Protecting Cryptographic Keys from Memory Disclosure Attacks Presented by John Shu Shouhuai Xu and Keith Harrison UTSA, Dept. Computer Science.

Slides:

Advertisements

Similar presentations

Operating Systems Components of OS

Advertisements

Remus: High Availability via Asynchronous Virtual Machine Replication

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Operating Systems (CSCI2413) Lecture 2 Overview phones off (please)

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Building Secure, DRM-Enabled Devices Avni Rambhia Program Manager John C. Simmons Program Manager Strategic Relations & Policy Windows Client Division.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

Public Key Encryption Algorithm

By Claudia Fiorini, Enrico Martinelli, Fabio Massacci

FIT3105 Smart card based authentication and identity management Lecture 4.

CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.

1 School of Computing Science Simon Fraser University CMPT 300: Operating Systems I Dr. Mohamed Hefeeda.

Memory Management (II)

CS 104 Introduction to Computer Science and Graphics Problems

Operating Systems CS208. What is Operating System? It is a program. It is the first piece of software to run after the system boots. It coordinates the.

Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.

Chapter 3 Encryption Algorithms & Systems (Part C)

Tallinn University of Technology Quantum computer impact on public key cryptography Roman Stepanenko.

 Introduction  Requirements for RSA  Ingredients for RSA  RSA Algorithm  RSA Example  Problems on RSA.

The RSA Algorithm Rocky K. C. Chang, March

Eternal Sunshine of the Spotless Machine: Protecting Privacy with Ephemeral Channels Alan M. Dunn, Michael Z. Lee, Suman Jana, Sangman Kim, Mark Silberstein,

Rensselaer Polytechnic Institute CSCI-4210 – Operating Systems David Goldschmidt, Ph.D.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

Calculating Discrete Logarithms John Hawley Nicolette Nicolosi Ryan Rivard.

HyperSpector: Virtual Distributed Monitoring Environments for Secure Intrusion Detection Kenichi Kourai Shigeru Chiba Tokyo Institute of Technology.

Introduction and Overview Questions answered in this lecture: What is an operating system? How have operating systems evolved? Why study operating systems?

CS533 Concepts of Operating Systems Jonathan Walpole.

10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (1) Information Security.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

NETWORK FILE ACCESS SECURITY Daniel Mattingly EKU, Dept. of Technology, CEN/CET.

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

8.4 paging Paging is a memory-management scheme that permits the physical address space of a process to be non-contiguous. The basic method for implementation.

Recall: Three I/O Methods Synchronous: Wait for I/O operation to complete. Asynchronous: Post I/O request and switch to other work. DMA (Direct Memory.

Operating Systems ECE344 Ashvin Goel ECE University of Toronto OS Design.

1 Lecture 9 Public Key Cryptography Public Key Algorithms CIS CIS 5357 Network Security.

Vasileios P. Kemerlis, Georgios Portokalidis, Angelos D. Keromytis Network Security Lab, Department of Computer Science, Columbia University, USA 21 st.

Midterm Review Cryptography & Network Security

Computer Architecture and Operating Systems CS 3230: Operating System Section Lecture OS-8 Memory Management (2) Department of Computer Science and Software.

Operating Systems David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 432.

SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.

CE Operating Systems Lecture 3 Overview of OS functions and structure.

Operating System What is an Operating System? A program that acts as an intermediary between a user of a computer and the computer hardware. An operating.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Distributed System Concepts and Architectures 2.3 Services Fall 2011 Student: Fan Bai

Distributed System Concepts and Architectures Services

Network Security Lecture 18 Presented by: Dr. Munam Ali Shah.

Scott CH Huang COM 5336 Cryptography Lecture 6 Public Key Cryptography & RSA Scott CH Huang COM 5336 Cryptography Lecture 6.

Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.

Distributed System Services Fall 2008 Siva Josyula

A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.

Wireless and Mobile Security

Information Leaks Without Memory Disclosures: Remote Side Channel Attacks on Diversified Code Jeff Seibert, Hamed Okhravi, and Eric Söderström Presented.

DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.

Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

Memory Management Chapter 5 Advanced Operating System.

Dr. Saatchi, Seyed Mohsen 1 Arab Open University - AOU T209 Information and Communication Technologies: People and Interactions Sixth Session.

1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.

Biometric Encryption Base RSA Algorithm Supervisor: Ass. Prof. Dr. Dang Tran Khanh Student: Dung Ngo Dinh.

OPERATING SYSTEMS DO YOU REQUIRE AN OPERATING SYSTEM IN YOUR SYSTEM?

Operating Systems {week 01.b}

Introduction to Operating Systems

Economics, Administration & Information system

Lecture 6: Digital Signature

CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors

2019 2학기 고급운영체제론 ZebRAM: Comprehensive and Compatible Software Protection Against Rowhammer Attacks 3 # 단국대학교 컴퓨터학과 # 남혜민 # 발표자.

Presentation transcript:

Protecting Cryptographic Keys from Memory Disclosure Attacks Presented by John Shu Shouhuai Xu and Keith Harrison UTSA, Dept. Computer Science

Outline  Introduction  Threat Assessment  Understanding the Attack  Countering Memory Disclosure Attacks  Conclusion

Introduction  Cryptography as an indispensable tool in security  Premise here is the security of cryptographic keys  A brief example of how it all works

Introduction  Cryptographic Keys (Symmetric) [source:

Introduction  Cryptographic Keys (Asymmetric) e.g. RSA 1. Choose two distinct prime numbers P and Q 2. Calculate n=PQ 3. Calculate ϕ (n) = (P-1)(Q-1), ϕ is Euler totient function 4. Choose an integer e, 1<e< ϕ (n), e co-prime to ϕ (n) 5. Find d = e -1 mod ϕ (n), (i.e d is the multiplicative inverse)

Introduction  These cryptographic keys should be kept secret  Memory Disclosure Vulnerabilities violate this  Attacks built on this concept can access information:  Allocated Memory  Unallocated Memory These attacks can effectively expose RSA private Keys !!!

Threat Assessment  Initial experiments on OpenSSH and Apache HTTP servers  Memory Disclosure Vulnerabilities in Linux Kernels prior to , and  Directories created in the file system could leak 4KB  Portions of memory may be disclosed from unsigned types in certain files.

Recall RSA crypto system  System consist of d, e, P, Q, ϕ (n) and a PEM (.pem) file which contains the whole key.  Disclosure of either d, P, Q and the PEM encoded file can lead to compromise or private key.  Experiment included  3.2 Intel Pentium 4 CPU  Gentoo Linux OS and kernel  OpenSSH 4.3 server and Apache Server

OpenSSH server  Procedure  Plugged in USB to machine running OpenSSH  Script performed the following function 1. Created large number of connections to localhost 2. Then script immediately closed all connections 3. Created a large number of directories in USB where each directory revealed less than 4072 bytes of memory onto the USB device  Device was then removed and searched for copies of private key

OpenSSH: # of keys found source: [4]

OpenSSH: success rate of attacks source: [4]

Understanding the Attacks  The need for a tool to take ‘snapshots’ of memory  A tool was developed in C code to  Obtain snapshots of memory  Do bookkeeping: “which processes have access to memory pages that contain private keys”  Deployed as a Loadable Kernel Module

Output from LKM source: [4]

Countering Memory Disclosure Attacks  Following Measures were proposed  Crypto key should appear in allocated memory minimal number of times  Unallocated memory should not have a copy of cryptographic key These measures were enforced at various levels of the System

Application Layer  Solution:  Utilize “Copy on Write management Policy” to avoid unnecessary duplication of private key  Implementation  RSA_memory_align() function was used to ensure that only one copy of private key appears in secluded region of allocated memory

Library Layer  Solution:  Eliminate unnecessary duplication of cryptographic keys in allocated memory using the same scheme as above  Implementation  Pages from the special region of memory are not copied or swapped.

Kernel Layer  Solution:  Ensure that unallocated memory does not contain any private keys by zeroing physical pages after use.  Implementation  free_hot_cold_page() function was modified to ensure that pages are cleared before being added to list of free pages in unallocated memory

Experimental Proof of Concept

Conclusion  Discovered vulnerability leading to disclosure of memory.  Proposed and tested solutions to eliminate the attack and mitigate damaged already caused.  However, complete elimination will be contingent upon extra hardware.

References 1. P.Broadwell,M.Harren,andN.Sastry.Scrash:Asys- tem for generating secure crash information. In Usenix Security Symposium’ J. Chow, B. Pfaff, T. Garfinkel, K. Christopher, and M. Rosenblum. Understanding data lifetime via whole system simulation. In Usenix Security Symposium’ J. Chow, B. Pfaff, T. Garfinkel, and M. Rosenblum. Shredding your garbage: Reducing data lifetime. In Proc.USENIX Security Symposium’ Harrison K. Protecting Cryptographic Keys from Memory Disclosure Attacks. 37 th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp , 2007.

QUESTIONS