50 research outputs found

    SpecTre: A Tiny Side-Channel Resistant Speck Core for FPGAs

    Get PDF
    Emerging applications such as the Internet of Things require security solutions that are small and low cost, yet feature solid protection against a wide range of sophisticated attacks. Lightweight cryptographic schemes such as the Speck cipher that was recently proposed by the NSA aim to solve some of these challenges. However, before using Speck in any practical application, sound protection against side-channel attacks must be in place. In this work, we propose a bit-serialized implementation of Speck, to achieve minimal area footprint. We further propose a Speck core that is provably secure against first-order side-channel attacks using a threshold implementation technique which depends on secure multiparty computation. The resulting design is a tiny crypto core that provides AES-like security in under 45 slices on a low-cost Xilinx Spartan 3 FPGA. The first-order side-channel resistant version of the same core needs less than 100 slices. The security of the protected core is validated by state-of-the-art side-channel leakage detection tests

    Co-location detection on the Cloud

    Get PDF
    In this work we focus on the problem of co-location as a first step of conducting Cross-VM attacks such as Prime and Probe or Flush+Reload in commercial clouds. We demonstrate and compare three co-location detection methods namely, cooperative Last-Level Cache (LLC) covert channel, software profiling on the LLC and memory bus locking. We conduct our experiments on three commercial clouds, Amazon EC2, Google Compute Engine and Microsoft Azure. Finally, we show that both cooperative and non-cooperative co-location to specific targets on cloud is still possible on major cloud services

    Fine grain Cross-VM Attacks on Xen and VMware are possible!

    Get PDF
    This work exposes further vulnerabilities in virtualized cloud servers by mounting Cross-VM cache attacks in Xen and VMware VMs targeting AES running in the victim VM. Even though there exists a rich literature on cache attacks on AES, so far only a single work, demonstrating a working attack on an ARM platform running a L4Re virtualization layer has been published. Here we show that AES in a number popular cryptographic libraries including OpenSSL, PolarSSL and Libgcrypt are vulnerable to Bernstein’s correlation attack when run in Xen and VMware (bare metal version) VMs, the most popular VMs used by cloud service providers (CSP) such as Amazon and Rackspace. We also show that the vulnerability persists even if the VMs are placed on different cores in the same machine. The results of this study shows that there is a great security risk to AES and (data encrypted under AES) on popular cloud services

    Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud

    Get PDF
    It has been six years since Ristenpart et al. demonstrated the viability of co-location and provided the first concrete evidence for sensitive information leakage on a commercial cloud. We show that co-location can be achieved and detected by monitoring the last level cache in public clouds. More significantly, we present a full-fledged attack that exploits subtle leakages to recover RSA decryption keys from a co-located instance. We target a recently patched Libgcrypt RSA implementation by mounting Cross-VM Prime and Probe cache attacks in combination with other tests to detect co-location in Amazon EC2. In a preparatory step, we reverse engineer the unpublished nonlinear slice selection function for the 10 core Intel Xeon processor which significantly accelerates our attack (this chipset is used in Amazon EC2). After co-location is detected and verified, we perform the Prime and Probe attack to recover noisy keys from a carefully monitored Amazon EC2 VM running the aforementioned vulnerable libgcrypt library. We subsequently process the noisy data and obtain the complete 2048-bit RSA key used during encryption. This work reaffirms the privacy concerns and underlines the need for deploying stronger isolation techniques in public clouds

    Time Protection: the Missing OS Abstraction

    Get PDF
    Timing channels enable data leakage that threatens the security of computer systems, from cloud platforms to smartphones and browsers executing untrusted third-party code. Preventing unauthorised information flow is a core duty of the operating system, however, present OSes are unable to prevent timing channels. We argue that OSes must provide time protection in addition to the established memory protection. We examine the requirements of time protection, present a design and its implementation in the seL4 microkernel, and evaluate its efficacy as well as performance overhead on Arm and x86 processors

    Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure

    Get PDF
    Today, about 10% of TLS connections are still using CBC-mode cipher suites, despite a long history of attacks and the availability of better options (e.g. AES-GCM). In this work, we present three new types of attack against four popular fully patched implementations of TLS (Amazon\u27s s2n, GnuTLS, mbed TLS and wolfSSL) which elected to use ``pseudo constant time\u27\u27 countermeasures against the Lucky 13 attack on CBC-mode. Our attacks combine several variants of the PRIME+PROBE cache timing technique with a new extension of the original Lucky 13 attack. They apply in a cross-VM attack setting and are capable of recovering most of the plaintext whilst requiring only a moderate number of TLS connections. Along the way, we uncovered additional serious (but easy to patch) bugs in all four of the TLS implementations that we studied; in three cases, these bugs lead to Lucky 13 style attacks that can be mounted remotely with no access to a shared cache. Our work shows that adopting pseudo constant time countermeasures is not sufficient to attain real security in TLS implementations in CBC mode

    Archaeogenetic analysis of Neolithic sheep from Anatolia suggests a complex demographic history since domestication

    Get PDF
    Yurtman, ozer, Yuncu et al. provide an ancient DNA data set to demonstrate the impact of human activity on the demographic history of domestic sheep. The authors demonstrate that there may have been multiple domestication events with notable changes to the gene pool of European and Anatolian sheep since the Neolithic. Sheep were among the first domesticated animals, but their demographic history is little understood. Here we analyzed nuclear polymorphism and mitochondrial data (mtDNA) from ancient central and west Anatolian sheep dating from Epipaleolithic to late Neolithic, comparatively with modern-day breeds and central Asian Neolithic/Bronze Age sheep (OBI). Analyzing ancient nuclear data, we found that Anatolian Neolithic sheep (ANS) are genetically closest to present-day European breeds relative to Asian breeds, a conclusion supported by mtDNA haplogroup frequencies. In contrast, OBI showed higher genetic affinity to present-day Asian breeds. These results suggest that the east-west genetic structure observed in present-day breeds had already emerged by 6000 BCE, hinting at multiple sheep domestication episodes or early wild introgression in southwest Asia. Furthermore, we found that ANS are genetically distinct from all modern breeds. Our results suggest that European and Anatolian domestic sheep gene pools have been strongly remolded since the Neolithic
    corecore