CacheZoom: How SGX Amplifies The Power of Cache Attacks

In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel attack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems (CHES '17

System-level Non-interference for Constant-time Cryptography

International audienceCache-based attacks are a class of side-channel attacks that are particularly effective in virtualized or cloud-based en-vironments, where they have been used to recover secret keys from cryptographic implementations. One common ap-proach to thwart cache-based attacks is to use constant-time implementations, i.e. which do not branch on secrets and do not perform memory accesses that depend on secrets. How-ever, there is no rigorous proof that constant-time implemen-tations are protected against concurrent cache-attacks in virtualization platforms with shared cache; moreover, many prominent implementations are not constant-time. An alter-native approach is to rely on system-level mechanisms. One recent such mechanism is stealth memory, which provisions a small amount of private cache for programs to carry po-tentially leaking computations securely. Stealth memory in-duces a weak form of constant-time, called S-constant-time, which encompasses some widely used cryptographic imple-mentations. However, there is no rigorous analysis of stealth memory and S-constant-time, and no tool support for check-ing if applications are S-constant-time. We propose a new information-flow analysis that checks if an x86 application executes in constant-time, or in S-constant-time. Moreover, we prove that constant-time (resp. S-constant-time) programs do not leak confidential infor-mation through the cache to other operating systems exe-cuting concurrently on virtualization platforms (resp. plat-forms supporting stealth memory). The soundness proofs are based on new theorems of independent interest, includ-ing isolation theorems for virtualization platforms (resp. plat-forms supporting stealth memory), and proofs that constant-time implementations (resp. S-constant-time implementa-tions) are non-interfering with respect to a strict information flow policy which disallows that control flow and memory ac-cesses depend on secrets. We formalize our results using the Coq proof assistant and we demonstrate the effectiveness of our analyses on cryptographic implementations, including PolarSSL AES, DES and RC4, SHA256 and Salsa20

Efficacy of Different Carrier Gases for Barrier Discharge Plasma Generation Compared to Chlorhexidine on the Survival of Pseudomonas aeruginosa Embedded in Biofilm in vitro

Because of its antimicrobial properties, nonthermal plasma could serve as an alternative to chemical antisepsis in wound treatment. Therefore, this study investigated the inactivation of biofilm-embedded Pseudomonas aeruginosa SG81 by a surface barrier-discharged (SBD) plasma for 30, 60, 150 and 300 s. In order to optimize the efficacy of the plasma, different carrier gases (argon, argon admixed with 1% oxygen, and argon with increased humidity up to approx. 80%) were tested and compared against 0.1% chlorhexidine digluconate (CHG) exposure for 600 s. The antimicrobial efficacy was determined by calculating the difference between the numbers of colony-forming units (CFU) of treated and untreated biofilms. Living bacteria were distinguished from dead by fluorescent staining and confocal laser scanning microscopy. Both SBD plasmas and CHG showed significant antimicrobial effects compared to the untreated control. However, plasma treatment led to a higher antimicrobial reduction (argon plasma 4.9 log10 CFU/cm2, argon with admixed oxygen 3 log10 CFU/cm2, and with increased gas humidity 2.7 log10 CFU/cm2 after 300 s) compared to CHG. In conclusion, SBD plasma is suitable as an alternative to CHG for inactivation of Pseudomonas aeruginosa embedded in biofilm. Further development of SBD plasma sources and research on the role of carrier gases and humidity may allow their clinical application for wound management in the future

Challenges in Using Cultured Primary Rodent Hepatocytes or Cell Lines to Study Hepatic HDL Receptor SR-BI Regulation by Its Cytoplasmic Adaptor PDZK1

Background: PDZK1 is a four PDZ-domain containing cytoplasmic protein that binds to a variety of membrane proteins via their C-termini and can influence the abundance, localization and/or function of its target proteins. One of these targets in hepatocytes in vivo is the HDL receptor SR-BI. Normal hepatic expression of SR-BI protein requires PDZK1 - <5% of normal hepatic SR-BI is seen in the livers of PDZK1 knockout mice. Progress has been made in identifying features of PDZK1 required to control hepatic SR-BI in vivo using hepatic expression of wild-type and mutant forms of PDZK1 in wild-type and PDZK1 KO transgenic mice. Such in vivo studies are time consuming and expensive, and cannot readily be used to explore many features of the underlying molecular and cellular mechanisms. Methodology/Principal Findings: Here we have explored the potential to use either primary rodent hepatocytes in culture using 2D collagen gels with newly developed optimized conditions or PDZK1/SR-BI co-transfected cultured cell lines (COS, HEK293) for such studies. SR-BI and PDZK1 protein and mRNA expression levels fell rapidly in primary hepatocyte cultures, indicating this system does not adequately mimic hepatocytes in vivo for analysis of the PDZK1 dependence of SR-BI. Although PDZK1 did alter SR-BI protein expression in the cell lines, its influence was independent of SR-BI’s C-terminus, and thus is not likely to occur via the same mechanism as that which occurs in hepatocytes in vivo. Conclusions/Significance: Caution must be exercised in using primary hepatocytes or cultured cell lines when studying the mechanism underlying the regulation of hepatic SR-BI by PDZK1. It may be possible to use SR-BI and PDZK1 expression as sensitive markers for the in vivo-like state of hepatocytes to further improve primary hepatocyte cell culture conditions.National Institutes of Health (U.S.) (Grant HL052212)National Institutes of Health (U.S.) (Grant HL066105)National Institutes of Health (U.S.) (Grant ES015241)National Institutes of Health (U.S.) (Grant GM068762

Defeating NewHope with a Single Trace

The key encapsulation method NewHope allows two parties to agree on a secret key. The scheme includes a private and a public key. While the public key is used to encipher a random shared secret, the private key enables to decipher the ciphertext. NewHope is a candidate in the NIST post-quantum project, whose aim is to standardize cryptographic systems that are secure against attacks originating from both quantum and classical computers. While NewHope relies on the theory of quantum-resistant lattice problems, practical implementations have shown vulnerabilities against side-channel attacks targeting the extraction of the private key. In this paper, we demonstrate a new attack on the shared secret. The target consists of the C reference implementation as submitted to the NIST contest, being executed on a Cortex-M4 processor. Based on power measurement, the complete shared secret can be extracted from data of one single trace only. Further, we analyze the impact of different compiler directives. When the code is compiled with optimization turned off, the shared secret can be read from an oscilloscope display directly with the naked eye. When optimizations are enabled, the attack requires some more sophisticated techniques, but the attack still works on single power traces

Securing computation against continuous leakage

30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. ProceedingsWe present a general method to compile any cryptographic algorithm into one which resists side channel attacks of the only computation leaks information variety for an unbounded number of executions. Our method uses as a building block a semantically secure subsidiary bit encryption scheme with the following additional operations: key refreshing, oblivious generation of cipher texts, leakage resilience re-generation, and blinded homomorphic evaluation of one single complete gate (e.g. NAND). Furthermore, the security properties of the subsidiary encryption scheme should withstand bounded leakage incurred while performing each of the above operations. We show how to implement such a subsidiary encryption scheme under the DDH intractability assumption and the existence of a simple secure hardware component. The hardware component is independent of the encryption scheme secret key. The subsidiary encryption scheme resists leakage attacks where the leakage is computable in polynomial time and of length bounded by a constant fraction of the security parameter.Israel Science Foundation (710267)United States-Israel Binational Science Foundation (710613)National Science Foundation (U.S.) (6914349)Weizmann KAMAR Gran

Treatment of Candida albicans biofilms with low-temperature plasma induced by dielectric barrier discharge and atmospheric pressure plasma jet

Because of some disadvantages of chemical disinfection in dental practice (especially denture cleaning), we investigated the effects of physical methods on Candida albicans biofilms. For this purpose, the antifungal efficacy of three different low-temperature plasma devices (an atmospheric pressure plasma jet and two different dielectric barrier discharges (DBDs)) on Candida albicans biofilms grown on titanium discs in vitro was investigated. As positive treatment controls, we used 0.1% Chlorhexidine digluconate (CHX) and 0.6% sodium hypochlorite (NaOCl). The corresponding gas streams without plasma ignition served as negative treatment controls. The efficacy of the plasma treatment was determined evaluating the number of colony-forming units (CFU) recovered from titanium discs. The plasma treatment reduced the CFU significantly compared to chemical disinfectants. While 10 min CHX or NaOCl exposure led to a CFU log 10 reduction factor of 1.5, the log10 reduction factor of DBD plasma was up to 5. In conclusion, the use of low-temperature plasma is a promising physical alternative to chemical antiseptics for dental practice. © IOP Publishing Ltd and Deutsche Physikalische Gesellschaft

Algorithmic Tamper-Proof (ATP) Security: Theoretical Foundations for Security against Hardware Tampering

Abstract. Traditionally, secure cryptographic algorithms provide security against an adversary who has only black-box access to the secret information of honest parties. However, such models are not always adequate. In particular, the security of these algorithms may completely break under (feasible) attacks that tamper with the secret key. In this paper we propose a theoretical framework to investigate the algorithmic aspects related to tamper-proof security. In particular, we define a model of security against an adversary who is allowed to apply arbitrary feasible functions f to the secret key sk, and obtain the result of the cryptographic algorithms using the new secret key f(sk). We prove that in the most general setting it is impossible to achieve this strong notion of security. We then show minimal additions to the model, which are needed in order to obtain provable security. We prove that these additions are necessary and also sufficient for most common cryptographic primitives, such as encryption and signature schemes. We discuss the applications to portable devices protected by PINs and show how to integrate PIN security into the generic security design. Finally we investigate restrictions of the model in which the tampering powers of the adversary are limited. These restrictions model realistic attacks (like differential fault analysis) that have been demonstrated in practice. In these settings we show security solutions that work even without the additions mentioned above

Post-quantum cryptography

Cryptography is essential for the security of online communication, cars and implanted medical devices. However, many commonly used cryptosystems will be completely broken once large quantum computers exist. Post-quantum cryptography is cryptography under the assumption that the attacker has a large quantum computer; post-quantum cryptosystems strive to remain secure even in this scenario. This relatively young research area has seen some successes in identifying mathematical operations for which quantum algorithms offer little advantage in speed, and then building cryptographic systems around those. The central challenge in post-quantum cryptography is to meet demands for cryptographic usability and flexibility without sacrificing confidence.</p

On reminder effects, drop-outs and dominance: evidence from an online experiment on charitable giving

We present the results of an experiment that (a) shows the usefulness of screening out drop-outs and (b) tests whether different methods of payment and reminder intervals affect charitable giving. Following a lab session, participants could make online donations to charity for a total duration of three months. Our procedure justifying the exclusion of drop-outs consists in requiring participants to collect payments in person flexibly and as known in advance and as highlighted to them later. Our interpretation is that participants who failed to collect their positive payments under these circumstances are likely not to satisfy dominance. If we restrict the sample to subjects who did not drop out, but not otherwise, reminders significantly increase the overall amount of charitable giving. We also find that weekly reminders are no more effective than monthly reminders in increasing charitable giving, and that, in our three months duration experiment, standing orders do not increase giving relative to one-off donations