Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seongmin Kim Youjung Shin Jaehyung Ha

Published byNickolas Butler Modified over 8 years ago

Similar presentations

Presentation on theme: "Seongmin Kim Youjung Shin Jaehyung Ha"— Presentation transcript:

1 Seongmin Kim Youjung Shin Jaehyung Ha
A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications Seongmin Kim Youjung Shin Jaehyung Ha Taesoo Kim* Dongsu Han KAIST * Georgia Tech

2 Trend 1: Security and Privacy Critical Factors in Technology Adoption
Demands for “security” and “privacy” are increasing Widespread use of Transport Layer Security (TLS) Popularity of anonymity networks (e.g., Tor) Use of strong authentication/encryption in WiFi Expectation on security and privacy impacts design decisions: Operating system (iOS, Android) Apps/services (e.g., messenger, adblocker) Network infrastructure (inter-domain SDN)

3 Trend 1: Security and Privacy Critical Factors in Technology Adoption
Demands for “security” and “privacy” are increasing Widespread use of Transport Layer Security (TLS) Popularity of anonymity networks (e.g., Tor) Use of strong authentication/encryption in WiFi Expectation on security and privacy impacts design decisions: Operating system (iOS, Android) Apps/services (e.g., messenger, adblocker) Network infrastructure (inter-domain SDN) I’d like to start by pointing out two big trends. First, security and privacy are becoming critical factors for technology adoption. Applications and services with enhanced security and privacy features are getting increasingly adopted. And they often impact our design decision. We see many examples like this in today’s market.

4 Trend 2: Commoditization of Trusted Execution Environment
Trusted Execution Environment (TEE) Isolated execution: integrity of code, confidentiality Remote attestation Commoditization of TEE Trusted Platform Module (TPM) : Slow performance ARM TrustZone : Only available for embedded devices Intel Software Guard Extension (SGX) 1. Native performance 2. Compatibility with x86 The commoditization of TEE brings new opportunities for network applications. The second trend is commoditization of trusted execution environments or TEEs. TEEs provide hardware-based mechanisms for isolated execution and remote attestation. While the idea and implementation has been around for a long time, it had several practical limitation. However, the newly released Intel SGX truly signals the commoditization by lifting off some of the limitations ; it gives native performance to software running in the secure mode and is compatible with x86. Imagine all our laptops and servers on the Cloud supportingTEE. We believe that The commoditization of TEE brings new opportunities for network applications because many network and middlebox applications run on x86.

5 Network Applications + TEE = ?
What impact does TEE have on networking? Previous efforts: Adopting TEE to cloud platform Haven [OSDI’14] : Protects applications from an untrusted cloud VC3 [S&P’15] : Trustworthy data analytics in the cloud Network Applications TEE Enhanced security New design space New functionality Intel SGX

6 SGX : Isolated Execution
System Memory CPU Package Enclave Access from OS/VMM Memory Encryption Engine (MEE) Encrypted code/data Snooping SGX allows part of application code to run in isolation inside an enclave. The enclave region of the main memory is encrypted. The content is only decrypted inside the CPU package using processor specific keys. Thus, even if a malicious adversary has full control over the hardware, it cannot access/modify the enclave. Also, the enclave is protected from other software running in the host, including the OS and hypervisor. In summary, the TCB is the CPU package and the application code running inside and enclave. Application keeps its data/code inside the “enclave” Smallest attack surface by reducing TCB (App + processor) Protect app’s secret from untrusted privilege software (e.g., OS, VMM)

7 SGX : Remote Attestation
Remote platform Host platform Hash 1. Request Challenger Enclave 2. Calculate MAC Target Enclave 6. Send signature CMAC 3. Send MAC SGX CPU 4. Verify Quoting Enclave SGX CPU 5. Sign with group key [EPID] SGX also support remote attestation. So an enclave program running on a host makes a remote attestation request. The remote platform creates a hash of the enclave or measurement. Then it passes this info to a specially purposed enclave who signs this with a group key. As part of the remote attestation, one can also exchange information, this is often used for Diffie-Hellman key exchange to bootstrap a secure channel between two enclaves. Attest an application on remote platform Check the identity of enclave (hash of code/data pages) Can establish a “secure channel” between enclaves

8 Case Studies: Three Applications
Network Applications TEE Intel SGX Enhanced security New design space New functionality Network infrastructure: Software-defined inter-domain routing Peer-to-peer systems: Tor anonymity network Middlebox: TLS and “secure” middleboxes

9 SDN-based Inter-domain Routing
Controller 1) Topology 2) Policies (e.g., export policy) AS C AS B AS A AS D Offers new properties Fast convergence, application-specific peering, flexibility, what-if analysis [hotnets2011] Reveals private information: topology and policy

10 SDN-based Inter-domain Routing
Controllers AS C AS B AS A AS D Prior work [hotnets2011] uses Secure Multi-Party Computation (SMPC) to solve this, but the computational complexity is prohibitive.

11 SDN-based Inter-domain Routing
AS A AS-local Controller Router SDN Switch Inter-domain Controller AS B AS-local Controller Enclave Enclave Enclave Enclose private information inside the enclave Communication through a secure channel after attestation

12 SDN-based Inter-domain Routing
AS A AS-local Controller Router SDN Switch Inter-domain Controller AS B AS-local Controller Enclave Enclave Enclave ASes agree upon a common code base. Makes sure that it does not leak private information [Moat]. It becomes the TCB of the inter-domain routing infrastructure.

13 SDN-based Inter-domain Routing
AS A AS-local Controller Router SDN Switch Inter-domain Controller AS B AS-local Controller Attestation Enclave Enclave Enclave Collect info Send routes Agreed upon code 1. Mutually attest/authenticate using remote attestation 2. Collect policy and topology through a secure channel 3. Main controller computes routing path 4. Sends routes for each AS through a secure channel

14 Extending Features: Policy verification
Inter-domain Controller AS A AS C AS D AS B I will give you my shortest route to Google! [SPIDeR] Enabling verification on routing decisions Want to verify whether the promise is being kept [SPIDeR]

15 Extending Features: Policy verification
Among all routes to Google from B, is the one B advertising to A the shortest? AS A AS C AS D AS B Inter-domain Controller Enclave Verify only the predicates agreed upon by A and B Predicate Predicate Add predicate animation I will give you my shortest route to Google! [SPIDeR] Enabling verification on routing decisions Want to verify whether the promise is being kept [SPIDeR]

16 Tor: Anonymity Network
Tor network : uses 3-hop onion routing Directory servers : Advertise available onion routers (ORs), vote for bad exit nodes Relies on volunteer provided hosts When exit node is compromised, (unless end-to-end encryption is used) Snooping or tampering of the plain-text Break of anonymity : Bad apple attack Directory servers Exit Entry Relay Destination Tor client Tor network

17 Tor: Anonymity Network
Tor network : uses 3-hop onion routing Directory servers : Advertise available onion routers, vote for bad exit nodes Relies on volunteer provided hosts When directory servers are compromised, Tie-breaking attacks while voting Admission of malicious ORs Directory servers Exit Entry Relay Destination Tor client Tor network

18 Application of TEE to Tor
1) SGX-enabled directory servers 2) SGX-enabled directory servers & ORs Enclave Remote attestation Directory servers Enclave Exit - Keep sensitive data in enclave Authority keys List of available ORs - Integrity check each other Entry Relay Destination Tor client - Detect problematic exit nodes through integrity check - Automatic admission of new ORs Tor network

19 Application of TEE to Tor
1) SGX-enabled directory servers 2) SGX-enabled directory servers & ORs 3) Fully SGX-enabled setting  Eliminate directory servers altogether Remote attestation Enclave Enclave Enclave Exit Enclave Entry Relay Enclave Destination Enclave Tor client Each Tor components can check the integrity of target program (Tor binary) Tor network

20 Implementation OpenSGX [NDSS’16] : Open source SGX emulator
Fully functional, instruction-compatible emulator of SGX build on top of QEMU Emulates system software and provide SGX libraries User process (single address space) Enclave Program Package Info (Key, Entry point) Code SGX Libraries Data Stack Trampoline SGX System call Enclave mode switch SGX OS Emulation SGX instruction QEMU SGX

21 Preliminary Evaluation: Overhead
Estimate the overhead in terms of additional CPU cycles Each SGX instruction = 10 k cycles [Haven] <Cost of remote attestation> <Cost of packet transmission> SGX library Enclave send() ... User space OS Trampoline CPU Cycles (B) For each I/O operations, 2 Mode switches + SGX library calls Cost of remote attestation: 3% of 1024-bit Diffie-Hellman

22 SDN-based inter-domain routing
30 ASes with the centralized inter-domain controller Inter-domain controller : 90% more CPU cycles AS-local controllers : 70% more CPU cycles <# of CPU cycles consumed in the inter-domain controller> Number of participating ASes : 30 CPU Cycles

23 Conclusion Commoditization of TEE brings new opportunities for network applications Cases studies show wide range of impact: Policy privacy of SDN-based inter-domain routing New design space of Tor anonymity network Secure in-network functions SDN-based inter-domain routing: Characterize and measure the overhead of using SGX Consumes 70-90% more CPU cycles

24

25 SDN-based inter-domain routing
30 ASes with the centralized inter-domain controller Inter-domain controller : 90% more CPU cycles AS-local controllers : 70% more CPU cycles <# of CPU cycles consumed in the inter-domain controller> CPU Cycles Number of participating ASes

26 Secure Multi-party Execution
SGX Program owner can remotely verify the integrity of code Publicly available programs (e.g., git) can validate the integrity of project by sharing the private key for the attestation Creates signature of program through shared private key Public repo Example) 1. Tor binary for OR 2. SDN-based controller program attestation

27 In-network Functions (Middleboxes)
Use of TLS protocol disrupts in-network processing  Only endpoints of communication can access the plain-text SGX enables opportunity for secure in-network functions Enclave Proxy Firewall IDS Enclave 1. Authenticate middlebox through remote attestaion Enclave 2. Gives session keys through a secure channel Middlebox Server Can be done unilaterally or bilaterally.

28 Trend 2: Commoditization of Trusted Execution Environment
Trusted Execution Environment (TEE) Isolated execution: integrity of code, confidentiality Remote attestation Commoditization of TEE Trusted Platform Module (TPM) : Slow performance ARM TrustZone : Only available for embedded devices Intel Software Guard Extension (SGX) 1. Native performance 2. Compatibility with x86 The commoditization of TEE brings new opportunities for network applications.

Download ppt "Seongmin Kim Youjung Shin Jaehyung Ha"

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.
Vpn-info.com.

Vpn-info.com.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
Shielding Applications from an Untrusted Cloud Andrew Baumann, Marcus Peinado, and Galen Hunt. OSDI 2014. Fall 2014 Presenter: Kun Sun, Ph.D. Most slides.

Shielding Applications from an Untrusted Cloud Andrew Baumann, Marcus Peinado, and Galen Hunt. OSDI Fall 2014 Presenter: Kun Sun, Ph.D. Most slides.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
1 Next-Generation Secure Internet: Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song.

1 Next-Generation Secure Internet: Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song.
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.

Similar presentations

Ads by Google