Architectural Support for Copy and Tamper Resistant Software

Similar documents
Architectural Support for Copy and Tamper Resistant Software

Authentication Part IV NOTE: Part IV includes all of Part III!

Implementing an Untrusted Operating System on Trusted Hardware

Uses of Cryptography

Introduction to Cryptography (cont.)

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

APNIC elearning: Cryptography Basics

Security. Communication security. System Security

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

6.857 L17. Secure Processors. Srini Devadas

PROTECTING CONVERSATIONS

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Unit 8 Review. Secure your network! CS144, Stanford University

PASSWORDS & ENCRYPTION

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Cryptography MIS

Refresher: Applied Cryptography

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

1.264 Lecture 28. Cryptography: Asymmetric keys

CODESSEAL: Compiler/FPGA Approach to Secure Applications

CSE 127: Computer Security Cryptography. Kirill Levchenko

Distributed Systems. Lecture 14: Security. Distributed Systems 1

CIS 4360 Secure Computer Systems Symmetric Cryptography

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

Distributed Systems. Lecture 14: Security. 5 March,

CS 161 Computer Security

Network Security Technology Project

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Lecture 3.4: Public Key Cryptography IV

Introduction to Cryptography

Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron

AEGIS Secure Processor

CS 161 Computer Security

Classical Cryptography. Thierry Sans

Efficient Memory Integrity Verification and Encryption for Secure Processors

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

HOST Authentication Overview ECE 525

UNIT - IV Cryptographic Hash Function 31.1

Computer Security: Principles and Practice

CS 161 Computer Security

CS 161 Computer Security

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes

More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems

CSC 774 Network Security

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

(2½ hours) Total Marks: 75

CSC 474/574 Information Systems Security

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Core Security Services and Bootstrapping in the Cherubim Security System

(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography

2.1 Basic Cryptography Concepts

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Symmetric Encryption 2: Integrity

Secure Multiparty Computation

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Virtual Private Networks (VPN)

Introduction to Cryptography in Blockchain Technology. December 23, 2018

CS 111. Operating Systems Peter Reiher

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Session key establishment protocols

Session key establishment protocols

Software Security and Intro to Cryptography

BS801E-BSCS. Cryptography

Ref:

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

The case for ubiquitous transport-level encryption

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

CS 161 Computer Security

David Wetherall, with some slides from Radia Perlman s security lectures.

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay

Cryptography V: Digital Signatures

Cryptography V: Digital Signatures

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

KALASALINGAM UNIVERSITY

Cryptography Functions

CSC/ECE 774 Advanced Network Security

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Module 13 Network Security. Version 1 ECE, IIT Kharagpur

Chapter 3 Traditional Symmetric-Key Ciphers 3.1

Crypto: Symmetric-Key Cryptography

Cryptography and Network Security. Sixth Edition by William Stallings

CS Computer Networks 1: Authentication

Overview of Cryptography

CIS 4360 Secure Computer Systems Applied Cryptography

Test Conditions. Closed book, closed notes, no calculator, no laptop just brains 75 minutes. Steven M. Bellovin October 19,

Transcription:

Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and Mark Horowitz Computer Systems Laboratory Stanford University 1

XOM XOM: execute Only Memory Would like to support an environment where programs are protected from copying and tampering Customer Software Distributor Program XOM Compartment Use this to: Prevent Hackers Protect Intellectual Property Combat Software Piracy 2

General Strategy Interfaces are suspect Disk and memory are considered insecure On chip storage can be trusted How compartments are implemented Data is always protected by some mechanism With hardware tags when on chip With crypto when off chip 3

Crypto Review Asymmetric Ciphers or public-key ciphers (RSA, El Gamal) Pairs of keys Public key and is used to encrypt data Private key and is used to decrypt data Are much slower than symmetric ciphers Symmetric Ciphers (3DES, Blowfish) Single key used for encryption and decryption Pretty fast when implemented in hardware Advanced Encryption Standard ciphers will be even faster 4

Software Distribution Method Randomly Selected Symmetric Key Distributor Customer sends public key Symmetric key is encrypted with public key Customer Customer wishes to purchase software Program Code Encrypt Program Encrypted Code Customer receives encrypted code with encrypted key Encrypted Code 5

Loading Secure Code Encrypted Code Symmetric Decryption Module Executable Code Encrypted Symmetric Key Asymmetric Decryption Module Decrypted Symmetric Key (Session Key) Insecure Main Memory Private Key Secure XOM Machine XOM Key Table Secure Execution Engine 6

Managing Data Simple hardware rule: a tag check on every access But the model is too rigid, applications cannot pass out data for other applications to read Have a special compartment with a tag ID of zero called the null compartment Special instructions are required to move data to and from null to a program s private compartment Allows for communication with principals outside of compartment 7

A Simple XOM Machine Main Memory Protection Boundary L2 Cache XOM L1 Instruction Cache L1 Data Cache Decode Register File Datapath XOM Tags 8

Two problems Memory is insecure All sensitive program data must fit in registers Too restrictive a programming model Programs can t read or write data that doesn t belong to them But OS needs to do this when performing a context switch Use encryption to solve both problems This was the same technique used to protect sensitive code 9

Supporting Main Memory store_secure instruction Data Tag Data To Insecure Main Memory Encrypt Data Check that the currently executing XOM ID matches the tag before storing in memory Currently executing XOM ID XOM Key Table 10

Supporting Main Memory load_secure instruction Data Tag Data From Insecure Main Memory Target register tag is set to XOM ID Decrypt Data Currently executing XOM ID XOM Key Table 11

Supporting Interrupts save_secure instruction Data Tag Data To Insecure Main Memory Look up session key based on Tag Encrypt Data Currently executing XOM ID XOM Key Table 12

Supporting Interrupts restore_secure instruction Data Tag Data From Insecure Main Memory Target register tag is set to XOM ID Decrypt Data Currently executing XOM ID Executing Program indicates which XOM ID to use XOM Key Table 13

Spoofing Attacks Spoofing attack: Adversary tries to substitute fake ciphertext to alter behavior Tags are able to catch spoofed attacks because tag ID changes Encryption alone is not sufficient for memory Data Data False Data Junk Encrypt and store to memory Adversary swaps data Decrypts to Junk but alters program behavior 14

Spoofing Prevention Solution is to add an integrity hash to the encryption In cryptography terms, this is called a Message Authentication Code (MAC)! Data Data False Data Encrypt and store to memory with added hash Adversary swaps data Hash does not match data so exception is thrown 15

Splicing Attacks and Replay Attacks Splicing Attacks Attacker moves valid data from one location to another location Add position dependent hash: Virtual Address for secure load/stores Register number for secure save/restores Replay Attacks Attack records and reuses old register and memory values Add a regenerative key to Key Table that is used for save/restores Use protected registers to protect memory values 16

Required Hardware Main Memory L2 Cache L1 Cache miss trap L1 Instruction Cache Path to write decrypted instructions into L1 Instruction Cache Private Key Private Memory L1 Data Cache Micro-code or Virtual Machine for control Decode Register File XOM Tags Datapath Protection Boundary 17

Performance Issues Performance hit is going to come from the cryptographic operations XOM start-up Instruction load path from memory Data loads and stores to and from memory Register saves and restores to and from memory The accesses to memory occur the most often We want to speed up the symmetric and hashing operations, as well as optimize access to memory 18

Additional Hardware Cache decrypted data Add tags to caches Speed up symmetric operations Add special symmetric cryptography hardware Speed up hash calculation Select a fast hash calculation such as 128 bit CRC 19

Caching Values Caching reduces the number of cryptographic operations The size of each message is increased The granularity of ownership is increased Need to add per word valid bits Clear all valid bits when tag changes 20

Full XOM Machine Main Memory Symmetric Accelerators Protection Boundary L2 Cache XOM Tags L1 Instruction Cache XOM Tags L1 Data Cache Private Key Private Memory Decode Register File Datapath XOM Tags 21

Summary Show how to implement compartments with architectural support Trust only the processor and assume memory and OS are insecure Use: Data tagging on-chip Crypto off-chip Required hardware is modest Private Memory and Key XOM Tags on registers Additional hardware can be added to improve performance Symmetric hardware XOM Tags in caches 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback