Seongmin Kim Youjung Shin Jaehyung Ha

Slides:

Advertisements

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Advertisements

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Internet Protocol Security (IP Sec)

Cobalt: Separating content distribution from authorization in distributed file systems Kaushik Veeraraghavan Andrew Myrick Jason Flinn University of Michigan.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O Presenter: Probir Roy Computer Science Department College of William & Mary.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Shielding Applications from an Untrusted Cloud Andrew Baumann, Marcus Peinado, and Galen Hunt. OSDI Fall 2014 Presenter: Kun Sun, Ph.D. Most slides.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

1 Next-Generation Secure Internet: Security Overview and Context Adrian Perrig in collaboration with Steven Bellovin, David Clark, Dawn Song.

outline Purpose Design Implementation Market Conclusion presentation Outline.

Towards Application Security On Untrusted OS

Internet Protocol Security (IPSec)

Mobile Data Sharing over Cloud Group No. 8 - Akshay Kantak - Swapnil Chavan - Harish Singh.

CCENT Review. Put the following descriptions in order from Layer 7 to Layer 1 and give the name of each layer.

Host Identity Protocol

NETWORKS – NETWORK FUNDAMENTALS. How do computers connect to each other? Wired vs. Wireless Network cards Special device on computer that lets the computer.

Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)

Chapter 21 Distributed System Security Copyright © 2008.

New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.

Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Operating Systems Security

Wireless and Mobile Security

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

Securing Access to Data Using IPsec Josh Jones Cosc352.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

Cryptography CSS 329 Lecture 13:SSL.

Intel® Software Guard Extensions (Intel® SGX)

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

CMSC 818J: Privacy enhancing technologies Lecture 2.

Trusted? 05/4/2016 Charles Sheehe, CCSDS Security Working Group GRC POC All information covered is from public sources.

Trusted Computing and the Trusted Platform Module

EnGarde: Mutually Trusted Inspection of SGX Enclaves

Outline What does the OS protect? Authentication for operating systems

Outline What does the OS protect? Authentication for operating systems

TERRA Authored by: Garfinkel, Pfaff, Chow, Rosenblum, and Boneh

TPM, TEE, SGX Technologies

OpenSGX: An Open Platform for SGX Research

Seongmin Kim, Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han

Bastion secure processor architecture

AEGIS: Secure Processor for Certified Execution

Cloud Security 李芮，蒋希坤，崔男 2018年4月.

Sai Krishna Deepak Maram, CS 6410

SCONE: Secure Linux Containers Environments with Intel SGX

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Kriti shreshtha.

Shielding applications from an untrusted cloud with Haven

Aimee Coughlin, Greg Cusack, Jack Wampler, Eric Keller, Eric Wustrow

TEE-Perf A Profiler for Trusted Execution Environments

Stefano Tempesta Secure Machine Learning with SQL Server Always Encrypted with Secure Enclaves.

Presentation transcript:

Seongmin Kim Youjung Shin Jaehyung Ha A First Step Towards Leveraging Commodity Trusted Execution Environments for Network Applications Seongmin Kim Youjung Shin Jaehyung Ha Taesoo Kim* Dongsu Han KAIST * Georgia Tech

Trend 1: Security and Privacy Critical Factors in Technology Adoption Demands for “security” and “privacy” are increasing Widespread use of Transport Layer Security (TLS) Popularity of anonymity networks (e.g., Tor) Use of strong authentication/encryption in WiFi Expectation on security and privacy impacts design decisions: Operating system (iOS, Android) Apps/services (e.g., messenger, adblocker) Network infrastructure (inter-domain SDN)

Trend 1: Security and Privacy Critical Factors in Technology Adoption Demands for “security” and “privacy” are increasing Widespread use of Transport Layer Security (TLS) Popularity of anonymity networks (e.g., Tor) Use of strong authentication/encryption in WiFi Expectation on security and privacy impacts design decisions: Operating system (iOS, Android) Apps/services (e.g., messenger, adblocker) Network infrastructure (inter-domain SDN) I’d like to start by pointing out two big trends. First, security and privacy are becoming critical factors for technology adoption. Applications and services with enhanced security and privacy features are getting increasingly adopted. And they often impact our design decision. We see many examples like this in today’s market.

Trend 2: Commoditization of Trusted Execution Environment Trusted Execution Environment (TEE) Isolated execution: integrity of code, confidentiality Remote attestation Commoditization of TEE Trusted Platform Module (TPM) : Slow performance ARM TrustZone : Only available for embedded devices Intel Software Guard Extension (SGX) 1. Native performance 2. Compatibility with x86 The commoditization of TEE brings new opportunities for network applications. The second trend is commoditization of trusted execution environments or TEEs. TEEs provide hardware-based mechanisms for isolated execution and remote attestation. While the idea and implementation has been around for a long time, it had several practical limitation. However, the newly released Intel SGX truly signals the commoditization by lifting off some of the limitations ; it gives native performance to software running in the secure mode and is compatible with x86. Imagine all our laptops and servers on the Cloud supportingTEE. We believe that The commoditization of TEE brings new opportunities for network applications because many network and middlebox applications run on x86.

Network Applications + TEE = ? What impact does TEE have on networking? Previous efforts: Adopting TEE to cloud platform Haven [OSDI’14] : Protects applications from an untrusted cloud VC3 [S&P’15] : Trustworthy data analytics in the cloud Network Applications TEE Enhanced security New design space New functionality Intel SGX

SGX : Isolated Execution System Memory CPU Package Enclave Access from OS/VMM Memory Encryption Engine (MEE) Encrypted code/data Snooping SGX allows part of application code to run in isolation inside an enclave. The enclave region of the main memory is encrypted. The content is only decrypted inside the CPU package using processor specific keys. Thus, even if a malicious adversary has full control over the hardware, it cannot access/modify the enclave. Also, the enclave is protected from other software running in the host, including the OS and hypervisor. In summary, the TCB is the CPU package and the application code running inside and enclave. Application keeps its data/code inside the “enclave” Smallest attack surface by reducing TCB (App + processor) Protect app’s secret from untrusted privilege software (e.g., OS, VMM)

SGX : Remote Attestation Remote platform Host platform Hash 1. Request Challenger Enclave 2. Calculate MAC Target Enclave 6. Send signature CMAC 3. Send MAC SGX CPU 4. Verify Quoting Enclave SGX CPU 5. Sign with group key [EPID] SGX also support remote attestation. So an enclave program running on a host makes a remote attestation request. The remote platform creates a hash of the enclave or measurement. Then it passes this info to a specially purposed enclave who signs this with a group key. As part of the remote attestation, one can also exchange information, this is often used for Diffie-Hellman key exchange to bootstrap a secure channel between two enclaves. Attest an application on remote platform Check the identity of enclave (hash of code/data pages) Can establish a “secure channel” between enclaves

Case Studies: Three Applications Network Applications TEE Intel SGX Enhanced security New design space New functionality Network infrastructure: Software-defined inter-domain routing Peer-to-peer systems: Tor anonymity network Middlebox: TLS and “secure” middleboxes

SDN-based Inter-domain Routing Controller 1) Topology 2) Policies (e.g., export policy) AS C AS B AS A AS D Offers new properties Fast convergence, application-specific peering, flexibility, what-if analysis [hotnets2011] Reveals private information: topology and policy

SDN-based Inter-domain Routing Controllers AS C AS B AS A AS D Prior work [hotnets2011] uses Secure Multi-Party Computation (SMPC) to solve this, but the computational complexity is prohibitive.

SDN-based Inter-domain Routing AS A AS-local Controller Router SDN Switch Inter-domain Controller AS B AS-local Controller Enclave Enclave Enclave Enclose private information inside the enclave Communication through a secure channel after attestation

SDN-based Inter-domain Routing AS A AS-local Controller Router SDN Switch Inter-domain Controller AS B AS-local Controller Enclave Enclave Enclave ASes agree upon a common code base. Makes sure that it does not leak private information [Moat]. It becomes the TCB of the inter-domain routing infrastructure.

SDN-based Inter-domain Routing AS A AS-local Controller Router SDN Switch Inter-domain Controller AS B AS-local Controller Attestation Enclave Enclave Enclave Collect info Send routes Agreed upon code 1. Mutually attest/authenticate using remote attestation 2. Collect policy and topology through a secure channel 3. Main controller computes routing path 4. Sends routes for each AS through a secure channel

Extending Features: Policy verification Inter-domain Controller AS A AS C AS D AS B I will give you my shortest route to Google! [SPIDeR] Enabling verification on routing decisions Want to verify whether the promise is being kept [SPIDeR]

Extending Features: Policy verification Among all routes to Google from B, is the one B advertising to A the shortest? AS A AS C AS D AS B Inter-domain Controller Enclave Verify only the predicates agreed upon by A and B Predicate Predicate Add predicate animation I will give you my shortest route to Google! [SPIDeR] Enabling verification on routing decisions Want to verify whether the promise is being kept [SPIDeR]

Tor: Anonymity Network Tor network : uses 3-hop onion routing Directory servers : Advertise available onion routers (ORs), vote for bad exit nodes Relies on volunteer provided hosts When exit node is compromised, (unless end-to-end encryption is used) Snooping or tampering of the plain-text Break of anonymity : Bad apple attack Directory servers Exit Entry Relay Destination Tor client Tor network

Tor: Anonymity Network Tor network : uses 3-hop onion routing Directory servers : Advertise available onion routers, vote for bad exit nodes Relies on volunteer provided hosts When directory servers are compromised, Tie-breaking attacks while voting Admission of malicious ORs Directory servers Exit Entry Relay Destination Tor client Tor network

Application of TEE to Tor 1) SGX-enabled directory servers 2) SGX-enabled directory servers & ORs Enclave Remote attestation Directory servers Enclave Exit - Keep sensitive data in enclave Authority keys List of available ORs - Integrity check each other Entry Relay Destination Tor client - Detect problematic exit nodes through integrity check - Automatic admission of new ORs Tor network

Application of TEE to Tor 1) SGX-enabled directory servers 2) SGX-enabled directory servers & ORs 3) Fully SGX-enabled setting  Eliminate directory servers altogether Remote attestation Enclave Enclave Enclave Exit Enclave Entry Relay Enclave Destination Enclave Tor client Each Tor components can check the integrity of target program (Tor binary) Tor network

Implementation OpenSGX [NDSS’16] : Open source SGX emulator Fully functional, instruction-compatible emulator of SGX build on top of QEMU Emulates system software and provide SGX libraries User process (single address space) Enclave Program Package Info (Key, Entry point) Code SGX Libraries Data Stack Trampoline SGX System call Enclave mode switch SGX OS Emulation SGX instruction QEMU SGX

Preliminary Evaluation: Overhead Estimate the overhead in terms of additional CPU cycles Each SGX instruction = 10 k cycles [Haven] <Cost of remote attestation> <Cost of packet transmission> SGX library Enclave … send() ... User space OS Trampoline CPU Cycles (B) For each I/O operations, 2 Mode switches + SGX library calls Cost of remote attestation: 3% of 1024-bit Diffie-Hellman

SDN-based inter-domain routing 30 ASes with the centralized inter-domain controller Inter-domain controller : 90% more CPU cycles AS-local controllers : 70% more CPU cycles <# of CPU cycles consumed in the inter-domain controller> Number of participating ASes : 30 CPU Cycles

Conclusion Commoditization of TEE brings new opportunities for network applications Cases studies show wide range of impact: Policy privacy of SDN-based inter-domain routing New design space of Tor anonymity network Secure in-network functions SDN-based inter-domain routing: Characterize and measure the overhead of using SGX Consumes 70-90% more CPU cycles

SDN-based inter-domain routing 30 ASes with the centralized inter-domain controller Inter-domain controller : 90% more CPU cycles AS-local controllers : 70% more CPU cycles <# of CPU cycles consumed in the inter-domain controller> CPU Cycles Number of participating ASes

Secure Multi-party Execution SGX Program owner can remotely verify the integrity of code Publicly available programs (e.g., git) can validate the integrity of project by sharing the private key for the attestation Creates signature of program through shared private key Public repo Example) 1. Tor binary for OR 2. SDN-based controller program attestation

In-network Functions (Middleboxes) Use of TLS protocol disrupts in-network processing  Only endpoints of communication can access the plain-text SGX enables opportunity for secure in-network functions Enclave Proxy Firewall IDS Enclave 1. Authenticate middlebox through remote attestaion Enclave 2. Gives session keys through a secure channel Middlebox Server Can be done unilaterally or bilaterally.

Trend 2: Commoditization of Trusted Execution Environment Trusted Execution Environment (TEE) Isolated execution: integrity of code, confidentiality Remote attestation Commoditization of TEE Trusted Platform Module (TPM) : Slow performance ARM TrustZone : Only available for embedded devices Intel Software Guard Extension (SGX) 1. Native performance 2. Compatibility with x86 The commoditization of TEE brings new opportunities for network applications.