Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari Juels (RSA Labs) Michael K. Reiter (UNC-Chapel Hill) Thomas.

Similar presentations


Presentation on theme: "Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari Juels (RSA Labs) Michael K. Reiter (UNC-Chapel Hill) Thomas."— Presentation transcript:

1 Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari Juels (RSA Labs) Michael K. Reiter (UNC-Chapel Hill) Thomas Ristenpart (U Wisconsin-Madison)

2 Motivation

3 Security Isolation by Virtualization Virtualization Layer Computer Hardware Attacker VM Victim VM Crypto Keys

4 Access-Driven Cache Timing Channel Virtualization (Xen) Attacker VM Victim VM Crypto Keys Side Channels An open problem: Are cryptographic side channel attacks possible in virtualization environment?

5 Related Work Publication Multi- Core Virtualization w/o SMT Target Percival 2005RSA Osvik et al. 2006AES Neve et al. 2006AES Aciicmez 2007RSA Aciicmez et al. 2010DSA Bangerter 2011AES

6 Related Work Publication Multi- Core Virtualization w/o SMT Target Percival 2005RSA Osvik et al. 2006AES Neve et al. 2006AES Aciicmez 2007RSA Ristenpart el al. 2009load Aciicmez et al. 2010DSA Bangerter 2011AES

7 Related Work Publication Multi- Core Virtualization w/o SMT Target Percival 2005RSA Osvik et al. 2006AES Neve et al. 2006AES Aciicmez 2007RSA Ristenpart el al. 2009load Aciicmez et al. 2010DSA Bangerter 2011AES Our workElGamal

8 Outline Cross-VM Side Channel Probing Cache Pattern Classification Noise Reduction Code-Path Reassembly Vectors of cache measurements Sequences of SVM- classified labels Fragments of code path Stage 1Stage 2 Stage 3Stage 4

9 Digress: Prime-Probe Protocol Time PROBE PRIME-PROBE IntervalPRIME Cache Set 4-way set associative L1 I-Cache

10 Cross-VM Side Channel Probing Virtualization (Xen) L1 I-Cache Attacker VM Victim VM L1 I-Cache L1 I-Cache L1 I-Cache

11 Challenge: Observation Granularity VictimAttacker VM/VCPU 30ms Time VM/VCPU W/ SMT: tiny prime- probe intervals W/o SMT: gaming schedulers L1 I-Cache

12 Ideally … Short intervals Use Interrupts to preempt the victim: Timer interrupts? Network interrupts? HPET interrupts? Inter-Processor interrupts (IPI)! Time

13 Inter-Processor Interrupts Victim CPU core Attacker VCPU Attacker VM VM/VCPU IPI VCPU CPU core For( ; ; ) { send_IPI(); Delay(); } Virtualization (Xen)

14 Cross-VM Side Channel Probing 2.5 µs Time 2.5 µs

15 Outline Cross-VM Side Channel Probing Cache Pattern Classification Noise Reduction Code-Path Reassembly Vectors of cache measurements Sequences of SVM- classified labels Fragments of code path Stage 1Stage 2 Stage 3Stage 4

16 Square-and-Multiply (libgcrypt) /* y = x e mod N, from libgcrypt*/ Modular Exponentiation (x, e, N): let e n … e 1 be the bits of e y ← 1 for e i in {e n …e 1 } y ← Square(y) (S) y ← Reduce(y, N) (R) if e i = 1 then y ← Multi(y, x) (M) y ← Reduce(y, N) (R) e i = 1 → “SRMR” e i = 0 → “SR”

17 Cache Pattern Classification Key observation: Footprints of different functions are distinct in the I-Cache ! Square(): cache set 1, 3, …, 59 Multi(): cache set 2, 5, …, 60, 61 Reduce(): cache set 2, 3, 4, …, 58 Classification Square() Multi() Reduce()

18 Support Vector Machine SVM Square() Multi() Reduce() Noise: hypervisor context switch Read more on SVM training

19 Support Vector Machine SVM

20 Outline Cross-VM Side Channel Probing Cache Pattern Classification Noise Reduction Code-Path Reassembly Vectors of cache measurements Sequences of SVM- classified labels Fragments of code path Stage 1Stage 2 Stage 3Stage 4

21 Noise Reduction requires robust automated error correction

22 Hidden Markov Model M RS MultiSquareReduceUnkn

23 Hidden Markov Model M RS MultiSquareReduceUnkn

24 Hidden Markov Model low confidence

25 Eliminate Non-Crypto Computation SVM

26 Eliminate Non-Crypto Computation M RS MultiSquareReduceUnkn

27 Eliminate Non-Crypto Computation Key Observations S:M Ratio should be roughly 2:1 for long enough sequences! “MM” signals an error (never two sequential multiply operations)

28 Virtualization (Xen) Key Extraction L1 I-Cache Attacker VCPU Victim VCPU L1 I-Cache L1 I-Cache L1 I-Cache ReduceSquare Unkn ReduceMultiReduce Square Start Decryption

29 Multi-Core Processors Attacker VCPU IPI VCPU Victim VCPU Another VCPU Dom0 VCPU L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

30 Multi-Core Processors Attacker VCPU IPI VCPU Victim VCPU Another VCPU Dom0 VCPU..#####... L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

31 Multi-Core Processors Attacker VCPU IPI VCPU Victim VCPU Another VCPU Dom0 VCPU ## L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

32 From an Attacker’s Perspective

33 Outline Cross-VM Side Channel Probing Cache Pattern Classification Noise Reduction Code-Path Reassembly Vectors of cache measurements Sequences of SVM- classified labels Fragments of code path Stage 1Stage 2 Stage 3Stage 4

34 Code-Path Reassembly No error bit!

35 A DP/Graph Solution

36 Correcting False Alignment

37 Cross-Fragments Error Correction E A D

38 Fragments Stitching F B E A C D Greedy Algorithm: “Longest” Path in DAG Spanning Sequences Potential key bits

39 Combining Spanning Sequences UNCERTAINTY OKEY, NO ERROR ALLOWED!!

40 Outline Cross-VM Side Channel Probing Cache Pattern Classification Noise Reduction Code-Path Reassembly Vectors of cache measurements Sequences of SVM- classified labels Fragments of code path Stage 1Stage 2 Stage 3Stage 4

41 Evaluation Intel Yorkfield processor – 4 cores, 32KB L1 instruction cache Xen + linux + GnuPG + libgcrypt – Xen 4.0 – Ubuntu 10.04, kernel version – Victim runs GnuPG v (latest) – libgcrypt (latest) – ElGamal, 4096 bits

42 Results Work-Conserving Scheduler – 300,000,000 prime-probe results (6 hours) – Over 300 key fragments – Brute force the key in ~9800 guesses Non-Work-Conserving Scheduler – 1,900,000,000 prime-probe results (45 hours) – Over 300 key fragments – Brute force the key in ~6600 guesses

43 Conclusion A combination of techniques – IPI + SVM + HMM + Sequence Assembly Demonstrate a cross-VM access-driven cache- based side-channel attack – Multi-core processors without SMT – Sufficient fidelity to exfiltrate cryptographic keys

44 Thank You Questions? Please contact:


Download ppt "Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari Juels (RSA Labs) Michael K. Reiter (UNC-Chapel Hill) Thomas."

Similar presentations


Ads by Google