Leveraging Intel SGX to Create a Nondisclosure Cryptographic library

Similar documents
Computer Security: Principles and Practice

PROTECTING CONVERSATIONS

CSE 127: Computer Security Cryptography. Kirill Levchenko

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

CLASS AGENDA. 9:00 9:15 a.m. 9:15 10:00 a.m. 10:00 12:00 p.m. 12:00 1:00 p.m. 1:00 3:00 p.m. 3:00 5:00 p.m.

There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Cryptographic Concepts

Information Security CS526

A Comparison Study of Intel SGX and AMD Memory Encryption Technology

Connecting Securely to the Cloud

Crypto Background & Concepts SGX Software Attestation

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

CSE484 Final Study Guide

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Massively Parallel Hardware Security Platform

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Isolating Operating System Components with Intel SGX

Lecture 1 Applied Cryptography (Part 1)

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Distributed Key Management and Cryptographic Agility. Tolga Acar 24 Feb. 2011

CIS 4360 Secure Computer Systems Applied Cryptography

TCG TPM2 Software Stack & Embedded Linux. Philip Tricca

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Intel Software Guard Extensions

Binding keys to programs using Intel SGX remote attestation

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Encryption 2. Tom Chothia Computer Security: Lecture 3

Cache Side Channel Attacks on Intel SGX

Authenticated Encryption in TLS

CS 161 Computer Security

Apache Commons Crypto: Another wheel of Apache Commons. Dapeng Sun/ Xianda Ke

Lecture 3: Symmetric Key Encryption

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

CSC/ECE 774 Advanced Network Security

Lecture 4: Symmetric Key Encryption

Practical Aspects of Modern Cryptography

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees

CIS 4360 Secure Computer Systems Symmetric Cryptography

Graphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij

PASSWORDS & ENCRYPTION

Computer Security CS 526

Cryptography MIS

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

CSC 774 Network Security

Pass, No Record: An Android Password Manager

Parallelizing Cryptography. Gordon Werner Samantha Kenyon

Sealing and Attestation in Intel Software Guard Extensions (SGX)

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

The Future of Security is in Open Silicon Linux Security Summit 2018

Flicker: An Execution Infrastructure for TCB Minimization

Cryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers

Network Security. Chapter 4 Symmetric Encryption. Cornelius Diekmann With contributions by Benjamin Hof. Technische Universität München

CS 161 Computer Security

Ref:

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Winter 2011 Josh Benaloh Brian LaMacchia

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Encryption. INST 346, Section 0201 April 3, 2018

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

TPM v.s. Embedded Board. James Y

Cryptography and Network Security

Concrete cryptographic security in F*

FIPS Security Policy UGS Teamcenter Cryptographic Module

Computer Security 3/23/18

Lecture Embedded System Security Introduction to Trusted Computing

Information Security: Principles and Practice Second Edition. Mark Stamp

borzoi Manual Dragongate Technologies Ltd.

Unit 8 Review. Secure your network! CS144, Stanford University

Information Security CS526

Block Cipher Modes of Operation

CS155. Cryptography Overview

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Intel SGX Virtualization

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Security with VA Smalltalk

Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin

Security: Cryptography

ROTE: Rollback Protection for Trusted Execution

Refresher: Applied Cryptography

COMP4109 : Applied Cryptography

Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1

CSC 580 Cryptography and Computer Security

Introduction to Symmetric Cryptography

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

Public Key Algorithms

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Dashlane Security Whitepaper

Lecture Embedded System Security Trusted Platform Module

Introduction to Cryptography. Lecture 6

NIST Cryptographic Toolkit

Crypto tidbits: misuse, side channels. Slides from Dave Levin 414-spring2016

Transcription:

CS 2530 - Computer and Network Security Project presentation Leveraging Intel SGX to Create a Nondisclosure Cryptographic library Mohammad H Mofrad & Spencer L Gray University of Pittsburgh Thursday, December 15, 2016 hasanzadeh@cspittedu & slg94@cspittedu 1

Preface Motivation Intel Software Guard Extension (SGX) SGX simulator Linux SGX SDK Project details Cryptographic Algorithms Key generation Hashes SHA 256 HMAC SHA 256 Encryption AES ECB AES CBC Discussion Future work 2

Motivation Threat Model An adversary has complete access to the OS No access to the hardware of the machine Need a way to keep important data confidential under this model Solution: a cryptographic library inside trusted hardware Cryptographic keys never leave the enclave

Introducing the Intel SGX Intuition: Computing devices are not trustworthy Inspired by Trusted Platform Module (TPM) TPM implemented the context of software attestation using hardware modules Enclaves are isolated regions of memory for code and data Encrypted Enclave Page Caches (EPCs) in RAM Enclave In SGX only CPU is trusted Added 18 new ISA Instructions APP APP APP Supervisor instructions: ECREATE, EINIT, User instructions: EENTER, EEXIT, X OS Features: Reduced attack surface HW + SGX Attestation (local/remote) & Sealing Trusted Untrusted 4

Related Work SGX1 (Initial release) 1 Innovative instructions and software model for isolated execution Introducing the new instruction set 2 Using innovative instructions to create trustworthy software solutions One Time Password (OTP), Secure Video Conferencing (SVC), and etc case studies 3 Innovative technology for CPU based attestation and sealing How to add SGX into Software lifecycle SGX2 (Latest release) 1 Intel SGX support for dynamic memory management inside an enclave Added support for dynamic memory management Added support for changing permissions Secure exception handling Applications: Cloud, Network Function Virtualization (NFV), Containeraization 5

SGX Emulator Linux SGX SDK from 01org Code: C and C++ INTEL OPEN SOURCE org Github repository at https://githubcom/01org/linux-sgx Supported OS Ubuntu 1404-LTS 64-bit References Intel SGX SDK for Linux OS programming reference Intel SGX SDK for Linux OS developer reference Intel Developer Zone Our implementations servers as an example in SampleCode directory of linux-sgx CryptoEnclave project Github repository: https://githubcom/hmofrad/linux-sgx/ Algorithms from libtomcrypt https://githubcom/libtom/libtomcrypt Hashes: SHA 256 and HMAC SHA 256 Symmetric key: AES ECB and CBC with 128 192 256 key lengths 6

Cryptographic Library We chose LibTomCrypt Designed to be extremely modular Easy to take only the algorithms we needed Minimize our trusted computing base Other options explored: OpenSSL and Crypto++ OpenSSL was designed to be fully downloaded Crypto++ was very unorganized (all files were in 1 directory) 7

Implementation Details Ubuntu 1404 Virtual Machine Architecture: 64-bit virtual Machine RAM: 2GB Disk: 8GB Crypto Enclave project (~500) Application code Command line I/O interface Utility functions (~2300) Enclave implementation (~1600) Modified libtomcrypt borrowed codes (~700) Enclave crypto wrappers for crypto operations (~50) Enclaveedl Enclaveconfigxml Makefile 8

Sample Scenario Appcpp Enclavecpp Untrusted code & data Int main(){ Sgx_create_enclave() dump_secret() get_secret() Sgx_destroy_enclave() } Char secret[10]; dump_secret() { } get_secret() { } Trusted code Makefile gcc, g++ Linux SGX SDk App binary 9

Key generation Symmetric keys- just need random bytes Depends on a good pseudo random number generator Poor key generation leads to poor security Asymmetric keys- based upon fancy math Still depend on random numbers! If the base random numbers can be predicted, private keys can be easily computed The SGX already has key generation functions built in sgx_read_rand(key, keylen) 10

Hash Function Cryptographic primitive to provide integrity to data The base algorithm can be computed safely in user space One-way function No secrets are involved HMAC depends on hash function to operate Keyed hash function (cannot be computed safely in user space) Provides higher level of data integrity

Hash Implementation LibTomCrypt s functions: sha256_init() Initializes the hash sha256_process() - Takes input and uses it to build hash sha256_done() Writes out the final hash to an output buffer Our function gen_sha256() is essentially a wrapper for LibTomCrypt s implementation 12

SGX-enabled SHA 256 open(file N ) app enclave read() gen_sha256() read() gen_sha256() read() gen_sha256() close(file) EID + BUFFER = 4K EID + BUFFER = 4K EID + BUFFER 4K EID get_sha256() EID + SHA 256 SHA 256 gen_sha256(): sha256_init() sha256_process() gen_sha256(): sha256_process() gen_sha256(): sha256_process() sha256_done() get_sha256(): memcpy(sha 256 ) 13

SGX-enabled HMAC SHA 256 open(file N ) gen_key() app EID + KLEN enclave gen_key(klen): read() gen_hmac_sha256() read() gen_hmac_sha256() read() gen_hmac_sha256() close(file) get_hmac_sha256() HMAC 256 EID + BUFFER = 4K EID + BUFFER = 4K EID + BUFFER 4K EID EID + HMAC 256 gen_hmac_sha256(): hmac_init() hmac_process() gen_hmac_sha256(): hamc_process() gen_hmac_sha256(): hmac_process() hmac_done() get_hmac_sha256(): memcpy(hmac 256 ) 14

Symmetric Key Cryptography Uses same key for encryption and decryption Encrypts/decrypts data in fixed sized blocks (usually) Modes of block chaining ECB-same block will always encrypt to the same cipher text CBC-Cipher text is partially determined by previous block

SGX-enabled AES ECB (Encryption) app enclave open(file N ) EID + KLEN gen_key() gen_key(klen 128 192 256 ): read() encrypt_aes_ecb() read() encrypt_aes_ecb() read() encrypt_aes_ecb() close(file) CIPHER N EID + BUFFER = 4K EID + CIPHER = 4K EID + BUFFER = 4K EID + CIPHER = 4K EID + BUFFER 4K EID + CIPHER = 4K encrypt_aes_ecb(): SETUP() ECB_ENC() encrypt_aes_ecb(): ECB_ENC() encrypt_aes_ecb(): ECB_ENC() ZERO_PADDING() 16

SGX-enabled AES ECB (Decryption) app enclave decrypt_aes_ecb() decrypt_aes_ecb() EID + CIPHER = 4K EID + PLAINTXT = 4K EID + CIPHER= 4K EID + PLAINTXT = 4K decrypt_aes_ecb(): ECB_DEC() decrypt_aes_ecb(): ECB_DEC() decrypt_aes_ecb() EID + CHIPHER = 4K decrypt_aes_ecb(): EID + PLAINTXT 4K ECB_DEC() PLAINTXT N RM_ZERO_PADDING() 17

SGX-enabled AES CBC (Encryption) read() encrypt_aes_cbc() read() encrypt_aes_cbc() app EID + BUFFER = 4K EID + CIPHER = 4K EID + BUFFER = 4K enclave open(file N ) EID + KLEN gen_key() gen_key(klen 128 192 256 ): EID + CIPHER = 4K encrypt_aes_cbc(): gen_iv(iv 128 ) setup_key() cbc_encrypt() encrypt_aes_ecb(): cbc_encrypt() read() encrypt_aes_cbc() close(file) CIPHER N EID + BUFFER 4K EID + CIPHER = 4K encrypt_aes_cbc(): cbc_encrypt() ZERO_PADDING() 18

SGX-enabled AES CBC (Decryption) app enclave decrypt_aes_cbc() decrypt_aes_cbc() EID + CIPHER = 4K EID + PLAINTXT = 4K EID + CIPHER= 4K EID + PLAINTXT = 4K decrypt_aes_cbc(): setup_key() cbc_decrypt() decrypt_aes_cbc(): cbc_decrypt() decrypt_aes_cbc() EID + CHIPHER = 4K decrypt_aes_cbc(): EID + PLAINTXT 4K cbc_decrypt() PLAINTXT N RM_ZERO_PADDING() 19

Design Decisions Why we choose 4KB buffer size? OS page size 4KB Multiple of 16 Enclave Heap size is a multiple of 4 Why we pass buffers of plaintext and ciphertext back and forth? We don t want to exhaust the enclave memory In hardware mode, the Enclave heap size at max ~90MB Why we have a huge amount of I/O in this project? The basic idea here is that if we encrypt the keys and data inside the enclave, no one can extract the keys and original data even if an attacker can access them! The silver bullet of our project is that instead of bringing an insecure computation to the data, we bring the data to the enclave to securely perform the computations 20

Discussion Our implementation meets our goals under our threat model Cryptographic keys never leave the enclave A compromised OS cannot recover secrets except through brute force attacks The security of the keys relies on the security of the SGX Discovery of attacks against SGX threaten our system Still weak to hardware and side channel attacks 21

Discussion What drives Intel s incentive to launch SGX For the good of the users ie adding another level of security on top of OS For the good of its market ie software that are SGX-enabled Need to accept the Intel license agreement Need to rely on Intel servers for remote attestation and sealing Literally, Intel is putting itself in the middle of software lifecycle Small Trusted Code Base (TCB) We only store keys, and hashes and nothing else We barely need less than 100KB of memory to handle a user session no matter what is the file size (~200) The computation are done inside the enclave Keys may never leave the enclave 22

Future Work Current uses are limited! Expand the existing library Public key cryptography (RSA, ECC, Diffie Hellman) Pseudo random number generating algorithms Protocol to allow two enclaves to share keys Allow separate users to safely communicate using keys sealed in enclaves M1 E{M1} E{M2} M2 E{M1} E{M2} E{M1} M1 M2 E{M2} 23

24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback