AEGIS Secure Processor
|
|
- Alaina Alexander
- 5 years ago
- Views:
Transcription
1 AEGIS Secure Processor G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas L C S
2 Cases for Physical Security Applications on untrusted hosts with untrusted owners Digital Rights Management (DRM), Software licensing Distributed computation on Internet Mobile agents New challenges UntrustedOS Physical attacks Music/Movie Make Illegal Copies Incorrect Results; Break the System Program Software Distributed Computing, Peer-to-Peer Network
3 Conventional Tamper-Proof Packages Processing system in a tamper-proof package (IBM 4758) Expensive: many detecting sensors Inflexible: cannot upgrade the system in the package $2,690 in 2001 Memory 99MHz 486 Source: IBM website
4 Single-Chip Secure Processors Only trust a single chip: tamper-resistant Off-chip memory: verify the integrity and encrypt Untrusted OS: identify a core part or protect against OS attacks Cheap, Flexible, High Performance Untrusted OS Identify or Protect against Trusted Environment Check Integrity, Encrypt I/O Memory
5 AEGIS: High-Level Architecture L C S
6 Secure Execution Environments Tamper-Evident (TE) environment Guarantees a valid execution and the identity of a program; no privacy Any software or physical tampering to alter the program behavior should be detected Private Tamper-Resistant (PTR) environment TE environment + privacy Encrypt instructions and data Assume programs do not leak information via memory access patterns Implementation Either have a trusted part of the OS or completely untrust the OS Secure context manager, encryption and integrity verification
7
8 Program Start-Up enter_aegis : TE mode Start protecting the integrity of a program Compute and store the hash of the stub code: H(Prog) Tampering of a program results in a different hash Stub code verifies the rest of the code and data set_aegis_mode Start PTR mode on top of the TE mode enter_aegis code_end SHA-1 H(Prog) Protected Table Program.text enter_aegis EKey1 = 0xA4523BC2E435D; EKey2 = 0xB034D2C654F32; E1Msg = Secret=GetSecret(Challenge); Key1=Decrypt(EKey1, Stub Segment Secret); Key2=Decrypt(EKey2, Secret); CheckMAC(Key1, Key2, MAC); Msg = Decrypt(E1Msg, Key1); E2Msg = Encrypt(Msg, Key2); Output(E2Msg); Secret=GetSecret(Challenge); Key1=Decrypt(EKey1, Secret); Key2=Decrypt(EKey2, Secret); CheckMAC(Key1, Key2, MAC); Msg = Decrypt(E1Msg, Key1); E2Msg = Encrypt(Msg, Key2); Output(E2Msg);
9 On-Chip Protection Registers on interrupts SCM saves Regs on interrupts, and restore on resume On-chip caches Need to protect against software attacks Use SPID tags and virtual memory address Allow accesses from the cache only if both SPID and the virtual address match Standard Processor Regs L1 Instruction cache Processor Core SPID Tags Resume L1 Data cache On-Chip L2 Cache Interrupt SPID Tags SPID Tags SPID H(Prog) Regs SCM Off-Chip Memory
10 program Memory Encryption Processor ENCRYPT write Untrusted RAM DECRYPT read Trusted State Fast hardware encryption based on one-time pads Hides decryption latency
11 program Memory Encryption Processor Trusted State V E R IF Y ENCRYPT DECRYPT write read Untrusted RAM 0x45: E(124), MAC(124, 0x45) E(120), MAC(120, 0x45) Can t simply encrypt and MAC on writes, and check MAC s on reads Replay attacks Hash-tree and log schemes to verify integrity
12 Message Authentication Processor Other systems The processor signs a message for a program sign_msg M: {H(Prog), M} SKproc Unique for each program because H(Prog) is always included Other systems Processor Embed the user s public key in a program Incoming messages are signed with the user s private key Program with P user {Message} Suser {H(Prog), Message} Sproc
13 L C S Applications
14 Certified Execution Execution certified by the secure processor Dispatcher provides a program and data Processor returns the results with the signature Requires the TE environment Job Dispatcher Processor Program, Data, PKm 1 Compute H(Program) 7 Verify signature 8 Verify hash 2 Program program executes 6 {H(Program), Out} SKp, {PKp} SKm SKp, PKp, {PKp} SKm 3 Start: enter_aegis: Processor computes H(Program) 4 Execute Out 5 Sign: sign_msg
15 Digital Rights Management Protects digital contents from illegal copying Trusted software (player) on untrusted host Content provider only gives contents to the trusted player Requires the PTR environment Content Provider Customer s Processor Secure Player, Content, PKm 2 Secure Player SKp, PKp, {PKp} SKm 1 Compute H(Player) 6 Pick random nonce 5 Set up SSL connection 7 nonce 9 {h, nonce} SKp, {PKp} SKm 3 Start: enter_aegis, set_aegis_mode PTR Compute h=h(player) 4 seed=random( ) 10 Verify signatures and hash 11 Order / deliver content 8 sign_msg(nonce) 12 Decode and play Analog Output
16 Related Research XOM (execution Only Memory): David Lie et al Stated goal: Protect integrity and privacy of code and data Operating system is completed untrusted Memory integrity checking does not prevent replay attacks Memory encryption only provides partial privacy Privacy is expensive but not necessary for all applications Palladium/NGCSG: Microsoft Stated goal: Protect from software attacks Combination of hardware and software mechanisms Adds "curtained" memory to avoid DMA attacks Uses a security kernel (Nexus) Memory integrity and privacy are assumed (only software attacks).
17 Summary Physical attacks are becoming more prevalent DRM, software licensing, distributed computing, etc. Single-chip secure processors provide trusted execution environments with acceptable overhead Tamper-Evident environment, Private Tamper-Resistant environment Simulation results show 5-15% overhead for TE, 10-25% overhead for PTR processing Significant development effort underway Complete AEGIS architecture description (ICS 03) FPGA/ASIC implementation of AEGIS processor
18 L C S Performance
19 Performance Implication: TE processing Major performance degradation is from off-chip integrity checking Start-up and context switches are infrequent no performance overhead for on-chip tagging 1 Log Hash w/ infrequent checks: Worst case 15% degradation Most cases < 5% degradation Normalized IPC Hash Trees: Worst case 45% degradation Most cases < 25% degradation CHTree LHash gcc gzip mcf twolf vortex vpr applu art swim 1MB L2 Cache with 64B blocks
20 Performance Implication: PTR processing Major performance degradation is from off-chip integrity checking and encryption CHTree+Direct LHash+OTP Log Hash w/ OTP encryption: Worst case 25% degradation Most cases < 15% degradation Normalized IPC Hash Trees w/ CBC encryption: Worst case 55% degradation Most cases < 40% degradation gcc gzip mcf twolf vortex vpr applu art swim 1MB L2 Cache with 64B blocks
AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing
AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S Cases
More informationEfficient Memory Integrity Verification and Encryption for Secure Processors
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology New Security
More informationCSAIL. Computer Science and Artificial Intelligence Laboratory. Massachusetts Institute of Technology
CSAIL Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke,
More informationCSAIL. Computer Science and Artificial Intelligence Laboratory. Massachusetts Institute of Technology
CSAIL Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke,
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationEfficient Memory Integrity Verification and Encryption for Secure Processors
Efficient Memory Integrity Verification and Encryption for Secure Processors G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas MIT Computer Science and Artificial Intelligence
More informationCSAIL. Computer Science and Artificial Intelligence Laboratory. Massachusetts Institute of Technology
CSAIL Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology Checking the Integrity of Memory in a Snooping-Based Symmetric Multiprocessor (SMP) System Dwaine Clarke,G.
More informationCSAIL. Computer Science and Artificial Intelligence Laboratory. Massachusetts Institute of Technology
CSAIL Computer Science and Artificial Intelligence Laboratory Massachusetts Institute of Technology Caches and Merkle Trees for Efficient Memory Authentication Blaise Gassend, Dwaine Clarke, Marten van
More informationArchitectural Support for Copy and Tamper Resistant Software
Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and Mark Horowitz Computer Systems Laboratory Stanford
More informationDesign and Implementation of the Ascend Secure Processor. Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas
Design and Implementation of the Ascend Secure Processor Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas Agenda Motivation Ascend Overview ORAM for obfuscation Ascend:
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationCertifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology
Certifying Program Execution with Secure Processors Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology Motivation All PCs may soon include trusted computing
More informationCaches and Merkle Trees for Ecient Memory Authentication. Blaise Gassend, G. Edward Suh, Dwaine Clarke, Marten van Dijk, Srinivas Devadas
Caches and Merkle Trees for Ecient Memory Authentication Blaise Gassend, G. Edward Suh, Dwaine Clarke, Marten van Dijk, Srinivas Devadas MIT Laboratory for Computer Science September 3, Abstract We describe
More informationA Security Infrastructure for Trusted Devices
Infrastructure () A Security Infrastructure for Trusted Devices Mahalingam Ramkumar Mississippi State University, MS Nasir Memon Polytechnic University, Brooklyn, NY January 31, 2005 Infrastructure ()
More informationARM Security Solutions and Numonyx Authenticated Flash
ARM Security Solutions and Numonyx Authenticated Flash How to integrate Numonyx Authenticated Flash with ARM TrustZone* for maximum system protection Introduction Through a combination of integrated hardware
More informationControlled Physical Random Functions and Applications
Controlled Physical Random Functions and Applications BLAISE GASSEND, MARTEN VAN DIJK, DWAINE CLARKE, EMINA TORLAK, and SRINIVAS DEVADAS Massachusetts Institute of Technology and PIM TUYLS Philips Research
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationControlled Physical Random Functions
Controlled Physical Random Functions Blaise Gassend, Dwaine Clarke, Marten van Dijk and Srinivas Devadas Massachusetts Institute of Technology Laboratory for Computer Science Cambridge, MA 0239, USA gassend,declarke,marten,devadas
More informationAnand Raghunathan
ECE 695R: SYSTEM-ON-CHIP DESIGN Module 2: HW/SW Partitioning Lecture 2.26: Example: Hardware Architecture Anand Raghunathan raghunathan@purdue.edu ECE 695R: System-on-Chip Design, Fall 2014 Fall 2014,
More informationAuthenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas
Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas Massachusetts Institute of Technology November 8th, CCSW 2013 Cloud Storage Model
More informationTowards Constant Bandwidth Overhead Integrity Checking of Untrusted Data
Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data Dwaine Clarke, G. Edward Suh, Blaise Gassend, Ajay Sudan, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationTowards Constant Bandwidth Overhead Integrity Checking of Untrusted Data
Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data Dwaine Clarke, G. Edward Suh, Blaise Gassend, Ajay Sudan, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology
More informationSecurity in ECE Systems
Lecture 11 Information Security ECE 197SA Systems Appreciation Security in ECE Systems Information security Information can be very valuable Secure communication important to protect information Today
More informationMessage Authentication and Hash function
Message Authentication and Hash function Concept and Example 1 Approaches for Message Authentication Encryption protects message against passive attack, while Message Authentication protects against active
More informationControlled Physical Random Functions and Applications
Controlled Physical Random Functions and Applications BLAISE GASSEND, MARTEN VAN DIJK, DWAINE CLARKE and EMINA TORLAK Massachusetts Institute of Technology PIM TUYLS Philips Research and SRINIVAS DEVADAS
More informationModern key distribution with ClaimChains
Modern key distribution with ClaimChains A decentralized Public Key Infrastructure that supports privacy-friendly social verification NEXTLEAP Bogdan Kulynych Marios Isaakidis Carmela Troncoso George Danezis
More informationAscend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM)
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7b Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM) Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen
More informationSymmetric Encryption 2: Integrity
http://wwmsite.wpengine.com/wp-content/uploads/2011/12/integrity-lion-300x222.jpg Symmetric Encryption 2: Integrity With material from Dave Levin, Jon Katz, David Brumley 1 Summing up (so far) Computational
More informationDaniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven
Goals of authenticated encryption Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven More details, credits: competitions.cr.yp.to /features.html Encryption sender
More informationCODESSEAL: Compiler/FPGA Approach to Secure Applications
CODESSEAL: Compiler/FPGA Approach to Secure Applications Olga Gelbart 1, Paul Ott 1, Bhagirath Narahari 1, Rahul Simha 1, Alok Choudhary 2, and Joseph Zambreno 2 1 The George Washington University, Washington,
More informationSGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut
SGX Security Background Masab Ahmad masab.ahmad@uconn.edu Department of Electrical and Computer Engineering University of Connecticut 1 Security Background Outline Cryptographic Primitives Cryptographic
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2007 Goals Understand: authenticated booting the difference
More informationHigh Efficiency Counter Mode Security Architecture via Prediction and Precomputation
High Efficiency Counter Mode Security Architecture via Prediction and Precomputation Weidong Shi Hsien-Hsin S. Lee Mrinmoy Ghosh Chenghuai Lu Alexandra Boldyreva School of Electrical and Computer Engineering
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationTowards Constant Bandwidth Overhead Integrity Checking of Untrusted Data. Dwaine E. Clarke
Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data by Dwaine E. Clarke S.B., Computer Science, Massachusetts Institute of Technology, 1999 M.Eng., Computer Science, Massachusetts
More informationAuthenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009
Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing Hermann Härtig Technische Universität Dresden Summer Semester 2009 Goals Understand principles of: authenticated booting the
More informationSGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 3b SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees Slide deck extracted from Kamran s tutorial on SGX and Chenglu s security analysis
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n n A tremendous tool The basis for many security mechanisms Is not n n n n The solution to all security problems Reliable unless implemented properly Reliable
More informationRefresher: Applied Cryptography
Refresher: Applied Cryptography (emphasis on common tools for secure processors) Chris Fletcher Fall 2017, 598 CLF, UIUC Complementary reading Intel SGX Explained (ISE) Victor Costan, Srini Devadas https://eprint.iacr.org/2016/086.pdf
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 30/05/11 Goals Understand principles of: Authenticated booting The difference to (closed) secure
More information: Practical Cryptographic Systems March 25, Midterm
650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are
More informationVirtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS
Virtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS Luis F. G. Sarmenta, Marten van Dijk, Charles W. O Donnell, Jonathan Rhodes, and Srinivas Devadas Computer Science
More informationSanctum: Minimal HW Extensions for Strong SW Isolation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7a Sanctum: Minimal HW Extensions for Strong SW Isolation Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen Department of Electrical &
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationDecoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor
Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor Hari Kannan, Michael Dalton, Christos Kozyrakis Computer Systems Laboratory Stanford University Motivation Dynamic analysis help
More informationA New Encryption and Hashing Scheme for the Security Architecture for Microprocessors
A New Encryption and Hashing Scheme for the Security Architecture for Microprocessors Jörg Platte, Raúl Durán Díaz, and Edwin Naroska Institut für Roboterforschung, Abteilung Informationstechnik, Universität
More informationThe case for ubiquitous transport-level encryption
1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazières, and Dan Boneh Stanford and UCL November 18, 2010 Goals 2/25 What would it take to encrypt
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationMessage authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:
Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed
More information15-740/ Computer Architecture Lecture 10: Runahead and MLP. Prof. Onur Mutlu Carnegie Mellon University
15-740/18-740 Computer Architecture Lecture 10: Runahead and MLP Prof. Onur Mutlu Carnegie Mellon University Last Time Issues in Out-of-order execution Buffer decoupling Register alias tables Physical
More informationImpact of Cache Coherence Protocols on the Processing of Network Traffic
Impact of Cache Coherence Protocols on the Processing of Network Traffic Amit Kumar and Ram Huggahalli Communication Technology Lab Corporate Technology Group Intel Corporation 12/3/2007 Outline Background
More informationOffline Untrusted Storage with Immediate Detection of Forking and Replay Attacks
Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks Marten van Dijk, Jonathan Rhodes, Luis F. G. Sarmenta, and Srinivas Devadas Computer Science and Artificial Intelligence
More informationMing Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay
Hardware and Architectural Support for Security and Privacy (HASP 18), June 2, 2018, Los Angeles, CA, USA Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay Computing and Engineering (SCSE) Nanyang Technological
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationBloom Filtering Cache Misses for Accurate Data Speculation and Prefetching
Bloom Filtering Cache Misses for Accurate Data Speculation and Prefetching Jih-Kwon Peir, Shih-Chang Lai, Shih-Lien Lu, Jared Stark, Konrad Lai peir@cise.ufl.edu Computer & Information Science and Engineering
More informationDistributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing
Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing 02/06/14 Goals Understand principles of: Authenticated booting, diference to (closed) secure
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationOptimal Parameter Selection for Efficient Memory Integrity Verification Using Merkle Hash Trees
Optimal Parameter Selection for Efficient Memory Integrity Verification Using Merkle Hash Trees Dan Williams and Emin Gün Sirer {djwill, egs}@cs.cornell.edu Department of Computer Science Cornell University
More informationPageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on. Blaise-Pascal Tine Sudhakar Yalamanchili
PageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on Blaise-Pascal Tine Sudhakar Yalamanchili Outline Background: Memory Security Motivation Proposed Solution Implementation Evaluation Conclusion
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationDesign Space Exploration and Optimization of Path Oblivious RAM in Secure Processors
Design Space Exploration and Optimization of Path Oblivious RAM in Secure Processors Ling Ren, Xiangyao Yu, Christopher W. Fletcher, Marten van Dijk and Srinivas Devadas MIT CSAIL, Cambridge, MA, USA {renling,
More informationTERRA. Boneh. A virtual machine-based platform for trusted computing. Presented by: David Rager November 10, 2004
TERRA Authored by: Garfinkel,, Pfaff, Chow, Rosenblum,, and Boneh A virtual machine-based platform for trusted computing Presented by: David Rager November 10, 2004 Why there exists a need Commodity OS
More informationService Managed Gateway TM. Configuring IPSec VPN
Service Managed Gateway TM Configuring IPSec VPN Issue 1.2 Date 12 November 2010 1: Introduction 1 Introduction... 3 1.1 What is a VPN?... 3 1.2 The benefits of an Internet-based VPN... 3 1.3 Tunnelling
More informationDigital Signatures. Luke Anderson. 7 th April University Of Sydney.
Digital Signatures Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Digital Signatures 1.1 Background 1.2 Basic Operation 1.3 Attack Models Replay Naïve RSA 2. PKCS#1
More informationPyNaCl Release 1.0 Oct 31, 2017
PyNaCl Release 1.0 Oct 31, 2017 Contents 1 Contents 1 1.1 Public Key Encryption.......................................... 1 1.2 Secret Key Encryption.......................................... 4 1.3 Digital
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationThe Ascend Secure Processor. Christopher Fletcher MIT
The Ascend Secure Processor Christopher Fletcher MIT 1 Joint work with Srini Devadas, Marten van Dijk Ling Ren, Albert Kwon, Xiangyao Yu Elaine Shi & Emil Stefanov David Wentzlaff & Princeton Team (Mike,
More informationRegister Packing Exploiting Narrow-Width Operands for Reducing Register File Pressure
Register Packing Exploiting Narrow-Width Operands for Reducing Register File Pressure Oguz Ergin*, Deniz Balkan, Kanad Ghose, Dmitry Ponomarev Department of Computer Science State University of New York
More informationInfluential OS Research Security. Michael Raitza
Influential OS Research Security Michael Raitza raitza@os.inf.tu-dresden.de 1 Security recap Various layers of security Application System Communication Aspects of security Access control / authorization
More informationDigital it Signatures. Message Authentication Codes. Message Hash. Security. COMP755 Advanced OS 1
Digital Signatures Digital it Signatures Offer similar protections as handwritten signatures in the real world. 1. Difficult to forge. 2. Easily verifiable. 3. Not deniable. 4. Easy to implement. 5. Differs
More informationI certify that this DNS record set is correct Problem: how to certify a negative response, i.e. that a record doesn t exist?
RRSIG: I certify that this DNS record set is correct Problem: how to certify a negative response, i.e. that a record doesn t exist? NSEC: I certify that there are no DNS records (of type X) whose record
More informationIntel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron
Real World Cryptography Conference 2016 6-8 January 2016, Stanford, CA, USA Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron Intel Corp., Intel Development Center,
More informationDistributed Systems Principles and Paradigms
Distributed Systems Principles and Paradigms Chapter 09 (version April 7, 2008) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.20. Tel:
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationDesign space exploration and optimization of path oblivious RAM in secure processors
Design space exploration and optimization of path oblivious RAM in secure processors The MIT Faculty has made this article openly available. Please share how this access benefits you. Your story matters.
More informationRISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas
RISCV with Sanctum Enclaves Victor Costan, Ilia Lebedev, Srini Devadas Today, privilege implies trust (1/3) If computing remotely, what is the TCB? Priviledge CPU HW Hypervisor trusted computing base OS
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationData Integrity. Modified by: Dr. Ramzi Saifan
Data Integrity Modified by: Dr. Ramzi Saifan Encryption/Decryption Provides message confidentiality. Does it provide message authentication? 2 Message Authentication Bob receives a message m from Alice,
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography! Is n A tremendous tool n The basis for many security mechanisms! Is not n The solution to all security problems n Reliable unless implemented properly n Reliable
More informationSecurity and Anonymity
Security and Anonymity Distributed Systems need a network to send messages. Any message you send in a network can be looked at by any router or machine it goes through. Further if your machine is on the
More informationFreecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM
Freecursive ORAM: [Nearly] Free Recursion and Integrity Verification for Position-based Oblivious RAM Christopher W. Fletcher, Ling Ren, Albert Kwon, Marten van Dijk, Srinivas Devadas Massachusetts Institute
More informationOneID An architectural overview
OneID An architectural overview Jim Fenton November 1, 2012 Introduction OneID is an identity management technology that takes a fresh look at the way that users authenticate and manage their identities
More informationRandomness Extractors. Secure Communication in Practice. Lecture 17
Randomness Extractors. Secure Communication in Practice Lecture 17 11:00-12:30 What is MPC? Manoj Monday 2:00-3:00 Zero Knowledge Muthu 3:30-5:00 Garbled Circuits Arpita Yuval Ishai Technion & UCLA 9:00-10:30
More informationResilient IoT Security: The end of flat security models
Resilient IoT Security: The end of flat security models Xiao Sun Senior Application Engineer ARM Tech Symposia China 2015 November 2015 Evolution from M2M to IoT M2M Silos of Things Standards Security
More informationSecurity in NVMe Enterprise SSDs
Security in NVMe Enterprise SSDs Radjendirane Codandaramane, Sr. Manager, Applications, Microsemi August 2017 1 Agenda SSD Lifecycle Security threats in SSD Security measures for SSD August 2017 2 SSD
More informationCS252 Project TFS: An Encrypted File System using TPM
CS252 Project TFS: An Encrypted File System using TPM Steven Houston: shouston@eecs.berkeley.edu Thomas Kho: tkho@eecs.berkeley.edu May 15, 2007 Abstract In this project, we implement a trusted file system
More informationLecture 11: SMT and Caching Basics. Today: SMT, cache access basics (Sections 3.5, 5.1)
Lecture 11: SMT and Caching Basics Today: SMT, cache access basics (Sections 3.5, 5.1) 1 Thread-Level Parallelism Motivation: a single thread leaves a processor under-utilized for most of the time by doubling
More informationWeb Tap Payment Authentication and Encryption With Zero Customer Effort
Web Tap Payment Authentication and Encryption With Zero Customer Effort Henry Ng Tap-Card-Pay Systems Corporation, Vancouver BC V5X3Y3, Canada henryng@tapcardpay.com Abstract. We propose a public-key authentication
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationMitigating the Untrusted Terminal Problem Using Conditional Signatures
Mitigating the Untrusted Terminal Problem Using Conditional Signatures István Zsolt BERTA Levente BUTTYÁN István VAJDA Laboratory of Cryptography and Systems Security, Department of Telecommunications,
More information8. Network Layer Contents
Contents 1 / 43 * Earlier Work * IETF IP sec Working Group * IP Security Protocol * Security Associations * Authentication Header * Encapsulation Security Payload * Internet Key Management Protocol * Modular
More informationIntroduction to Cryptography
Introduction to Cryptography 1 2 Definition process data into unintelligible form, reversibly, without data loss typically digitally usually one-to-one in size $ compression analog cryptography: voice
More information