1 / 23

Jingfei Kong* University of Central Florida Onur Acıiçmez Samsung Electronics

Hardware-Software Integrated Approaches to Defend Against Software Cache-based Side Channel Attacks. Jingfei Kong* University of Central Florida Onur Acıiçmez Samsung Electronics Jean-Pierre Seifert TU Berlin & Deutsche Telekom Laboratories

cala
Download Presentation

Jingfei Kong* University of Central Florida Onur Acıiçmez Samsung Electronics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Hardware-Software Integrated Approaches to Defend Against Software Cache-based Side Channel Attacks Jingfei Kong*University of Central Florida Onur Acıiçmez Samsung Electronics Jean-Pierre Seifert TU Berlin & Deutsche Telekom Laboratories Huiyang Zhou University of Central Florida

  2. Why Should We Care about Side Channel Attacks? • Cryptographic applications are the very important software component in modern computers( e.g. secure online transactions) • Cryptographic algorithms are designed to impose unreasonable time and resource cost on a successful attack • To break a 128-bit symmetric key in brute-force: 2128 possibilities, a device that can check 260/second still requires around 9.4*240 years, about 700 times the age of the universe. • By exploiting certain features of modern microprocessors, it may just take few hours to get the secret key! University of Central Florida

  3. What are Software Cache-based Side Channel Attacks? • Side channel attacks • exploit any observable information generated as a byproduct of the cryptosystem implementation, e.g. power trace, electromagnetic radiation • infer the secret information, e.g. the secret key • Software cache-based side channel attacks • exploit latency difference between cache access and memory access • the source of information leakage: cache misses of critical data whose addresses are dependent on the secret information • mainly access-driven attacks and time-driven attacks University of Central Florida

  4. An Example: Advanced Encryption Standard (AES) • one of the most popular algorithms in symmetric key cryptography • 16-byte input (plaintext) • 16-byte output (ciphertext) • 16-byte secret key (for standard 128-bit encryption) • several identical rounds of 16 XOR operations and 16 table lookups in a performance-efficient software implementation secret key byte Lookup Table index byte input/output byte University of Central Florida

  5. Access-driven Attacks Cache a b c d Main Memory spy process’s data victim process’s data b>(a≈c≈d) University of Central Florida

  6. Time-driven Attacks cache hit/miss computation cache hit/miss computation Total execution time is affected by cache misses indices of table lookups secret key byte input/output byte University of Central Florida

  7. Cache-collision Time-driven Attacks on AES cache hit/miss i computation cache hit/miss j computation Xi Ki Xj Kj cache access j is a cache miss assuming no same cache access before Case 1: Xj Kj ≠ Xi Ki cache access j is a cache hit assuming no conflict miss in between Case 2: Xj Kj = Xi Ki Xj Kj = Xi Ki => Ki Kj = Xi Xj Statistically speaking, Case 1 takes longer execution time than Case 2. Only when Ki Kj = Xi Xj, AES encryption exhibits the shortest execution time University of Central Florida

  8. The Foundation of Cache-Collision Attacks the number of collisions in the final round of AES one Pentium 4 processor A higher number of collisions, a smaller number of cache misses, thus a shorter encryption time University of Central Florida

  9. Current Proposed Software/Hardware Countermeasures • Software proposals • easy to deploy with no hardware changes • application specific • substantial performance overhead • data layout and code have to be changed • no security guarantee • Hardware proposals • generic (not application specific) • performance efficient • still with some security issues • hardware changes • not flexible University of Central Florida

  10. Hardware-Software Integrated Approaches • Hardware tackles the source of information leakage: cache misses over critical data • Software offers the flexibility, even against future attacks • Three approaches for enhancing the security of various cache designs with tradeoffs between hardware complexity and performance overhead • preloading to protect PLcache (from ISCA’07) • securing RPcache (from ISCA’07) with informing loads • securing regular caches with informing loads University of Central Florida

  11. Informing Loads Approach: Informing Memory Operations • Informing load instructions • work as normal load instructions upon cache hits • generate an user-level exception upon cache misses • originally proposed as a lightweight support for memory optimization (ISCA’96) • Leverage the same information exploited by attacks • Use informing load instructions to read data from lookup tables • The flexible countermeasures are provided by software implementation in the exception handler University of Central Florida

  12. Defend against access-driven attacks • Even the very first cache miss is security-critical to access-driven attacks • software random permutation in AES implementation • randomize the mapping between table indices and cache lines • obfuscate attackers’ observation • Fixed software random permutation is vulnerable • detect the event of cache misses using informing loads and perform permutation update in the exception handler • every time there is a chance (cache miss) to leak the information, the permutation is changed randomly • balance the tradeoff between security and performance • Overall, a software random permutation scheme with permutation update only when necessary (cache misses) University of Central Florida

  13. Defend against time-driven attacks • The correlation between the secret key and number of cache misses • detect the event of cache misses using informing loads • load all the critical data into cache in the exception handler • avoid cache misses for subsequent cache access • break the correlation University of Central Florida

  14. The Defense Procedure 0. AES implementation uses the software random permutation version instead of the original one 1. Informing load instructions are used to load those critical data 2. The cache miss over critical data is detected by informing load instructions. The program execution is redirected to the user-level exception handler. 3. Inside the exception handler, all critical data are preloaded into cache. Also permutation update is performed between the missing cache line and a randomly-chosen cache line. Cache Main Memory other process’s data AES’ data University of Central Florida

  15. The Implementation of Software Random Permutation in AES original lookup table converted lookup tables University of Central Florida

  16. Countermeasure Implementation in the Exception Handler • preload all table data to defend against time-driven attacks through prefetching from address pointers T’[0], T’[1], …, T’[K-1] • permutation update to defend against access-driven attacks by swapping both the pointers and the data University of Central Florida

  17. Experiments • Experimental Setup • Default processor configuration in a MIPS-like SimpleScalar simulator • pipeline bandwidth:4, 128 ROB, 64 IQ, 64 LSQ • 32KB 2-way I/D L1, 2MB L2, cache block size 64B • fetch policy for SMT: round-robin • AES software implementation (baseline): OpenSSL 0.9.7c implementation • AES performance microbenchmark: OpenSSL speed test program • Security Evaluation • impact of ILP and MLP on cache collision time-driven attacks • security analysis on our regular caches with informing loads approach • Performance Evaluation • performance impact on AES • performance impact on an SMT processor University of Central Florida

  18. Impact of ILP and MLP on Cache-collision Time-driven Attacks the number of cache collisions in the final round of AES the more ILP and MLP, the less observable trend the less correlation between the number of cache collisions and the execution time the less correlation between the key and execution time, the more number of samples required for a successful attack University of Central Florida

  19. Security Evaluation on Regular Caches with Informing Loads • Mitigation against access-driven attacks (see the theoretical proof from Wang et al. at ISCA’07) • Mitigation against cache collision time-driven attacks the number of cache collisions in the final round of AES University of Central Florida

  20. Performance Impact on AES performance improves as cache conflict misses between lookup table data and other data are almost gone because of larger caches/more associativties most of the overhead is because of the indirection table introduced for software randomization performance takes a hit because of cache conflict misses between the lookup table data and other data, which causes lots of exception handling University of Central Florida

  21. Performance Impact on a 2-way SMT Processor • With larger caches / more associativities, the performance overheads on throughput and fairness from the exception handling are diminishing • Still the indirection table lookup imposes certain performance overhead on the throughput AES running with SPEC2000 INT University of Central Florida

  22. Conclusions • Software cache-based side channel attacks are emerging threats • Cache misses are the source of information leakage • We proposed hardware-software integrated approaches to provide stronger security protection over various cache designs • A light-weight hardware support, informing loads, is proposed to protect regular caches with flexible software countermeasures and it incurs certain performance overhead • Preloading and informing loads are also proposed to enhance the security of previously proposed secure cache designs. University of Central Florida

  23. Thank you! Questions? University of Central Florida

More Related