Presentation is loading. Please wait.

Presentation is loading. Please wait.

Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.

Published byGrace Simmons Modified over 8 years ago

Similar presentations

Presentation on theme: "Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture."— Presentation transcript:

1 Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture Laboratory for Multimedia and Security Department of Electrical Engineering Princeton University

2 One User, Many Documents/Keys, Multiple Devices 1

3 Secure I/O Reduced security perimeter: From the box to the chip Attacks on Devices Security vulnerabilities: –Software –Physical (device theft) Processor chip Registers On-chip cache Video Off-chip cache Main memory Network Other I/O Disk SW Access in supervisor mode SW Access in OS Interrupt Handler SW Access to hard disk Physical probing 2

4 Past Work Distributed software-based key management –Involves multiple servers Secure coprocessors and crypto tokens (deployed) –Tamper-resistant crypto modules (IBM’s 4758) and smartcards Trusted Computing Group (TPM recently available) –Industry: Microsoft NGSCB, Intel LaGrande. Recent secure processor proposals (research) –XOM, AEGIS, VSCoP Our approach –Lower cost, high performance, no auxiliary hardware, no permanent secret and requires minimal trusted software 3

5 Secret Protected (SP) Architecture 1. New Trust Model –Most SW and HW untrusted 2. Trusted software module (TSM) –Securely perform operations using the keys 3. Encrypted keychain –Reduce the amount of secrets needing protection 4. Concealed execution mode (CEM) –Protect the execution environment of TSM 5. New processor features –Very small additions to ISA –Secure I/O – input of the user key. Security Goal: Keep user’s keys private to the user 4

6 Core L2 unified cache L1 data cache L1 instr. Cache New registers: CEM Status Flags (2) User Master Key (128) Device Master Key (128) CEM Return Address (64) CEM Interrupt Hash (128) Encryption/ hashing engine Secure I/O logic Small additions to the processor Core Secure I/O logic Encryption/ hashing engine L2 unified cache L1 data cache L1 instr. Cache External memory LEDs, buttons, keyboard New registers: CEM Status Flags (2) User Master Key (128) Device Master Key (128) CEM Return Address (64) CEM Interrupt Hash (128) 5

7 New Trust Model Disjoint region of trust wrt CPU protection rings Unprivileged Software Privileged Software OS Kernel Trusted Software Module User Secrets 6 TSM API

8 1,000’s keys are secured by protecting 1 User Master Key K1K1 K2K2 Hash() Pass- phrase K3K3 K4K4 K5K5 7

9 HW Supporting the Key Chain Core Secure I/O logic Encryption/ hashing engine L2 unified cache L1 data cache L1 instr. Cache External memory LEDs, buttons, keyboard New registers: CEM Status Flags (2) User Master Key (128) Device Master Key (128) CEM Return Address (64) CEM Interrupt Hash (128) 8

10 Secret Protected (SP) Architecture 1.New Trust Model –Orthogonal to protection rings 2. Hierarchical keychain –Reduce amount of secrets needing protection 3. Trusted software module (TSM) –Carry out operations using the keys 4. Concealed execution mode (CEM) –Protect TSM program integrity –Protect TSM data in main memory and caches –Protect registers on interrupts 5. New processor features –Very little addition to achieve the goal 9

11 InstructionsMAC 16 48 bytes InstructionsMAC ……. 64-byte cache line MAC Protect TSM program integrity Device Master Key Provide keyed hash (Message Authentication Code) per cache line TSM code Device Master Key MAC TSM code Keyed_hash() Code address 10

12 Basic Approach for protecting TSM data 11 Processor chip On-chip cache DRAM Off-chip cache Outside security perimeter: data exists as ciphertext Use Encryption and hashing Inside security perimeter: data exists as plaintext Use Tagging

13 Secure Data 2 Decryption & integrity check Protection over the entire memory hierarchy Cache line tagging – separating secure from nonsecure, and data from code. Secure Instruction Tags Secure Data Tags L1 Instr Cache L1 Data Cache L2 Unified Cache Secure Code 1 Code 3 Secure Code 2 Secure Data 2 Data 1 = Main Memory Data 3 Secure Data 2 Secure Code 1 Secure Code 2 Data 1 Code 3 Data 3 Secure Code 1 Secure Code 2 Secure Data 2 Code 3 Data 1 Code 3 Data 1 Data 3 Secure Code 1 Secure Code 2 Secure Code 1 Secure Code 2 Secure Data 2 Secure Code 1 Secure Code 2 Code 3 Data 1 Data 3 Y N 12

14 HW Supporting memory protection Core Secure I/O logic Encryption/ hashing engine L2 unified cache L1 data cache L1 instr. Cache External memory LEDs, buttons, keyboard New registers: CEM Status Flags (2) User Master Key (128) Device Master Key (128) CEM Return Address (64) CEM Interrupt Hash (128) Registers 13

15 R0R1R2R31...... One Plaintext message Protecting register values during interrupts “In situ” registers encryption –no change required in OS interrupt handler Store hash on-chip Return address trigger R0R1R2R31...... Encryption() One Ciphertext message R0R1R2R31...... R0R1R2R31...... R0R1R2R31 New registers: CEM Status Flags (2) User Master Key (128) Device Master Key (128) CEM Return Address (64) CEM Interrupt Hash (128) Hash() CEM Return Address (64) CEM Interrupt Hash (128) Device Master Key (128) 14

16 Device and User Initialization Device Initialization - Secure Bootup - TSM installation User Initialization Secure I/O logic User Master Key (128) Device Master Key (128) User Master Key (128) 15

17 Execution environment on device Architectural summary User Master Key protects Secure I/O Trusted software module Operates upon Device Master Key Device initialization protects Code Memory Registers 16

18 Contributions and Conclusions Minimalist SP-architecture protects critical secrets (keys) which then protect other sensitive data Decouples users from devices more convenient and realistic usage model No permanent secret defends against factory database compromise Master keys are symmetric keys faster and less storage Security without compromising performance, cost, usability Core L2 unified cache L1 data cache L1 instr. Cache 17

19 Opportunities for Future Research Other uses of SP architecture Alternative programming models using SP Secure I/O Attestation Security verification Extension to multicore processors 18

20 Thank you!

Download ppt "Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture."

Similar presentations

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Operating System Structures

Operating System Structures
1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,

1 Implementing an Untrusted Operating System on Trusted Hardware David Lie Chandramohan A. Thekkath Mark Horowitz University of Toronto, Microsoft Research,
Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.

Information Security and Cloud Computing Naresh K. Sehgal, Sohum Sohoni, Ying Xiong, David Fritz, Wira Mulia, and John M. Acken 1 NKS.
Implementing an Untrusted Operating System on Trusted Hardware.

Implementing an Untrusted Operating System on Trusted Hardware.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.

Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
FIU Chapter 7: Input/Output Jerome Crooks Panyawat Chiamprasert

FIU Chapter 7: Input/Output Jerome Crooks Panyawat Chiamprasert
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
outline Purpose Design Implementation Market Conclusion presentation Outline.

outline Purpose Design Implementation Market Conclusion presentation Outline.
Input/Output. Input/Output Problems Wide variety of peripherals —Delivering different amounts of data —At different speeds —In different formats All slower.

Input/Output. Input/Output Problems Wide variety of peripherals —Delivering different amounts of data —At different speeds —In different formats All slower.
General System Architecture and I/O.  I/O devices and the CPU can execute concurrently.  Each device controller is in charge of a particular device.

General System Architecture and I/O.  I/O devices and the CPU can execute concurrently.  Each device controller is in charge of a particular device.
Security in the industry H/W & S/W What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie.

Security in the industry H/W & S/W What is AMD’s ”enhanced virus protection” all about? What’s coming next? Presented by: Micha Moffie.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人:張逸文.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
G53SEC 1 Reference Monitors Enforcement of Access Control.

G53SEC 1 Reference Monitors Enforcement of Access Control.
1 CS503: Operating Systems Spring 2014 Dongyan Xu Department of Computer Science Purdue University.

1 CS503: Operating Systems Spring 2014 Dongyan Xu Department of Computer Science Purdue University.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.

Similar presentations

Ads by Google