4,383 research outputs found
Implementing a protected zone in a reconfigurable processor for isolated execution of cryptographic algorithms
We design and realize a protected zone inside a reconfigurable and extensible embedded RISC processor for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory, and general and special-purpose registers. We outline the principles for secure software implementation of cryptographic algorithms
in a processor equipped with the protected zone. We also demonstrate the efficiency and effectiveness of the protected zone by implementing major cryptographic algorithms, namely RSA, elliptic curve cryptography, and AES in the protected zone. In terms of time efficiency, software implementations
of these three cryptographic algorithms outperform equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor; its area overhead is considerably moderate in the sense that
it can be used in vast majority of embedded processors. The protected zone can also provide the necessary support to implement TPM functionality within the boundary of a processor
ret2spec: Speculative Execution Using Return Stack Buffers
Speculative execution is an optimization technique that has been part of CPUs
for over a decade. It predicts the outcome and target of branch instructions to
avoid stalling the execution pipeline. However, until recently, the security
implications of speculative code execution have not been studied.
In this paper, we investigate a special type of branch predictor that is
responsible for predicting return addresses. To the best of our knowledge, we
are the first to study return address predictors and their consequences for the
security of modern software. In our work, we show how return stack buffers
(RSBs), the core unit of return address predictors, can be used to trigger
misspeculations. Based on this knowledge, we propose two new attack variants
using RSBs that give attackers similar capabilities as the documented Spectre
attacks. We show how local attackers can gain arbitrary speculative code
execution across processes, e.g., to leak passwords another user enters on a
shared system. Our evaluation showed that the recent Spectre countermeasures
deployed in operating systems can also cover such RSB-based cross-process
attacks. Yet we then demonstrate that attackers can trigger misspeculation in
JIT environments in order to leak arbitrary memory content of browser
processes. Reading outside the sandboxed memory region with JIT-compiled code
is still possible with 80\% accuracy on average.Comment: Updating to the cam-ready version and adding reference to the
original pape
Encrypted statistical machine learning: new privacy preserving methods
We present two new statistical machine learning methods designed to learn on
fully homomorphic encrypted (FHE) data. The introduction of FHE schemes
following Gentry (2009) opens up the prospect of privacy preserving statistical
machine learning analysis and modelling of encrypted data without compromising
security constraints. We propose tailored algorithms for applying extremely
random forests, involving a new cryptographic stochastic fraction estimator,
and na\"{i}ve Bayes, involving a semi-parametric model for the class decision
boundary, and show how they can be used to learn and predict from encrypted
data. We demonstrate that these techniques perform competitively on a variety
of classification data sets and provide detailed information about the
computational practicalities of these and other FHE methods.Comment: 39 page
Prochlo: Strong Privacy for Analytics in the Crowd
The large-scale monitoring of computer users' software activities has become
commonplace, e.g., for application telemetry, error reporting, or demographic
profiling. This paper describes a principled systems architecture---Encode,
Shuffle, Analyze (ESA)---for performing such monitoring with high utility while
also protecting user privacy. The ESA design, and its Prochlo implementation,
are informed by our practical experiences with an existing, large deployment of
privacy-preserving software monitoring.
(cont.; see the paper
Recommended from our members
Simulation-based verification of EM side-channel attack resilience of embedded cryptographic systems
Electromagnetic (EM) fields emanated due to switching currents in crypto-blocks can be an effective non-invasive channel for extracting secret keys. Accurate design-time simulation tools are needed to predict vulnerabilities and improve resilience of embedded systems to EM side-channel analysis attacks. Modeling such attacks is challenging, however, as it requires a multitude of expensive simulations across multiple circuit abstraction levels together with EM simulations. In this work, a simulation ow is developed to study the differential EM analysis (DEMA) attack on the Advanced Encryption System (AES) block cipher. The proposed ow enables design-time evaluation of realistic DEMA attacks for the first time. The major challenge is accurately computing signals received by a nearby probe at various positions above the chip surface for a large number of AES encryptions. This requires rapidly generating spatial distribution and transient EM radiation of on-chip current waveforms. Commercial CAD tools are used to generate space-time samples of these waveforms and a custom EM simulator to radiate them. The computations are sped up by focusing on information-leaking time windows, performing hybrid gate- and transistor-level simulations, radiating only the currents on top metallization layers, and generating traces for different encryptions in parallel. These methods reduce simulation time to a manageable ~ 20 hrs wall-clock time/attack allowing a previously impossible level of vulnerability analysis. The proposed ow also allows pinpointing critical regions on the chip most susceptible to EM attacks. We demonstrate that exploiting the spatial profile of circuit elements can reveal cryptographic keys with significantly fewer number of traces than DPA , guiding designers to the most critical areas of the layout. This enables targeted deployment of counter-measures to the highest information-leaking design componentsElectrical and Computer Engineerin
- …