Cross-VM Side Channels and Their Use to Extract Private Keys

Slides:

Advertisements

Similar presentations

Vassal: Loadable Scheduler Support for Multi-Policy Scheduling George M. Candea, Oracle Corporation Michael B. Jones, Microsoft Research.

Advertisements

Reducing Power and Area by Interconnecting Memory Controllers to Memory Ranks with RF Coplanar Waveguides on the Same Package WEED 2011, ISCA Mario D.

Deep Packet Inspection Which Implementation Platform? Sarang Dharmapurikar Cisco.

Jörg Drechsler (Institute for Employment Research, Germany) NTTS 2009 Brussels, 20. February 2009 Disclosure Control in Business Data Experiences with.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Virtual Hierarchies to Support Server Consolidation Michael Marty and Mark Hill University of Wisconsin - Madison.

(SubLoc) Support vector machine approach for protein subcelluar localization prediction (SubLoc) Kim Hye Jin Intelligent Multimedia Lab

AES Side Channel Attacks

Virtualization Technology

Making Time-stepped Applications Tick in the Cloud Tao Zou, Guozhang Wang, Marcos Vaz Salles*, David Bindel, Alan Demers, Johannes Gehrke, Walker White.

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Full-System Timing-First Simulation Carl J. Mauer Mark D. Hill and David A. Wood Computer Sciences Department University of Wisconsin—Madison.

Rohit Kugaonkar CMSC 601 Spring 2011 May 9 th 2011

KAIST Computer Architecture Lab. The Effect of Multi-core on HPC Applications in Virtualized Systems Jaeung Han¹, Jeongseob Ahn¹, Changdae Kim¹, Youngjin.

Lecture 4: Cloud Computing Security: a first look Xiaowei Yang (Duke University)

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Yan Qiang,

Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.

Fast Paths in Concurrent Programs Wen Xu, Princeton University Sanjeev Kumar, Intel Labs. Kai Li, Princeton University.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

PREVENTING CRYPTOGRAPHIC KEY LEAKAGE IN CLOUD VIRTUAL MACHINES STUDENT: FATEMAH ALHARBI PROFESSOR: NAEL ABU-GHAZALEH EE260 SEMINAR IN ELECTRICAL ENGINEERING.

Scheduling with Optimized Communication for Time-Triggered Embedded Systems Slide 1 Scheduling with Optimized Communication for Time-Triggered Embedded.

Scheduler-based Defenses against Cross-VM Side- channels Venkat(anathan) Varadarajan, Thomas Ristenpart, and Michael Swift 1 D EPARTMENT OF C OMPUTER S.

Torturing OpenSSL Todd Austin University of Michigan with Andrea Pellegrini, William Arthur and Valeria Bertacco (Based on Valeria’s BlackHat 2012 Presentation)

TitleEfficient Timing Channel Protection for On-Chip Networks Yao Wang and G. Edward Suh Cornell University.

Tanenbaum 8.3 See references

Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds Written by Thomas Ristenpart Eran Tromer Hovav Shacham Stehan.

Eliminating Fine Grained Timers in Xen Bhanu Vattikonda with Sambit Das and Hovav Shacham.

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人：張逸文.

CS533 Concepts of Operating Systems Jonathan Walpole.

Kenichi Kourai (Kyushu Institute of Technology) Takuya Nagata (Kyushu Institute of Technology) A Secure Framework for Monitoring Operating Systems Using.

Guanhai Wang, Minglu Li and Chuliang Weng Shanghai Jiao Tong University, China. SVM09, Wuhan, China.

NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee (ISCA follow up soon to.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

A paper by Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security,

Micro-sliced Virtual Processors to Hide the Effect of Discontinuous CPU Availability for Consolidated Systems Jeongseob Ahn, Chang Hyun Park, and Jaehyuk.

Peeping Tom in the Neighborhood Keystroke Eavesdropping on Multi-User Systems USENIX 2009 Kehuan Zhang, Indiana University, Bloomington XiaoFeng Wang,

Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.

Improving Xen Security through Disaggregation Derek MurrayGrzegorz MilosSteven Hand.

New Client Puzzle Outsourcing Techniques for DoS Resistance Brent Waters, Ari Juels, J. Alex Halderman and Edward W. Felten.

Operating Systems Security

Side-channels Tom Ristenpart CS Pick target(s) Choose launch parameters for malicious VMs Each VM checks for co-residence Frequently achieve advantageous.

Faster Implementation of Modular Exponentiation in JavaScript

Remote Timing Attacks are Practical David Brumley Dan Boneh [Modified by Somesh.

Combining Evolutionary Information Extracted From Frequency Profiles With Sequence-based Kernels For Protein Remote Homology Detection Name: ZhuFangzhi.

Unveiling Zeus Automated Classification of Malware Samples Abedelaziz Mohaisen Omar Alrawi Verisign Inc, VA, USA Verisign Labs, VA, USA

Thomas Ristenpart , Eran Tromer, Hovav Shacham ,Stefan Savage CCS’09

Covert Channels Through Branch Predictors: a Feasibility Study

X. Zhang, Y. Xiao, Y. Zhang Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices Xiaokuan Zhang, Yuan Xiao, Yinqian.

Secure Dynamic Memory Scheduling against Timing Channel Attacks

Attacks on Public Key Encryption Algorithms

Hey, You, Get Off of My Cloud

UNIVERSITY OF HOUSTON Start

X. Zhang, Y. Xiao, Y. Zhang Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices Xiaokuan Zhang, Yuan Xiao, Yinqian.

Xiaodong Wang, Shuang Chen, Jeff Setter,

Written by : Thomas Ristenpart, Eran Tromer, Hovav Shacham,

Information Security – Theory vs

Mengjia Yan, Yasser Shalabi, Josep Torrellas

Hardware Support for Embedded Operating System Security

Bruhadeshwar Meltdown Bruhadeshwar

An Enhanced Support Vector Machine Model for Intrusion Detection

OS Virtualization.

Professor, No school name

Secure Processing On-Chip

Cryptographic Timing Attacks

Sai Krishna Deepak Maram, CS 6410

Maria Méndez Real, Vincent Migliore, Vianney Lapotre, Guy Gogniat

University of Illinois at Urbana-Champaign

Progress Report 11/05.

Presentation transcript:

Cross-VM Side Channels and Their Use to Extract Private Keys Yinqian Zhang (UNC-Chapel Hill) Ari Juels (RSA Labs) Michael K. Reiter (UNC-Chapel Hill) Thomas Ristenpart (U Wisconsin-Madison)

Motivation

Security Isolation by Virtualization Attacker VM Victim VM Crypto Keys Virtualization Layer Computer Hardware

Access-Driven Cache Timing Channel Attacker VM Victim VM Crypto Keys Side Channels Virtualization (Xen) An open problem: Are cryptographic side channel attacks possible in virtualization environment?

Related Work Publication Multi-Core Virtualization w/o SMT Target Percival 2005 RSA Osvik et al. 2006 AES Neve et al. 2006 Aciicmez 2007 Aciicmez et al. 2010 DSA Bangerter 2011

Related Work Publication Multi-Core Virtualization w/o SMT Target Percival 2005 RSA Osvik et al. 2006 AES Neve et al. 2006 Aciicmez 2007 Ristenpart el al. 2009 load Aciicmez et al. 2010 DSA Bangerter 2011

Related Work Publication Multi-Core Virtualization w/o SMT Target Percival 2005 RSA Osvik et al. 2006 AES Neve et al. 2006 Aciicmez 2007 Ristenpart el al. 2009 load Aciicmez et al. 2010 DSA Bangerter 2011 Our work ElGamal

Outline Cross-VM Side Channel Probing Cache Pattern Classification Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

Digress: Prime-Probe Protocol PRIME-PROBE Interval PROBE Time 4-way set associative L1 I-Cache Cache Set

Cross-VM Side Channel Probing Attacker VM Victim VM Virtualization (Xen) L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

Challenge: Observation Granularity VM/VCPU VM/VCPU Attacker Victim W/ SMT: tiny prime-probe intervals W/o SMT: gaming schedulers L1 I-Cache Time 30ms 30ms

Ideally … Time Use Interrupts to preempt the victim: Timer interrupts? Short intervals Use Interrupts to preempt the victim: Timer interrupts? Network interrupts? HPET interrupts? Inter-Processor interrupts (IPI)!

Inter-Processor Interrupts Attacker VM For( ; ; ) { send_IPI(); Delay(); } VM/VCPU Attacker VCPU Victim IPI VCPU Virtualization (Xen) CPU core CPU core

Cross-VM Side Channel Probing Time 2.5 µs 2.5 µs 2.5 µs

Outline Cross-VM Side Channel Probing Cache Pattern Classification Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

Square-and-Multiply (libgcrypt) /* y = xe mod N , from libgcrypt*/ Modular Exponentiation (x, e, N): let en … e1 be the bits of e y ← 1 for ei in {en …e1} y ← Square(y) (S) y ← Reduce(y, N) (R) if ei = 1 then y ← Multi(y, x) (M) y ← Reduce(y, N) (R) ei = 1 → “SRMR” ei = 0 → “SR”

Cache Pattern Classification Key observation: Footprints of different functions are distinct in the I-Cache ! Square(): cache set 1, 3, …, 59 Multi(): cache set 2, 5, …, 60, 61 Reduce(): cache set 2, 3, 4, …, 58 Square() Classification Multi() Reduce()

Support Vector Machine Noise: hypervisor context switch Square() SVM Multi() Reduce() Read more on SVM training

Support Vector Machine SVM …… S S R S S R R R S R M M R M M R

Outline Cross-VM Side Channel Probing Cache Pattern Classification Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

M R …… S R R S Noise Reduction Square Reduce Multi requires robust automated error correction

Hidden Markov Model S R M Square Reduce Multi Unkn

Hidden Markov Model S R M …… R S R M Square Reduce Multi Unkn

Hidden Markov Model low confidence

Eliminate Non-Crypto Computation SVM S R M ……

Eliminate Non-Crypto Computation S R M …… S R M Square Reduce Multi Unkn

Eliminate Non-Crypto Computation Key Observations S:M Ratio should be roughly 2:1 for long enough sequences! “MM” signals an error (never two sequential multiply operations)

Key Extraction L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache VCPU VCPU Start Decryption Unkn Unkn Unkn Victim VCPU Attacker VCPU Square Reduce Square Reduce Multi Reduce Virtualization (Xen) L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

Multi-Core Processors 0100011... Attacker VCPU Another VCPU Dom0 VCPU Victim VCPU IPI VCPU L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

Multi-Core Processors ..#####... Dom0 VCPU Attacker VCPU Another VCPU Victim VCPU IPI VCPU L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

Multi-Core Processors ##10100... Another VCPU Dom0 VCPU Victim VCPU Attacker VCPU IPI VCPU L1 I-Cache L1 I-Cache L1 I-Cache L1 I-Cache

From an Attacker’s Perspective #####1001111010#### #0111101011######## ####110101101#####0 1101110############ ###########........

Outline Cross-VM Side Channel Probing Cache Pattern Classification Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

Code-Path Reassembly 1001110010 0111101111 110101101 11101110 DNA Assembly No error bit! 100111*01*1101110

A DP/Graph Solution 1001011 1001011 0101-010 0101010

Correcting False Alignment 0101001 1001011 1001011 0101-010 0101001 0101-010

Cross-Fragments Error Correction 0101001 D: 1010-11 E: 010-11 A D A: 01010-11 D: 1010-11 010-11 E: E

Fragments Stitching F Greedy Algorithm: “Longest” Path in DAG Spanning Sequences Potential key bits B A C D C: 110101 E: 101011 E

Combining Spanning Sequences 10*011*110101*101-10 1000111-101010101110 100011*1101-10101110 100011*1101010101110 UNCERTAINTY OKEY, NO ERROR ALLOWED!!

Outline Cross-VM Side Channel Probing Cache Pattern Classification Stage 1 Stage 2 Cross-VM Side Channel Probing Cache Pattern Classification Vectors of cache measurements Sequences of SVM-classified labels Noise Reduction Code-Path Reassembly Fragments of code path Stage 3 Stage 4

Evaluation Intel Yorkfield processor Xen + linux + GnuPG + libgcrypt 4 cores, 32KB L1 instruction cache Xen + linux + GnuPG + libgcrypt Xen 4.0 Ubuntu 10.04, kernel version 2.6.32.16 Victim runs GnuPG v.2.0.19 (latest) libgcrypt 1.5.0 (latest) ElGamal, 4096 bits

Results Work-Conserving Scheduler Non-Work-Conserving Scheduler 300,000,000 prime-probe results (6 hours) Over 300 key fragments Brute force the key in ~9800 guesses Non-Work-Conserving Scheduler 1,900,000,000 prime-probe results (45 hours) Brute force the key in ~6600 guesses

Conclusion A combination of techniques IPI + SVM + HMM + Sequence Assembly Demonstrate a cross-VM access-driven cache-based side-channel attack Multi-core processors without SMT Sufficient fidelity to exfiltrate cryptographic keys

Thank You Questions? Please contact: yinqian@cs.unc.edu