22 research outputs found
Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials
Personal cryptographic keys are the foundation of many secure services, but
storing these keys securely is a challenge, especially if they are used from
multiple devices. Storing keys in a centralized location, like an
Internet-accessible server, raises serious security concerns (e.g. server
compromise). Hardware-based Trusted Execution Environments (TEEs) are a
well-known solution for protecting sensitive data in untrusted environments,
and are now becoming available on commodity server platforms.
Although the idea of protecting keys using a server-side TEE is
straight-forward, in this paper we validate this approach and show that it
enables new desirable functionality. We describe the design, implementation,
and evaluation of a TEE-based Cloud Key Store (CKS), an online service for
securely generating, storing, and using personal cryptographic keys. Using
remote attestation, users receive strong assurance about the behaviour of the
CKS, and can authenticate themselves using passwords while avoiding typical
risks of password-based authentication like password theft or phishing. In
addition, this design allows users to i) define policy-based access controls
for keys; ii) delegate keys to other CKS users for a specified time and/or a
limited number of uses; and iii) audit all key usages via a secure audit log.
We have implemented a proof of concept CKS using Intel SGX and integrated this
into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation
performs approximately 6,000 signature operations per second on a single
desktop PC. The latency is in the same order of magnitude as using
locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on
Security, Privacy, and Identity Management in the Cloud (SECPID) 201
Improving Phase Change Memory Performance with Data Content Aware Access
A prominent characteristic of write operation in Phase-Change Memory (PCM) is
that its latency and energy are sensitive to the data to be written as well as
the content that is overwritten. We observe that overwriting unknown memory
content can incur significantly higher latency and energy compared to
overwriting known all-zeros or all-ones content. This is because all-zeros or
all-ones content is overwritten by programming the PCM cells only in one
direction, i.e., using either SET or RESET operations, not both. In this paper,
we propose data content aware PCM writes (DATACON), a new mechanism that
reduces the latency and energy of PCM writes by redirecting these requests to
overwrite memory locations containing all-zeros or all-ones. DATACON operates
in three steps. First, it estimates how much a PCM write access would benefit
from overwriting known content (e.g., all-zeros, or all-ones) by
comprehensively considering the number of set bits in the data to be written,
and the energy-latency trade-offs for SET and RESET operations in PCM. Second,
it translates the write address to a physical address within memory that
contains the best type of content to overwrite, and records this translation in
a table for future accesses. We exploit data access locality in workloads to
minimize the address translation overhead. Third, it re-initializes unused
memory locations with known all-zeros or all-ones content in a manner that does
not interfere with regular read and write accesses. DATACON overwrites unknown
content only when it is absolutely necessary to do so. We evaluate DATACON with
workloads from state-of-the-art machine learning applications, SPEC CPU2017,
and NAS Parallel Benchmarks. Results demonstrate that DATACON significantly
improves system performance and memory system energy consumption compared to
the best of performance-oriented state-of-the-art techniques.Comment: 18 pages, 21 figures, accepted at ACM SIGPLAN International Symposium
on Memory Management (ISMM
Encrypt-to-self:Securely outsourcing storage
We put forward a symmetric encryption primitive tailored towards a specific application: outsourced storage. The setting assumes a memory-bounded computing device that inflates the amount of volatile or permanent memory available to it by letting other (untrusted) devices hold encryptions of information that they return on request. For instance, web servers typically hold for each of the client connections they manage a multitude of data, ranging from user preferences to technical information like database credentials. If the amount of data per session is considerable, busy servers sooner or later run out of memory. One admissible solution to this is to let the server encrypt the session data to itself and to let the client store the ciphertext, with the agreement that the client reproduce the ciphertext in each subsequent request (e.g., via a cookie) so that the session data can be recovered when required. In this article we develop the cryptographic mechanism that should be used to achieve confidential and authentic data storage in the encrypt-to-self setting, i.e., where encryptor and decryptor coincide and constitute the only entity holding keys. We argue that standard authenticated encryption represents only a suboptimal solution for preserving confidentiality, as much as message authentication codes are suboptimal for preserving authenticity. The crucial observation is that such schemes instantaneously give up on all security promises the moment the key is compromised. In contrast, data protected with our new primitive remains fully integrity protected and unmalleable. In the course of this paper we develop a formal model for encrypt-to-self systems, show that it solves the outsourced storage problem, propose surprisingly efficient provably secure constructions, and report on our implementations
GuardNN: Secure DNN Accelerator for Privacy-Preserving Deep Learning
This paper proposes GuardNN, a secure deep neural network (DNN) accelerator,
which provides strong hardware-based protection for user data and model
parameters even in an untrusted environment. GuardNN shows that the
architecture and protection can be customized for a specific application to
provide strong confidentiality and integrity protection with negligible
overhead. The design of the GuardNN instruction set reduces the TCB to just the
accelerator and enables confidentiality protection without the overhead of
integrity protection. GuardNN also introduces a new application-specific memory
protection scheme to minimize the overhead of memory encryption and integrity
verification. The scheme shows that most of the off-chip meta-data in today's
state-of-the-art memory protection can be removed by exploiting the known
memory access patterns of a DNN accelerator. GuardNN is implemented as an FPGA
prototype, which demonstrates effective protection with less than 2%
performance overhead for inference over a variety of modern DNN models
Composite Enclaves: Towards Disaggregated Trusted Execution
The ever-rising computation demand is forcing the move from the CPU to
heterogeneous specialized hardware, which is readily available across modern
datacenters through disaggregated infrastructure. On the other hand, trusted
execution environments (TEEs), one of the most promising recent developments in
hardware security, can only protect code confined in the CPU, limiting TEEs'
potential and applicability to a handful of applications. We observe that the
TEEs' hardware trusted computing base (TCB) is fixed at design time, which in
practice leads to using untrusted software to employ peripherals in TEEs. Based
on this observation, we propose \emph{composite enclaves} with a configurable
hardware and software TCB, allowing enclaves access to multiple computing and
IO resources. Finally, we present two case studies of composite enclaves: i) an
FPGA platform based on RISC-V Keystone connected to emulated peripherals and
sensors, and ii) a large-scale accelerator. These case studies showcase a
flexible but small TCB (2.5 KLoC for IO peripherals and drivers), with a
low-performance overhead (only around 220 additional cycles for a context
switch), thus demonstrating the feasibility of our approach and showing that it
can work with a wide range of specialized hardware
MgX: Near-Zero Overhead Memory Protection with an Application to Secure DNN Acceleration
In this paper, we propose MgX, a near-zero overhead memory protection scheme
for hardware accelerators. MgX minimizes the performance overhead of off-chip
memory encryption and integrity verification by exploiting the
application-specific aspect of accelerators. Accelerators tend to explicitly
manage data movement between on-chip and off-chip memory, typically at an
object granularity that is much larger than cache lines. Exploiting these
accelerator-specific characteristics, MgX generates version numbers used in
memory encryption and integrity verification only using on-chip state without
storing them in memory, and also customizes the granularity of the memory
protection to match the granularity used by the accelerator. To demonstrate the
applicability of MgX, we present an in-depth study of MgX for deep neural
network (DNN) and also describe implementations for H.264 video decoding and
genome alignment. Experimental results show that applying MgX has less than 1%
performance overhead for both DNN inference and training on state-of-the-art
DNN architectures