Enhancing Network Data Obliviousness in Trusted Execution Environment-based Stream Processing Systems

Alsibyani, Hassan

15 May 2018

Cloud computing usage is increasing and a common concern is the privacy and security of the data and computation. Third party cloud environments are not considered fit for processing private information because the data will be revealed to the cloud provider. However, Trusted Execution Environments (TEEs), such as Intel SGX, provide a way for applications to run privately and securely on untrusted platforms. Nonetheless, using a TEE by itself for stream processing systems is not sufficient since network communication patterns may leak properties of the data under processing. This work addresses leaky topology structures and suggests mitigation techniques for each of these. We create specific metrics to evaluate leaks occurring from the network patterns; the metrics measure information leaked when the stream processing system is running. We consider routing techniques for inter-stage communication in a streaming application to mitigate this data leakage. We consider a dynamic policy to change the mitigation technique depending on how much information is currently leaking. Additionally, we consider techniques to hide irregularities resulting from a filtering stage in a topology. We also consider leakages resulting from applications containing cycles. For each of the techniques, we explore their effectiveness in terms of the advantage they provide in overcoming the network leakage. The techniques are tested partly using simulations and some were implemented in a prototype SGX-based stream processing system.

systems

security

side-channel attacks

An Efficiency Evaluation of Far-Field Electromagnetic Deep Learning Side-Channel Attacks in Controlled Environments

Evensen, Gabriel

January 2022

As more and more modern systems and products use built-in microcontrollers, hardware security becomes more important to protect against cyber-attacks. Internet of things devices, like Bluetooth devices, usually use an encryption algorithm to keep data safe from hackers. Advanced Encryption Standard (AES) is a commonly used encryption algorithm. AES itself is hard to break. However, it is possible to utilize the information leaking from a system during the execution of encryption, called side-channel, to recover the key or part of the key used by the encryption algorithm. This kind of attack is called a side-channel attack (SCA). In this study, two deep learning (DL) models are trained to attack the Bluetooth microcontroller unit Nordic nRF52 development kit equipped with an nRF52832 chip. The DL models are trained using the far-field electromagnetic emissions that the microcontroller unintentionally generates and transmits through the antenna while encrypting data. All encryptions are executed with a fixed key and random plaintext. The attack is conducted in two stages: the profiling and attack stages. In the profiling stage, where the attacker is assumed to have full system control, 100 000 traces holding encryption information are sampled and used to train the DL models to classify a sub-byte of the fixed key given a trace. In the attack stage, traces are captured in two different environments. The first is an entirely isolated environment, while the second adds a specific Wi-Fi access point and client connection that execute HTTP requests and responses in this isolated environment referred to as the system environment. Given traces obtained from one of the two attack environments, the performance of the trained models at classifying the correct sub-key is evaluated.  To summarize the results of this study, twelve SCAs are performed on six datasets captured in two different environments using two different DL models for each dataset. The correct key byte can be retrieved in three of these SCAs. All three successful attacks are made in an isolated environment without any interfering noise. The best performance is achieved with the multi-layer perceptron DL architecture, processing traces each composed of 10 averaged traces of the identical encryption, and the correct key-byte is recovered after 8198 traces.

SCA

DL-SCA

Side-Channel Attacks

Deep Learning Side-Channel Attacks

Far-Field Side-Channel Attacks

Engineering and Technology

Teknik och teknologier

Cross-core Microarchitectural Attacks and Countermeasures

Irazoki, Gorka

24 April 2017

In the last decade, multi-threaded systems and resource sharing have brought a number of technologies that facilitate our daily tasks in a way we never imagined. Among others, cloud computing has emerged to offer us powerful computational resources without having to physically acquire and install them, while smartphones have almost acquired the same importance desktop computers had a decade ago. This has only been possible thanks to the ever evolving performance optimization improvements made to modern microarchitectures that efficiently manage concurrent usage of hardware resources. One of the aforementioned optimizations is the usage of shared Last Level Caches (LLCs) to balance different CPU core loads and to maintain coherency between shared memory blocks utilized by different cores. The latter for instance has enabled concurrent execution of several processes in low RAM devices such as smartphones. Although efficient hardware resource sharing has become the de-facto model for several modern technologies, it also poses a major concern with respect to security. Some of the concurrently executed co-resident processes might in fact be malicious and try to take advantage of hardware proximity. New technologies usually claim to be secure by implementing sandboxing techniques and executing processes in isolated software environments, called Virtual Machines (VMs). However, the design of these isolated environments aims at preventing pure software- based attacks and usually does not consider hardware leakages. In fact, the malicious utilization of hardware resources as covert channels might have severe consequences to the privacy of the customers. Our work demonstrates that malicious customers of such technologies can utilize the LLC as the covert channel to obtain sensitive information from a co-resident victim. We show that the LLC is an attractive resource to be targeted by attackers, as it offers high resolution and, unlike previous microarchitectural attacks, does not require core-colocation. Particularly concerning are the cases in which cryptography is compromised, as it is the main component of every security solution. In this sense, the presented work does not only introduce three attack variants that can be applicable in different scenarios, but also demonstrates the ability to recover cryptographic keys (e.g. AES and RSA) and TLS session messages across VMs, bypassing sandboxing techniques. Finally, two countermeasures to prevent microarchitectural attacks in general and LLC attacks in particular from retrieving fine- grain information are presented. Unlike previously proposed countermeasures, ours do not add permanent overheads in the system but can be utilized as preemptive defenses. The first identifies leakages in cryptographic software that can potentially lead to key extraction, and thus, can be utilized by cryptographic code designers to ensure the sanity of their libraries before deployment. The second detects microarchitectural attacks embedded into innocent-looking binaries, preventing them from being posted in official application repositories that usually have the full trust of the customer.

Microarchitectural attacks

cache attacks

side channel attacks

Power analysis side channel attacks: the processor design-level context

Ambrose, Jude Angelo, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2009

The rapid increase in the use of embedded systems for performing secure transactions, has proportionally increased the security threats which are faced by such devices. Side channel attack, a sophisticated security threat to embedded devices like smartcards, mobile phones and PDAs, exploits the external manifestations like processing time, power consumption and electromagnetic emission to identify the internal computations. Power analysis attack, introduced by Kocher in 1998, is used by adversaries to eavesdrop on confidential data while the device is executing a secure transaction. The adversary observes the power trace dissipated/consumed by the chip during the encryption/decryption of the AES cryptographic program and predicts the secret key used for encryption by extracting necessary information from the power trace. Countermeasures proposed to overcome power analysis are data masking, table masking, current flattening, circuitry level solutions, dummy instruction insertions, balancing bit-flips, etc. All these techniques are either susceptible to multi-order side channel attacks, not sufficiently generic to cover all encryption algorithms, or burden the system with high area cost, run-time or energy consumption. The initial solution presented in this thesis is a HW/SW based randomised instruction injection technique, which infuses random instructions at random places during the execution of an application. Such randomisation obfuscates the secure information from the power profile, not allowing the adversary to extract the critical power segments for analysis. Further, the author devised a systematic method to measure the security level of a power sequence and used it to measure the number of random instructions needed, to suitably confuse the adversary. The proposed processor model costs 1.9% in additional area for a simplescalar processor, and costs on average 29.8% in runtime and 27.1% in additional energy consumption for six industry standard cryptographic algorithms. This design is extended to a processor architecture which automatically detects the execution of the most common encryption algorithms, starts to scramble the power waveform by adding randomly placed instructions with random register accesses, and stops injecting instructions when it is safe to do so. This approach has less overheads compared to previous solutions and avoids software instrumentation, allowing programmers with no special knowledge to use the system. The extended processor model costs an additional area of 1.2%, and an average of 25% in runtime and 28.5% in energy overheads for industry standard cryptographic algorithms. Due to the possibility of removing random injections using large number of samples (due to the random nature, a large number of samples will eliminate noise), the author proposes a multiprocessor 'algorithmic' balancing technique. This technique uses a dual processor architecture where two processors execute the same program in parallel, but with complementary intermediate data, thus balancing the bitflips. The second processor works in conjunction with the first processor for balancing only when encryption is performed, and both processors carry out independent tasks when no encryption is being performed. Both DES and AES cryptographic programs are investigated for balancing and the author shows that this technique is economical, while completely preventing power analysis attacks. The signature detection unit to capture encryption is also utilised, which is used in the instruction injection approach. This multiprocessor balancing approach reduces performance by 0.42% and 0.94% for AES and DES respectively. The hardware increase is 2X only when balancing is performed. Further, several future extensions for the balancing approach are proposed, by introducing random swapping of encryption iterations between cores. FPGA implementations of these processor designs are briefly described at the end of this thesis.

System design

Side channel attacks

Power analysis

Physical design of cryptographic applications : constrained environments and power analysis resistance

Macé, François

24 April 2008

Modern cryptography responds to the need for security that has arisen with the emergence of communication appliances. However, its adapted integration in the wide variety of existing communication systems has opened new design challenges. Amongst them, this thesis addresses two in particular, related to hardware integration of cryptographic algorithms: constrained environments and side-channel security. In the context of constrained environments, we propose to study the interest of the Scalable Encryption Algorithm SEA for constrained hardware applications. We investigate both the FPGA and ASIC contexts and illustrate, using practical implementation results, the interest of this algorithm. Indeed, we demonstrate how hardware implementations can keep its high scalability properties while achieving interesting implementation figures in comparison to conventional algorithms such as the AES. Next, we deal with three complementary aspects related to side-channel resistance. We first propose a new class of dynamic and differential logic families achieving low-power performance with matched leakage of information to state of-the-art countermeasures. We then discuss a power consumption model for these logic styles and apply it to DyCML implementations. It is based on the use of the isomorphism existing between the gate structures of the implemented functions and the binary decision diagrams describing them. Using this model, we are not only able to predict the power consumption, and therefore attack such implementations, but also to efficiently choose the gate structures achieving the best resistance against this model. We finally study a methodology for the security evaluation of cryptographic applications all along their design and test phases. We illustrate the interest of such a methodology at different design steps and with different circuit complexity, using either simulations or power consumption measurements.

Cryptography

Side-Channel Attacks

Countermeasurs

Constrained Environments

Digital Circuit Design

Lightweight Cryptography Meets Threshold Implementation: A Case Study for SIMON

Shahverdi, Aria

26 August 2015

"Securing data transmission has always been a challenge. While many cryptographic algorithms are available to solve the problem, many applications have tough area constraints while requiring high-level security. Lightweight cryptography aims at achieving high-level security with the benefit of being low cost. Since the late nineties and with the discovery of side channel attacks the approach towards cryptography has changed quite significantly. An attacker who can get close to a device can extract sensitive data by monitoring side channels such as power consumption, sound, or electromagnetic emanation. This means that embedded implementations of cryptographic schemes require protection against such attacks to achieve the desired level of security. In this work we combine a low-cost embedded cipher, Simon, with a stateof-the-art side channel countermeasure called Threshold Implementation (TI). We show that TI is a great match for lightweight cryptographic ciphers, especially for hardware implementation. Our implementation is the smallest TI of a block-cipher on an FPGA. This implementation utilizes 96 slices of a low-cost Spartan-3 FPGA and 55 slices a modern Kintex-7 FPGA. Moreover, we present a higher order TI which is resistant against second order attacks. This implementation utilizes 163 slices of a Spartan-3 FPGA and 95 slices of a Kintex-7 FPGA. We also present a state of the art leakage analysis and, by applying it to the designs, show that the implementations achieve the expected security. The implementations even feature a significant robustness to higher order attacks, where several million observations are needed to detect leakage."

cryptography

side-channel attacks

lightweight cryptography

SIMON

threshold implementation

Spectre: Attack and Defense

Harris, Rae

01 January 2019

Modern processors use architecture like caches, branch predictors, and speculative execution in order to maximize computation throughput. For instance, recently accessed memory can be stored in a cache so that subsequent accesses take less time. Unfortunately microarchitecture-based side channel attacks can utilize this cache property to enable unauthorized memory accesses. The Spectre attack is a recent example of this attack. The Spectre attack is particularly dangerous because the vulnerabilities that it exploits are found in microprocessors used in billions of current systems. It involves the attacker inducing a victim’s process to speculatively execute code with a malicious input and store the recently accessed memory into the cache. This paper describes the previous microarchitecture side channel attacks. It then describes the three variants of the Spectre attack. It describes and evaluates proposed defenses against Spectre.

Spectre

side channel attacks

cache attacks

Computer Sciences

Investigating the viability of adaptive caches as a defense mechanism against cache side-channel attacks

Bandara, Sahan Lakshitha

04 June 2019

The ongoing miniaturization of semiconductor manufacturing technologies has enabled the integration of tens to hundreds of processing cores on a single chip. Unlike frequency-scaling where performance is increased equally across the board, core-scaling and hardware thread-scaling harness the additional processing power through the concurrent execution of multiple processes or programs. This approach of mingling or interleaving process executions has engendered a new set of security challenges that risks to undermine nearly three decades’ worth of computer architecture design efforts. The complexity of the runtime interactions and aggressive resource sharing among processes, e.g., caches or interconnect network paths, have created a fertile ground to mount attacks of ever-increasing acuteness against these computer systems. One such class of attacks is cache side-channel attacks. While caches are vital to the performance of current processors, they have also been the target of numerous side-channel attacks. As a result, a few cache architectures have been proposed to defend against these attacks. However, these designs tend to provide security at the expense of performance, area and power. Therefore, the design of secure, high-performance cache architectures is still a pressing research challenge. In this thesis, we examine the viability of self-aware adaptive caches as a defense mechanism against cache side-channel attacks. We define an adaptive cache as a caching structure with (i) run-time reconfiguration capability, and (ii) intelligent built-in logic to monitor itself and determine its parameter settings. Since the success of most cache side-channel attacks depend on the attacker’s knowledge of the key cache parameters such as associativity, set count, replacement policy, among others, an adaptive cache can provide a moving target defense approach against many of these cache side-channel attacks. Therefore, we hypothesize that the runtime changes in certain cache parameters should render some of the side-channel attacks less effective due to their dependence on knowing the exact configuration of the caches. / 2020-06-03T00:00:00Z

Computer engineering

Defense

Reconfigurable caches

Side-channel attacks

Design of DPA-Resistant Integrated Circuits

Gohil, Nikhil N.

January 2017

No description available.

Engineering

Hardware Security

SDMLp

DPA

Side Channel Attacks

Understanding and Exploiting Design Flaws of AMD Secure Encrypted Virtualization

Li, Mengyuan

29 September 2022

No description available.

Computer Science