Stacco: Differentially Analyzing Side-Channel Traces for Detecting
  SSL/TLS Vulnerabilities in Secure Enclaves

Almeida José Bacelar; Almeida José Bacelar; Aviram Nimrod; Bardou Romain; Brasser Ferdinand; Chen Xiaoxin; Chen Yuting; Costan Victor; Dan R.; Li Yanlin; Manger James; Matetic Sinisa; Ohrimenko Olga; Ruiter Joeri De; Shinde Shweta; Somorovsky Juraj; Ta-Min Richard; Yount Charles; Zhang Xiaokuan

research

Stacco: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves

Authors: Almeida José Bacelar
Almeida José Bacelar
Aviram Nimrod
Bardou Romain
Brasser Ferdinand
Chen Xiaoxin
Chen Yuting
Costan Victor
Dan R.
Li Yanlin
Manger James
Matetic Sinisa
Ohrimenko Olga
Ruiter Joeri De
Shinde Shweta
Somorovsky Juraj
Ta-Min Richard
Yount Charles
Zhang Xiaokuan
Publication date: 26 September 2017
Publisher: 'Association for Computing Machinery (ACM)'
Doi

Abstract

Intel Software Guard Extension (SGX) offers software applications enclave to protect their confidentiality and integrity from malicious operating systems. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly deployed for a secure communication channel. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at page, cacheline, or branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities that can be exploited as decryption oracles. Surprisingly, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX-implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours.Comment: CCS 17, October 30-November 3, 2017, Dallas, TX, US

Similar works

Full text

Available Versions

Crossref

info:doi/10.1145%2F3133956.313...

Last time updated on 03/12/2019