Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems Georgia Institute of Technology Atlanta,

Published byJane Merritt Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems Georgia Institute of Technology Atlanta,"— Presentation transcript:

1 1 Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems Georgia Institute of Technology Atlanta, GA 30332 Weidong Shi Hsien-Hsin (Sean) Lee Mrinmoy Ghosh Chenghuai Lu

2 Shared-Memory MP Security Architecture 2 Types of Security Attacks Software-based attacks Software reverse engineering, de-assembly Software patching Hardware-based physical attacks Trace system from system bus, peripheral bus Differential power/timing analysis Build fake devices, device spoof (MOD chip) Modify RAM Replay bus signals, fake bus signal injection Trigger fake interrupts XBOX with MOD-chip installed. MOD-chip is a low cost bus snoop and spoof device widely used to break XBOX security.

3 Shared-Memory MP Security Architecture 3 Nbridge + GPU South Bridge Secret Key BIOS Flash (some BIOS codes are encrypted) MOD Chip (PCB with  -controller and Flash memory) FPGA based Bus Tracer Find out the key BIOS hijacking socket over HT Bus soldered by hackers Low cost FPGA based bus snooping device Hyper-Transport P-III Cracking the XBOX

4 Shared-Memory MP Security Architecture 4 Motivation Yet to be solved Issues of prior security measures Uni-processor based security model Protected memory cannot be shared Large space and performance overhead in security support Some compromise some security for performance improvement Protect integrity and confidentiality in a Shared-memory Multiprocessor platform Our Work

5 Shared-Memory MP Security Architecture 5 Uni-processor Security Architecture Platform-oriented Security Architecture Architectural Support for Shared Memory Integrity and Confidentiality Evaluation Conclusions Agenda

6 Shared-Memory MP Security Architecture 6 RAM EthernetMouseKeyboardDisk South Bridge Processor Core Caches Insecure Uni-Processor Architecture Secure Processor North Bridge (Mem Controller)

7 Shared-Memory MP Security Architecture 7 EthernetMouseKeyboardDisk South Bridge Processor Core Caches North Bridge (Mem Controller) Secure Processor Secure Uni-Processor Architecture Trusted Domain UnTrusted Domain RAM

8 Shared-Memory MP Security Architecture 8 RAM (encrypted data & MAC code) EthernetMouseKeyboardDisk South Bridge Crypto Engine Processor Core Caches MAC hash tree Secure Processor Secure Uni-Processor Architecture Root Signature Trusted Domain UnTrusted Domain Not directly applicable to a Shared-memory Multiprocessor system North Bridge (Mem Controller)

9 Shared-Memory MP Security Architecture 9 N-bit Plaintext Secret Key M bit MAC Hash/Encryption Basics: Integrity Check (MAC Authentication) Sender Receiver secret key Again, Sender and Receiver share the same secret key Detect data tampering using Message Authentication Code (or MAC) Any attempt for an adversary to modify data or forge a valid authentication code is guaranteed to be detected Secret Key Hash/Encryption M bit MAC  ? ? ? ? Exception M bit MAC N-bit Plaintext

10 Shared-Memory MP Security Architecture 10 Platform-oriented Security Architecture Cache-to-Cache - send encrypted data first then followed by encrypted MAC - receiver decrypts data and verifies integrity Cache-to-Memory - send encrypted data and MAC to Nbridge - Nbridge decrypts the data, verifies its integrity, updates MAC tree, and store encrypted data to the RAM Processor Core Caches encrypted dataencrypted MAC Processor Core Caches Processor 1 (PE 1)Processor n (PE n) Crypto Engine MAC Tree Cache Crypto Engine North Bridge (PE 0) RAM Need to be protected

11 Shared-Memory MP Security Architecture 11 M-ary MAC (message authentication code) tree to protect physical memory integrity dynamically (e.g. Replay attack). The root MAC is a signature of the protected memory space. Root MAC is kept inside the North Bridge. Frequently accessed MAC tree nodes are cached inside NBridge 32B RAM Block MAC Root MAC 32B RAM Block Protection on the RAM  MAC Tree 32B RAM Block

12 Shared-Memory MP Security Architecture 12 Platform-oriented Security Architecture Cache-to-Cache - send encrypted data first then followed by encrypted MAC - receiver decrypts data and verifies integrity Cache-to-Memory - send encrypted data and MAC to Nbridge - Nbridge decrypts the data, verifies its integrity, updates MAC tree, and store encrypted data to the RAM Memory-to-Cache - Nbrdige reads encrypted data and MAC from the RAM - Nbridge decrypts the data, verifies its MAC, re- encrypts the data and put encrypted data and MAC on the shared bus - receiver decrypts data and verifies integrity Processor Core Caches encrypted dataencrypted MAC Processor Core Caches Processor 1 (PE 1)Processor n (PE n) Crypto Engine MAC Tree Cache Crypto Engine North Bridge (PE 0) RAM

13 Shared-Memory MP Security Architecture 13 Platform-oriented Security Architecture Physical memory (RAM) authentication  MAC Tree Protected data sharing  Encryption using Bus sequence number Process key Authentication speculative execution (ASE)

14 Shared-Memory MP Security Architecture 14 Init. Counter + 0 Plaintext A Ciphertext A To send a data sequence securely secret keyinitial counter value Sender and receiver share a secret key, and an initial counter value. A pseudo-random pad is generated deterministically Counter value does not need to be a secret. Secret Key Block Cipher or Cryptographic Hash Pseudo-random pad Sender Basics: Counter Mode Encryption Init. Counter + 0 Secret Key Block Cipher or Cryptographic Hash Pseudo-random pad Receiver Plaintext A XOR

15 Shared-Memory MP Security Architecture 15 1 Init. Counter + 1 Plaintext B Ciphertext B Counter values increment coherently for both parties in a predetermined sequence Secret Key Block Cipher or Cryptographic Hash Pseudo-random pad Sender Basics: Counter Mode Encryption 1 Init. Counter + 1 Secret Key Block Cipher or Cryptographic Hash Pseudo-random pad Receiver Plaintext B XOR

16 Shared-Memory MP Security Architecture 16 Bus sequence number 256-bit Process Key Cache Line Cryptographic Hash One-Time-Pad (OTP) OTP generation Bus sequence number Bus sequence number Process Key Process Key Bus sequence number a 64-bit secret initialized after the system is booted shared by all the parties connected to the shared bus. incremented after each transaction All PEs on the shared bus snoop each bus transaction OTP can be pre-computed based on an approximate range of bus sequence numbers Encrypted Data How to Encrypt each Transaction?

17 Shared-Memory MP Security Architecture 17 Secret Constant Encryption (AES) Process unique ID Process Key Session Key Generating Process Key & Bus Sequence Number By secure kernel Burned inside each PE Encryption (AES) Initial Bus SequenceNumber Session Key Secret Constant Bus Sequence Number works similar to counter mode encryption Initiated every time It boots

18 Shared-Memory MP Security Architecture 18 Processor PE0 Processor PE1 Processor PE n-1 Secure Memory Controller PE nreceive random num from others broadcast random num Random Number PE0Random Number PE1…Random Number PEn Secret Hash Key Hash (SHA256) 128 bit Session Key Session Key Generation (Distribution) Burned inside each PE, same for each PE During System Boot

19 Shared-Memory MP Security Architecture 19 Data Block Cryptographic Hash OTP (one-time-pad) Encrypted DataData Block Cryptographic Hash OTP (one-time-pad) Encrypted Data Processor AProcessor B Protected Data Sharing Operations Bus sequence number 256-bit Process Key Bus sequence number 256-bit Process Key

20 Shared-Memory MP Security Architecture 20 Latest Bus sequence number OTP Generation OTP(0x1234abcd0000) +1,+2, +3, … OTP(0x1234abcd0001) OTP(0x1234abcd0002) … Bus Arbitration Logic Shared Bus request for bus ownership Ownership granted, current bus sequence number = 0x1234abcd001e OTP(0x1234abcd001e) OTP(0x1234abcd001f) Data to be transmitted OTP queue OTP(0x1234abcd001e) OTP Pre-computing Process Key OTP Generation is on the critical path We can pre-compute OTP needed in the neighborhood

21 Shared-Memory MP Security Architecture 21 Data Block Cryptographic Hash OTP (one-time-pad) Encrypted DataData Block Cryptographic Hash OTP (one-time-pad) Encrypted Data Processor AProcessor B OTP Pre-Computing Bus sequence number 256-bit Process Key Bus sequence number 256-bit Process Key

22 Shared-Memory MP Security Architecture 22 Data(id, seq), Data(id+1, seq+1), MAC(id-3, seq-3), Data(id+2, seq+2), MAC(id, seq), … Processor AProcessor B Shared Bus Split Transaction of Data and MAC Processor C MACVerifiedIDValid Sequence Authentication Buffer OTP

23 Shared-Memory MP Security Architecture 23 Performance Side: allow execution to be continued using un-verified data allow execution to be continued using results derived from un- verified data Security Side: under counter-mode, instructions and data may be altered by hackers. Authentication has to be performed in a timely fashion to prevent attacks that flip individual bits of encrypted data/instructions. memory state should not be altered using results of un-verified data instruction fetch should not be issued to the memory if determined by control flow using un-verified data Authentication Speculative Execution (ASE)

24 Shared-Memory MP Security Architecture 24 ASE MACVerify? Sequential Authentication Buffer 0: r3 = (addr1) 1: r4 = r3*const1 2: r5 = r4+const2 3: r6 = (addr2) 4: if (r5<r6) { 5: } else { 6: r7 = r6 + r1} 7: (addr3) = r7 r3 Load r3 SAB Tag = 2 r4 SAB Tag =2 r6 Load r6 SAB Tag =3 r1 SAB Tag =1 r7 r6 SAB Tag =1 r1 FetchedVerified FetchedVerified r5 r5<r6 YN Save r7 Wait if Icache miss Wait until all the data sources are verified FetchedVerified SAB Tag =2

25 Shared-Memory MP Security Architecture 25 RSIM MP simulator Benchmarks: Splash, Splash2 Modified Rsim simulator to support bus snoop based cache coherence Added an accurate DRAM model Added shared memory support Implemented a North Bridge simulator with MAC tree authentication. Extended processor model to support performance simulation of proposed protection including speculative authentication. Evaluation Methodology

26 Shared-Memory MP Security Architecture 26 ASE outperforms in-order execution by 80% for 2P- and 4P- processor systems. Non-Speculative (AIO) vs. ASE

27 Shared-Memory MP Security Architecture 27 40 to 55% Performance loss compared to no security support More cache-to-cache transactions, the faster execution due to OTP pre-computation With a sequence number cache, memory-to-cache operations can be accelerated by ~30% Data Confidentiality No cache 8KB seq# cache32KB seq# cache

28 Shared-Memory MP Security Architecture 28 Proposed security scheme to protect confidentiality and integrity for shared memory in snoop bus multiprocessor system. Proposed a number of techniques to minimize the overhead caused by security protection including, Physical memory (RAM) authentication Shared bus sequence number based encryption Split transmission of data and MAC Authentication Speculative Execution without violating rule of authentication safe Lightweight secure processor design with novel security design features (offload to North Bridge). Conclusions

29 Shared-Memory MP Security Architecture 29 Questions & Answers & Entertaining That’s All Folks !

Download ppt "1 Architectural Support for High Speed Protection of Memory Integrity and Confidentiality in Multiprocessor Systems Georgia Institute of Technology Atlanta,"

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology.

Hardware Assisted Control Flow Obfuscation for Embedded Processors Xiaotong Zhuang Tao Zhang Hsien-Hsin (Sean) Lee Santosh Pande Georgia Institute of Technology.
Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.

Using Instruction Block Signatures to Counter Code Injection Attacks Milena Milenković, Aleksandar Milenković, Emil Jovanov The University of Alabama in.
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Architectural Support for Copy and Tamper- Resistant Software David Lie Computer Systems Laboratory Stanford University.

1 Architectural Support for Copy and Tamper- Resistant Software David Lie Computer Systems Laboratory Stanford University.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
A Case for Tamper-Resistant and Tamper-Evident Computer Systems Yan Solihin Center for Efficient, Secure and Reliable Computing (CESR)

A Case for Tamper-Resistant and Tamper-Evident Computer Systems Yan Solihin Center for Efficient, Secure and Reliable Computing (CESR)
Implementing an Untrusted Operating System on Trusted Hardware.

Implementing an Untrusted Operating System on Trusted Hardware.
Architectures for Secure Processing Matt DeVuyst.

Architectures for Secure Processing Matt DeVuyst.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks C. Karlof, N. Sastry, D. Wagner SPINS: Security Protocol for Sensor Networks A.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Information Security and Management 11

Information Security and Management 11
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

Similar presentations

Ads by Google