

9 Sgx_destroy_enclave()
Sample Scenario App.cpp Enclave.cpp Int main(){ Sgx_create_enclave() . dump_secret() get_secret() Sgx_destroy_enclave() } Char secret[10]; dump_secret() { } get_secret() Untrusted code & data Trusted code Makefile gcc, g++ Linux SGX SDk App binary

10 Key generation Symmetric keys- just need random bytes
Depends on a good pseudo random number generator Poor key generation leads to poor security Asymmetric keys- based upon “fancy” math Still depend on random numbers! If the base random numbers can be predicted, private keys can be easily computed The SGX already has key generation functions built in sgx_read_rand(key, keylen)

11 Hash Function Cryptographic primitive to provide integrity to data
The base algorithm can be computed safely in user space One-way function No secrets are involved HMAC depends on hash function to operate Keyed hash function (cannot be computed safely in user space) Provides higher level of data integrity

12 Hash Implementation LibTomCrypt’s functions:
sha256_init() – Initializes the hash sha256_process() - Takes input and uses it to build hash sha256_done() – Writes out the final hash to an output buffer Our function gen_sha256() is essentially a wrapper for LibTomCrypt’s implementation

13 SGX-enabled SHA 256 app enclave open(FILEN) read() EID + BUFFER = 4K
gen_sha256() EID + BUFFER = 4K gen_sha256(): sha256_init() sha256_process() read() gen_sha256() EID + BUFFER = 4K gen_sha256(): sha256_process() . read() gen_sha256() EID + BUFFER ≤ 4K gen_sha256(): sha256_process() sha256_done() close(FILE) EID get_sha256(): memcpy(SHA256) get_sha256() EID + SHA256 SHA256

14 SGX-enabled HMAC SHA 256 app enclave open(FILEN) EID + KLEN gen_key()
gen_key(KLEN): read() gen_hmac_sha256() EID + BUFFER = 4K gen_hmac_sha256(): hmac_init() hmac_process() read() gen_hmac_sha256() EID + BUFFER = 4K gen_hmac_sha256(): hamc_process() . read() gen_hmac_sha256() EID + BUFFER ≤ 4K gen_hmac_sha256(): hmac_process() hmac_done() close(FILE) EID get_hmac_sha256(): memcpy(HMAC256) get_hmac_sha256() EID + HMAC256 HMAC256

15 Symmetric Key Cryptography
Uses same key for encryption and decryption Encrypts/decrypts data in fixed sized blocks (usually) Modes of block chaining ECB-same block will always encrypt to the same cipher text CBC-Cipher text is partially determined by previous block

16 SGX-enabled AES ECB (Encryption)
app enclave open(FILEN) EID + KLEN gen_key() gen_key(KLEN128|192|256): read() encrypt_aes_ecb() EID + BUFFER = 4K encrypt_aes_ecb(): SETUP() ECB_ENC() EID + CIPHER = 4K read() encrypt_aes_ecb() EID + BUFFER = 4K encrypt_aes_ecb(): ECB_ENC() EID + CIPHER = 4K . read() encrypt_aes_ecb() EID + BUFFER ≤ 4K encrypt_aes_ecb(): ECB_ENC() ZERO_PADDING() EID + CIPHER = 4K close(FILE) CIPHERN

17 SGX-enabled AES ECB (Decryption)
app enclave decrypt_aes_ecb() EID + CIPHER = 4K decrypt_aes_ecb(): ECB_DEC() EID + PLAINTXT = 4K decrypt_aes_ecb() EID + CIPHER= 4K decrypt_aes_ecb(): ECB_DEC() EID + PLAINTXT = 4K . EID + CHIPHER = 4K decrypt_aes_ecb() decrypt_aes_ecb(): ECB_DEC() RM_ZERO_PADDING() EID + PLAINTXT ≤ 4K PLAINTXTN

18 SGX-enabled AES CBC (Encryption)
app enclave open(FILEN) EID + KLEN gen_key() gen_key(KLEN128|192|256): read() encrypt_aes_cbc() EID + BUFFER = 4K encrypt_aes_cbc(): gen_IV(IV128) setup_key() cbc_encrypt() EID + CIPHER = 4K read() encrypt_aes_cbc() EID + BUFFER = 4K encrypt_aes_ecb(): cbc_encrypt() EID + CIPHER = 4K . read() encrypt_aes_cbc() EID + BUFFER ≤ 4K encrypt_aes_cbc(): cbc_encrypt() ZERO_PADDING() EID + CIPHER = 4K close(FILE) CIPHERN

19 SGX-enabled AES CBC (Decryption)
app enclave decrypt_aes_cbc() EID + CIPHER = 4K decrypt_aes_cbc(): setup_key() cbc_decrypt() EID + PLAINTXT = 4K decrypt_aes_cbc() EID + CIPHER= 4K decrypt_aes_cbc(): cbc_decrypt() EID + PLAINTXT = 4K . EID + CHIPHER = 4K decrypt_aes_cbc() decrypt_aes_cbc(): cbc_decrypt() RM_ZERO_PADDING() EID + PLAINTXT ≤ 4K PLAINTXTN

20 Design Decisions Why we choose 4KB buffer size?
OS page size 4KB Multiple of 16 Enclave Heap size is a multiple of 4 Why we pass buffers of plaintext and ciphertext back and forth? We don’t want to exhaust the enclave memory In hardware mode, the Enclave heap size at max ~90MB Why we have a huge amount of I/O in this project? The basic idea here is that if we encrypt the keys and data inside the enclave, no one can extract the keys and original data even if an attacker can access them! The silver bullet of our project is that instead of bringing an insecure computation to the data, we bring the data to the enclave to securely perform the computations

21 Discussion Our implementation meets our goals under our threat model
Cryptographic keys never leave the enclave A compromised OS cannot recover secrets except through brute force attacks The security of the keys relies on the security of the SGX Discovery of attacks against SGX threaten our system Still weak to hardware and side channel attacks

22 Discussion What drives Intel’s incentive to launch SGX
For the good of the users i.e. adding another level of security on top of OS For the good of its market i.e. software that are SGX-enabled Need to accept the Intel license agreement Need to rely on Intel servers for remote attestation and sealing Literally, Intel is putting itself in the middle of software lifecycle Small Trusted Code Base (TCB) We only store keys, and hashes and nothing else We barely need less than 100KB of memory to handle a user session no matter what is the file size (~200) The computation are done inside the enclave Keys may never leave the enclave

23 Future Work Current uses are limited! Expand the existing library
Public key cryptography (RSA, ECC, Diffie Hellman) Pseudo random number generating algorithms Protocol to allow two enclaves to share keys Allow separate users to safely communicate using keys sealed in enclaves M1 E{M1} E{M1} E{M1} M1 E{M2} M2 E{M2} E{M2} M2

24

Download ppt "Leveraging Intel SGX to Create a Nondisclosure Cryptographic library"

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
White-Box Cryptography

White-Box Cryptography
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Secure Out-of-band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds Kenichi Kourai Tatsuya Kajiwara Kyushu Institute of Technology.

Secure Out-of-band Remote Management Using Encrypted Virtual Serial Consoles in IaaS Clouds Kenichi Kourai Tatsuya Kajiwara Kyushu Institute of Technology.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
Class 7 Practical Considerations CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 7 Practical Considerations CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
IS 302: Information Security and Trust Week 5: Integrity 2012.

IS 302: Information Security and Trust Week 5: Integrity 2012.
Feb 17, 2003Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

Feb 17, 2003Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof :: Naveen Sastry :: David Wagner Presented by Roh, Yohan October.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Wireless and Mobile Security

Wireless and Mobile Security
UNM Encryption Services in Development

UNM Encryption Services in Development

Similar presentations

Ads by Google