22 research outputs found
CacheZoom: How SGX Amplifies The Power of Cache Attacks
In modern computing environments, hardware resources are commonly shared, and
parallel computation is widely used. Parallel tasks can cause privacy and
security problems if proper isolation is not enforced. Intel proposed SGX to
create a trusted execution environment within the processor. SGX relies on the
hardware, and claims runtime protection even if the OS and other software
components are malicious. However, SGX disregards side-channel attacks. We
introduce a powerful cache side-channel attack that provides system adversaries
a high resolution channel. Our attack tool named CacheZoom is able to virtually
track all memory accesses of SGX enclaves with high spatial and temporal
precision. As proof of concept, we demonstrate AES key recovery attacks on
commonly used implementations including those that were believed to be
resistant in previous scenarios. Our results show that SGX cannot protect
critical data sensitive computations, and efficient AES key recovery is
possible in a practical environment. In contrast to previous works which
require hundreds of measurements, this is the first cache side-channel attack
on a real system that can recover AES keys with a minimal number of
measurements. We can successfully recover AES keys from T-Table based
implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems
(CHES '17
Shining Light On Shadow Stacks
Control-Flow Hijacking attacks are the dominant attack vector against C/C++
programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the
forward edge,i.e., indirect calls through function pointers and virtual calls.
Protecting the backward edge is left to stack canaries, which are easily
bypassed through information leaks. Shadow Stacks are a fully precise mechanism
for protecting backwards edges, and should be deployed with CFI mitigations. We
present a comprehensive analysis of all possible shadow stack mechanisms along
three axes: performance, compatibility, and security. For performance
comparisons we use SPEC CPU2006, while security and compatibility are
qualitatively analyzed. Based on our study, we renew calls for a shadow stack
design that leverages a dedicated register, resulting in low performance
overhead, and minimal memory overhead, but sacrifices compatibility. We present
case studies of our implementation of such a design, Shadesmar, on Phoronix and
Apache to demonstrate the feasibility of dedicating a general purpose register
to a security monitor on modern architectures, and the deployability of
Shadesmar. Our comprehensive analysis, including detailed case studies for our
novel design, allows compiler designers and practitioners to select the correct
shadow stack design for different usage scenarios.Comment: To Appear in IEEE Security and Privacy 201
From Dragondoom to Dragonstar: Side-channel Attacks and Formally Verified Implementation of WPA3 Dragonfly Handshake
It is universally acknowledged that Wi-Fi communications are important to
secure. Thus, the Wi-Fi Alliance published WPA3 in 2018 with a distinctive
security feature: it leverages a Password-Authenticated Key Exchange (PAKE)
protocol to protect users' passwords from offline dictionary attacks.
Unfortunately, soon after its release, several attacks were reported against
its implementations, in response to which the protocol was updated in a
best-effort manner.
In this paper, we show that the proposed mitigations are not enough,
especially for a complex protocol to implement even for savvy developers.
Indeed, we present **Dragondoom**, a collection of side-channel vulnerabilities
of varying strength allowing attackers to recover users' passwords in widely
deployed Wi-Fi daemons, such as hostap in its default settings. Our findings
target both password conversion methods, namely the default probabilistic
hunting-and-pecking and its newly standardized deterministic alternative based
on SSWU. We successfully exploit our leakage in practice through
microarchitectural mechanisms, and overcome the limited spatial resolution of
Flush+Reload. Our attacks outperform previous works in terms of required
measurements.
Then, driven by the need to end the spiral of patch-and-hack in Dragonfly
implementations, we propose **Dragonstar**, an implementation of Dragonfly
leveraging a formally verified implementation of the underlying mathematical
operations, thereby removing all the related leakage vector. Our implementation
relies on HACL*, a formally verified crypto library guaranteeing
secret-independence. We design Dragonstar, so that its integration within
hostap requires minimal modifications to the existing project. Our experiments
show that the performance of HACL*-based hostap is comparable to OpenSSL-based,
implying that Dragonstar is both efficient and proved to be leakage-free.Comment: Accepted at 2023 IEEE 8th European Symposium on Security and Privacy
(EuroS&P
Fooling the Sense of Cross-core Last-level Cache Eviction based Attacker by Prefetching Common Sense
Timing Channels
Cache side-channels
Information leakag
To BLISS-B or not to be - Attacking strongSwanâs implementation of post-quantum signatures
Session I1: Post-QuantumIn the search for post-quantum secure alternatives to RSA and ECC, lattice-based cryptography appears to be an attractive and efficient option. A particularly interesting lattice-based signature scheme is BLISS, offering key and signature sizes in the range of RSA moduli. A range of works on efficient implementations of BLISS is available, and the scheme has seen a first real-world adoption in strongSwan, an IPsec-based VPN suite. In contrast, the implementation-security aspects of BLISS, and lattice-based cryptography in general, are still largely unexplored. At CHES 2016, Groot Bruinderink et al. presented the first side-channel attack on BLISS, thus proving that this topic cannot be neglected. Nevertheless, their attack has some limitations. First, the technique is demonstrated via a proof-of-concept experiment that was not performed under realistic attack settings. Furthermore, the attack does not apply to BLISS-B, an improved variant of BLISS and also the default option in strongSwan. This problem also applies to later works on implementation security of BLISS. In this work, we solve both of the above problems. We present a new side-channel key-recovery algorithm against both the original BLISS and the BLISS-B variant. Our key-recovery algorithm draws on a wide array of techniques, including learning-parity with noise, integer programs, maximimum likelihood tests, and a lattice-basis reduction. With each application of a technique, we reveal additional information on the secret key culminating in a complete key recovery. Finally, we show that cache attacks on post-quantum cryptography are not only possible, but also practical. We mount an asynchronous cache attack on the production-grade BLISS-B implementation of strongSwan. The attack recovers the secret signing key after observing roughly 6000 signature generations.Peter Pessl, Leon Groot Bruinderink, Yuval Yaro
May the fourth be with you: a microarchitectural side channel attack on several real-world applications of Curve25519
Session D3: Logical Side ChannelsIn recent years, applications increasingly adopt security primitives designed with better countermeasures against side channel attacks. A concrete example is Libgcryptâs implementation of ECDH encryption with Curve25519. The implementation employs the Montgomery ladder scalar-by-point multiplication, uses the unified, branchless Montgomery double-and-add formula and implements a constant-time argument swap within the ladder. However, Libgcryptâs field arithmetic operations are not implemented in a constant-time side-channel-resistant fashion. Based on the secure design of Curve25519, users of the curve are advised that there is no need to perform validation of input points. In this work we demonstrate that when this recommendation is followed, the mathematical structure of Curve25519 facilitates the exploitation of side-channel weaknesses. We demonstrate the effect of this vulnerability on three software applicationsâencrypted git, email and messagingâthat use Libgcrypt. In each case, we show how to craft malicious OpenPGP files that use the Curve25519 point of order 4 as a chosen ciphertext to the ECDH encryption scheme. We find that the resulting interactions of the point at infinity, order-2, and order-4 elements in the Montgomery ladder scalar-by-point multiplication routine create side channel leakage that allows us to recover the private key in as few as 11 attempts to access such malicious files.Daniel Genkin, Luke Valenta, Yuval Yaro