Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security – Theory vs

Published byArleen Merritt Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security – Theory vs"— Presentation transcript:

1 Information Security – Theory vs
Information Security – Theory vs. Reality , Winter Lecture 5: Side channels: memory, taxonomy Lecturer: Eran Tromer

2 More architectural side channels + Example of a non-cryptographic attack
TENEX directory password validation, inside a system call: check_password(char* given_pass) { … for (i=0; i<=strlen(correct_pass); i++) if (correct_pass[i] != given_pass[i]) { sleep (3); return EACCESS; // access denied } return 0; Actually the system call was CNDIR, not chdir(). Attack each byte at a turn, by placing given_pass on a page boundary. Timing due to page fault Timing due to TLB miss Crash due to page fault Leftover page status after page fault

3 Information leakage from memory and storage

4 Bypassing memory/storage access controls
While system operates, DRAM is protected by CPU and OS. Can be circumvented by: Hardware snooping Data remanence: accessing residual data after system shutdown (attempted) logical erasure (attempted) physical erasure

5 DRAM memory bus analyzers

6 Tapping bus lines on printed circuit boards
Xbox HyperTransport bus traces [Andrew “bunnie” Huang”, Hacking the Xbox]

7 Tapping bus lines on printed circuit boards (cont.)
HyperTransport tap board mounted on the Xbox motherboard. [Andrew “bunnie” Huang”, Hacking the Xbox]

8 Directly reading non-volatile memory chips (ROM, EPROM, EEPROM, flash)
EPROM, EEPROM and Flash widely used in microcontrollers and smartcards use floating-gate transistors for storage, 103 – 105 e− Removing the Xbox FLASH ROM with a tweezer-style soldering iron. [Andrew “bunnie” Huang”, Hacking the Xbox]

9 DRAM data remanence (“cold boot” attack)
Freeze the state of volatile DRAM and read it on a different machine Cold boot attack (literally freeze) Keep power using capacitor [Halderman et al., Lest We Remember: Cold Boot Attacks on Encryption Keys, 2008]

10 DRAM data remanence (“cold boot” attack), example of memory decay
The horizontal bars result from the design of this memory chip, which represents some “1″ bits by the presence of charge and some by the absence of charge 5 seconds 30 seconds 60 seconds 5 minutes [Halderman et al., Lest We Remember: Cold Boot Attacks on Encryption Keys, 2008]

11 SRAM data remanence Data remanence in SRAM
Low temperature data remanence is dangerous to tamper resistant devices which store keys and secret data in a battery backed-up SRAM Long period of time data storage causes the data to be “burned- in” and likely to appear after power up; dangerous to secure devices which store keys at the same memory location for years Experimental example Eight SRAM samples were tested at different conditions at room temperature the retention time varies from 0.1 to 10 sec cooling down to −20ºC increases the retention time to 1…1000 sec, while at −50ºC the data retention time is 10 sec to 10 hours grounding the power supply pin reduces the retention time

12 Data remanence: continued
Remanence in magnetic hard disk Residual bias in magnetic field Imperfect alignment of write head on track → using high-precision equipment, can peel current data layer and access prior data. Aided by error-correcting codes. Possible outcomes circumvention of security in microcontrollers, FPGAs, smartcards information leakage through shared EEPROM and Flash areas between different applications in secure chips

13 Remanence at higher levels
Memory cell Smart memory Flash Translation Layer Bad-sector handling Hardware buffers Battery-backed buffers Hybrid disks (HDD+SSD) Filesystem (undelete an erased file)‏ Application-level (backups, revisions)` Possible outcomes circumvention of security in microcontrollers, FPGAs, smartcards information leakage through shared EEPROM and Flash areas between different applications in secure chips

14 Taxonomy of side/covert channels

15 Side/covert channels: physical
Thermal Between cores Between computers Optical Status LEDs CRT screens Electromagnetic (radiated emanations) Computation Peripherals CRT screen electron gun (van Eck), CRT/LCD screen cable, keyboards, printers Electric (conducted emanations) Power Ground (chassis, shields, cables, adjacent wall socket) Mechanical Acoustic Voltage regulators Peripherals (keyboards, printers) Vibrations On-screen keyboards

16 Electromagnetic “van Eck” attack on analog CRT screen [Markus Kuhn, Compromising emanations: eavesdropping risks of computer displays, 2003] 3m distance

17 Reflected optical emanations from CRT [Markus Kuhn, Compromising emanations: eavesdropping risks of computer displays, 2003] CRT 1m from wall, photodetector 1.5m from wall

18 Side/covert channels: (micro)architecture
Data cache Instruction cache DRAM contention Branch predictor Functional units ALU Paging mechanism Page faults Table Lookaside Buffer Memory prefetching Hard disks Contention Head movement

19 Side/covert channels: OS / VMM / storage virtualization
Scheduler Assists other attacks (e.g., temporal resolution for cache attack) Directly exploitable Deduplication Assists other attacks Directly exploitable (example: cloud storage dedup)

20 Side/covert channels: other
Data remanence Hard disks magnetic remnants DRAM/SRAM cells persistance Block remapping Timing Nominal computation Optimizations Contention and variable-time operations Error handling Often can be done over a network. Communication (nominally or by other channels) Data Metadata source, destination flags timing size after compression… Protocol recognition Deanonymization Tor

Download ppt "Information Security – Theory vs"

Similar presentations

+ CS 325: CS Hardware and Software Organization and Architecture Internal Memory.

+ CS 325: CS Hardware and Software Organization and Architecture Internal Memory.
Parts & Functions of a Computer. 2 Functions of a Computer.

Parts & Functions of a Computer. 2 Functions of a Computer.
Professor Michael J. Losacco CIS 1110 – Using Computers System Unit Chapter 4.

Professor Michael J. Losacco CIS 1110 – Using Computers System Unit Chapter 4.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 1 Introducing Hardware.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 1 Introducing Hardware.
Objectives Overview Discovering Computers 2014: Chapter 6 See Page 248

Objectives Overview Discovering Computers 2014: Chapter 6 See Page 248
1 Introduction to Computers Day 6. 2 Main Circuit Board of a PC The main circuit board (motherboard or system board) is the central nervous system of.

1 Introduction to Computers Day 6. 2 Main Circuit Board of a PC The main circuit board (motherboard or system board) is the central nervous system of.
IC3 GS3 Standard Computing Fundamentals Module

IC3 GS3 Standard Computing Fundamentals Module
0x1A Great Papers in Computer Security

0x1A Great Papers in Computer Security
Chapter 3 – Computer Hardware Computer Components – Hardware (cont.) Lecture 3.

Chapter 3 – Computer Hardware Computer Components – Hardware (cont.) Lecture 3.
Your Interactive Guide to the Digital World Discovering Computers 2012.

Your Interactive Guide to the Digital World Discovering Computers 2012.
COMPONENTS OF THE SYSTEM UNIT

COMPONENTS OF THE SYSTEM UNIT
Chapter 1 CSF 2009 Computer Abstractions and Technology.

Chapter 1 CSF 2009 Computer Abstractions and Technology.
By Jacob Campbell. a motherboard is the central printed circuit board (PCB) in many modern computers and holds many of the crucial components of the system,

By Jacob Campbell. a motherboard is the central printed circuit board (PCB) in many modern computers and holds many of the crucial components of the system,
Chapter 6 Inside Computers and Mobile Devices Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet.

Chapter 6 Inside Computers and Mobile Devices Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet.
Your Interactive Guide to the Digital World Discovering Computers 2012.

Your Interactive Guide to the Digital World Discovering Computers 2012.
Chapter 5 Basic Input/Output System (BIOS)

Chapter 5 Basic Input/Output System (BIOS)
Basic Input Output System

Basic Input Output System
The Components of the System Unit Chapter 4 By: Janice Colon.

The Components of the System Unit Chapter 4 By: Janice Colon.
Computer Hardware and Software Jinchang Wang. Hardware vs. Software Hardware is something tangible. Computer hardware includes electronic circuitry and.

Computer Hardware and Software Jinchang Wang. Hardware vs. Software Hardware is something tangible. Computer hardware includes electronic circuitry and.
B.A. (Mahayana Studies) 000-209 Introduction to Computer Science November 2005 - March 2006 5. The Motherboard A look at the brains of the computer, the.

B.A. (Mahayana Studies) Introduction to Computer Science November March The Motherboard A look at the brains of the computer, the.

Similar presentations

Ads by Google