Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cross-VM Side Channels and Their Use to Extract Private Keys

Published byKaterina Wickware Modified over 10 years ago

Similar presentations

Presentation on theme: "Cross-VM Side Channels and Their Use to Extract Private Keys"— Presentation transcript:

1 Cross-VM Side Channels and Their Use to Extract Private Keys
Yinqian Zhang (UNC-Chapel Hill) Ari Juels (RSA Labs) Michael K. Reiter (UNC-Chapel Hill) Thomas Ristenpart (U Wisconsin-Madison)

2 Motivation

3 Security Isolation by Virtualization
Attacker VM Victim VM Crypto Keys Virtualization Layer Computer Hardware

4 Access-Driven Cache Timing Channel
Attacker VM Victim VM Crypto Keys Side Channels Virtualization (Xen) An open problem: Are cryptographic side channel attacks possible in virtualization environment?

5 Related Work Publication Multi-Core Virtualization w/o SMT Target
Percival 2005 RSA Osvik et al. 2006 AES Neve et al. 2006 Aciicmez 2007 Aciicmez et al DSA Bangerter 2011

6 Related Work Publication Multi-Core Virtualization w/o SMT Target
Percival 2005 RSA Osvik et al. 2006 AES Neve et al. 2006 Aciicmez 2007 Ristenpart el al. 2009 load Aciicmez et al DSA Bangerter 2011

7 Related Work Publication Multi-Core Virtualization w/o SMT Target
Percival 2005 RSA Osvik et al. 2006 AES Neve et al. 2006 Aciicmez 2007 Ristenpart el al. 2009 load Aciicmez et al DSA Bangerter 2011 Our work ElGamal

8 Outline Cross-VM Side Channel Probing Cache Pattern Classification
Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

9 Digress: Prime-Probe Protocol
PRIME-PROBE Interval PROBE Time 4-way set associative L1 I-Cache Cache Set

10 Cross-VM Side Channel Probing
Attacker VM Victim VM Virtualization (Xen) L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

11 Challenge: Observation Granularity
VM/VCPU VM/VCPU Attacker Victim W/ SMT: tiny prime-probe intervals W/o SMT: gaming schedulers L1 I-Cache Time 30ms 30ms

12 Ideally … Time Use Interrupts to preempt the victim: Timer interrupts?
Short intervals Use Interrupts to preempt the victim: Timer interrupts? Network interrupts? HPET interrupts? Inter-Processor interrupts (IPI)!

13 Inter-Processor Interrupts
Attacker VM For( ; ; ) { send_IPI(); Delay(); } VM/VCPU Attacker VCPU Victim IPI VCPU Virtualization (Xen) CPU core CPU core

14 Cross-VM Side Channel Probing
Time 2.5 µs 2.5 µs 2.5 µs

15 Outline Cross-VM Side Channel Probing Cache Pattern Classification
Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

16 Square-and-Multiply (libgcrypt)
/* y = xe mod N , from libgcrypt*/ Modular Exponentiation (x, e, N): let en … e1 be the bits of e y ← 1 for ei in {en …e1} y ← Square(y) (S) y ← Reduce(y, N) (R) if ei = 1 then y ← Multi(y, x) (M) y ← Reduce(y, N) (R) ei = 1 → “SRMR” ei = 0 → “SR”

17 Cache Pattern Classification
Key observation: Footprints of different functions are distinct in the I-Cache ! Square(): cache set 1, 3, …, 59 Multi(): cache set 2, 5, …, 60, 61 Reduce(): cache set 2, 3, 4, …, 58 Square() Classification Multi() Reduce()

18 Support Vector Machine
Noise: hypervisor context switch Square() SVM Multi() Reduce() Read more on SVM training

19 Support Vector Machine
SVM …… S S R S S R R R S R M M R M M R

20 Outline Cross-VM Side Channel Probing Cache Pattern Classification
Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

21 M R …… S R R S Noise Reduction Square Reduce Multi
requires robust automated error correction

22 Hidden Markov Model S R M Square Reduce Multi Unkn

23 Hidden Markov Model S R M …… R S R M Square Reduce Multi Unkn

24 Hidden Markov Model low confidence

25 Eliminate Non-Crypto Computation
SVM S R M ……

26 Eliminate Non-Crypto Computation
S R M …… S R M Square Reduce Multi Unkn

27 Eliminate Non-Crypto Computation
Key Observations S:M Ratio should be roughly 2:1 for long enough sequences! “MM” signals an error (never two sequential multiply operations)

28 Key Extraction L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache VCPU VCPU
Start Decryption Unkn Unkn Unkn Victim VCPU Attacker VCPU Square Reduce Square Reduce Multi Reduce Virtualization (Xen) L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

29 Multi-Core Processors
Attacker VCPU Another VCPU Dom0 VCPU Victim VCPU IPI VCPU L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

30 Multi-Core Processors
..#####... Dom0 VCPU Attacker VCPU Another VCPU Victim VCPU IPI VCPU L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

31 Multi-Core Processors
## Another VCPU Dom0 VCPU Victim VCPU Attacker VCPU IPI VCPU L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

32 From an Attacker’s Perspective
##### #### # ######## #### #####0 ############ ###########

33 Outline Cross-VM Side Channel Probing Cache Pattern Classification
Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

34 Code-Path Reassembly DNA Assembly No error bit! 100111*01*

35 A DP/Graph Solution

36 Correcting False Alignment

37 Cross-Fragments Error Correction
D: E: 010-11 A D A: D: 010-11 E: E

38 Fragments Stitching F Greedy Algorithm: “Longest” Path in DAG
Spanning Sequences Potential key bits B A C D C: 110101 E: 101011 E

39 Combining Spanning Sequences
10*011*110101*101-10 100011* 100011* UNCERTAINTY OKEY, NO ERROR ALLOWED!!

40 Outline Cross-VM Side Channel Probing Cache Pattern Classification
Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

41 Evaluation Intel Yorkfield processor Xen + linux + GnuPG + libgcrypt
4 cores, 32KB L1 instruction cache Xen + linux + GnuPG + libgcrypt Xen 4.0 Ubuntu 10.04, kernel version Victim runs GnuPG v (latest) libgcrypt (latest) ElGamal, 4096 bits

42 Results Work-Conserving Scheduler Non-Work-Conserving Scheduler
300,000,000 prime-probe results (6 hours) Over 300 key fragments Brute force the key in ~9800 guesses Non-Work-Conserving Scheduler 1,900,000,000 prime-probe results (45 hours) Brute force the key in ~6600 guesses

43 Conclusion A combination of techniques
IPI + SVM + HMM + Sequence Assembly Demonstrate a cross-VM access-driven cache-based side-channel attack Multi-core processors without SMT Sufficient fidelity to exfiltrate cryptographic keys

44 Thank You Questions? Please contact:

Download ppt "Cross-VM Side Channels and Their Use to Extract Private Keys"

Similar presentations

Vassal: Loadable Scheduler Support for Multi-Policy Scheduling George M. Candea, Oracle Corporation Michael B. Jones, Microsoft Research.

Vassal: Loadable Scheduler Support for Multi-Policy Scheduling George M. Candea, Oracle Corporation Michael B. Jones, Microsoft Research.
Reducing Power and Area by Interconnecting Memory Controllers to Memory Ranks with RF Coplanar Waveguides on the Same Package WEED 2011, ISCA Mario D.

Reducing Power and Area by Interconnecting Memory Controllers to Memory Ranks with RF Coplanar Waveguides on the Same Package WEED 2011, ISCA Mario D.
Deep Packet Inspection Which Implementation Platform? Sarang Dharmapurikar Cisco.

Deep Packet Inspection Which Implementation Platform? Sarang Dharmapurikar Cisco.
Jörg Drechsler (Institute for Employment Research, Germany) NTTS 2009 Brussels, 20. February 2009 Disclosure Control in Business Data Experiences with.

Jörg Drechsler (Institute for Employment Research, Germany) NTTS 2009 Brussels, 20. February 2009 Disclosure Control in Business Data Experiences with.
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Virtual Hierarchies to Support Server Consolidation Michael Marty and Mark Hill University of Wisconsin - Madison.

Virtual Hierarchies to Support Server Consolidation Michael Marty and Mark Hill University of Wisconsin - Madison.
(SubLoc) Support vector machine approach for protein subcelluar localization prediction (SubLoc) Kim Hye Jin Intelligent Multimedia Lab. 2001.09.07.

(SubLoc) Support vector machine approach for protein subcelluar localization prediction (SubLoc) Kim Hye Jin Intelligent Multimedia Lab
AES Side Channel Attacks

AES Side Channel Attacks
Virtualization Technology

Virtualization Technology
Making Time-stepped Applications Tick in the Cloud Tao Zou, Guozhang Wang, Marcos Vaz Salles*, David Bindel, Alan Demers, Johannes Gehrke, Walker White.

Making Time-stepped Applications Tick in the Cloud Tao Zou, Guozhang Wang, Marcos Vaz Salles*, David Bindel, Alan Demers, Johannes Gehrke, Walker White.
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Full-System Timing-First Simulation Carl J. Mauer Mark D. Hill and David A. Wood Computer Sciences Department University of Wisconsin—Madison.

Full-System Timing-First Simulation Carl J. Mauer Mark D. Hill and David A. Wood Computer Sciences Department University of Wisconsin—Madison.
Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011
KAIST Computer Architecture Lab. The Effect of Multi-core on HPC Applications in Virtualized Systems Jaeung Han¹, Jeongseob Ahn¹, Changdae Kim¹, Youngjin.

KAIST Computer Architecture Lab. The Effect of Multi-core on HPC Applications in Virtualized Systems Jaeung Han¹, Jeongseob Ahn¹, Changdae Kim¹, Youngjin.
Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang, 2009-1-7.

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang,
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
Fast Paths in Concurrent Programs Wen Xu, Princeton University Sanjeev Kumar, Intel Labs. Kai Li, Princeton University.

Fast Paths in Concurrent Programs Wen Xu, Princeton University Sanjeev Kumar, Intel Labs. Kai Li, Princeton University.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES STUDENT: FATEMAH ALHARBI PROFESSOR: NAEL ABU-GHAZALEH EE260 SEMINAR IN ELECTRICAL ENGINEERING.

PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES STUDENT: FATEMAH ALHARBI PROFESSOR: NAEL ABU-GHAZALEH EE260 SEMINAR IN ELECTRICAL ENGINEERING.

Similar presentations

Ads by Google