Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay

Similar documents
Using Address Independent Seed Encryption and Bonsai Merkle Trees to Make Secure Processors OS- and Performance-Friendly

Intel Software Guard Extensions (Intel SGX) Memory Encryption Engine (MEE) Shay Gueron

05 - WLAN Encryption and Data Integrity Protocols

6.857 L17. Secure Processors. Srini Devadas

SGX Security Background. Masab Ahmad Department of Electrical and Computer Engineering University of Connecticut

PageVault: Securing Off-Chip Memory Using Page-Based Authen?ca?on. Blaise-Pascal Tine Sudhakar Yalamanchili

Refresher: Applied Cryptography

CIS 4360 Secure Computer Systems Symmetric Cryptography

Summary on Crypto Primitives and Protocols

Efficient Memory Integrity Verification and Encryption for Secure Processors

Authenticated Storage Using Small Trusted Hardware Hsin-Jung Yang, Victor Costan, Nickolai Zeldovich, and Srini Devadas

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

CAESAR Hardware API. Ekawat Homsirikamol, William Diehl, Ahmed Ferozpuri, Farnoud Farahmand, Panasayya Yalla, Jens-Peter Kaps, and Kris Gaj

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

ECE 646 Lecture 8. Modes of operation of block ciphers

Architectural Support for Copy and Tamper Resistant Software

Content of this part

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Misuse-resistant crypto for JOSE/JWT

Security. Communication security. System Security

Added Redundancy Explicit Authentication at the Block Level for Parallelized Encryption and Integrity Checking on Processor-Memory Buses

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Persistent key, value storage

Silent Shredder: Zero-Cost Shredding For Secure Non-Volatile Main Memory Controllers

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

On the security of security extensions for IP-based KNX networks. Aljosha Judmayer

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

Securing IoT applications with Mbed TLS Hannes Tschofenig Arm Limited

Fundamentals of HW-based Security

Feedback Week 4 - Problem Set

8. Network Layer Contents

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Connecting Securely to the Cloud

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Data-at-Rest Encryption

Symmetric Crypto MAC. Pierre-Alain Fouque

INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD

Chapter 24 Wireless Network Security

Securing the Frisbee Multicast Disk Loader

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Solutions to exam in Cryptography December 17, 2013

Managing and Securing Computer Networks. Guy Leduc. Chapter 7: Securing LANs. Chapter goals: security in practice: Security in the data link layer

Authentication Part IV NOTE: Part IV includes all of Part III!

BUS ENCRYPTION AND AUTHENTICATION UNIT FOR SYMMETRIC SHARED MEMORY MULTIPROCESSOR SYTEM USING GCM-AES VARUN JANNEPALLY

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Data Integrity. Modified by: Dr. Ramzi Saifan

Security IP-Cores. AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing. l e a d i n g t h e w a y

1 Contents. Version of EnSilica Ltd, All Rights Reserved

: Practical Cryptographic Systems March 25, Midterm

Multiple forgery attacks against Message Authentication Codes

Block Cipher Operation

Storage Encryption: A Cryptographer s View. Shai Halevi IBM Research

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

CSAIL. Computer Science and Artificial Intelligence Laboratory. Massachusetts Institute of Technology

Crypto: Symmetric-Key Cryptography

Lecture 1 Applied Cryptography (Part 1)

An Efficient Stream Cipher Using Variable Sizes of Key-Streams

Cryptography (Overview)

ryptograi "ГС for Tom St Denis, Elliptic Semiconductor Inc. Simon Johnson and Author of the LibTom Project

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

Block Cipher Operation. CS 6313 Fall ASU

Information Security CS526

P2_L6 Symmetric Encryption Page 1

CS155. Cryptography Overview

AWS Key Management Service (KMS) Handling cryptographic bounds for use of AES-GCM

Untethered lowrisc, Memory Mapped IO and TileLink/AXI. Wei Song 27/07/2015

Lecture 1: Course Introduction

Block Cipher Modes of Operation

Privacy and Security in Smart Grids

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Design Space Exploration and Optimization of Path Oblivious RAM in Secure Processors

CS408 Cryptography & Internet Security

SGX Enclave Life Cycle Tracking TLB Flushes Security Guarantees

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

Provisioning secure Identity for Microcontroller based IoT Devices

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

UNDERSTANDING SENETAS LAYER 2 ENCRYPTION TECHNICAL-PAPER

Network Working Group Request for Comments: Category: Standards Track August 2008

(2½ hours) Total Marks: 75

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Diplomatic Design Patterns

Cryptography: More Primitives

Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1

Encrypted Data Deduplication in Cloud Storage

6 Cryptographic Operations API

WarDriving. related fixed line attacks war dialing port scanning

CSE 127: Computer Security Cryptography. Kirill Levchenko

CS Paul Krzyzanowski

Computer Security Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2018

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Some Aspects of Block Ciphers

RISC-V Rocket Chip SoC Generator in Chisel. Yunsup Lee UC Berkeley

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Introduction to Symmetric Cryptography

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Design and Implementation of the Ascend Secure Processor. Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas

Transcription:

Hardware and Architectural Support for Security and Privacy (HASP 18), June 2, 2018, Los Angeles, CA, USA Ming Ming Wong Jawad Haj-Yahya Anupam Chattopadhyay Computing and Engineering (SCSE) Nanyang Technological University (NTU) Singapore

I/O Fabric System on Chip Rocket Core Rocket Core Example Attacks on DRAM - Side channel attacks (e.g. IO probing) - Rowhammer - Buffer overflow L1 Cache L1 Cache Coherent Fabric L2 Cache ROM BRAM SPI Essential component in modern secure processor Memory protection via cryptographic primitives Integrated as autonomous hardware Memory Controller (MC) UART Ethernet Debug DRAM

Our team is building a secure processor based on RISC-V Memory protection unit (MPU): 1. Authenticated Encryption 2. Simplified integrity tree 3. Supports for partial memory encryption (PME)

I/O Fabric System on Chip (SoC) Rocket Core Rocket Core ROM 3 Secure Debug (1) and Secure IO (2) to protect against various hardware threats such as Key Extraction, Illicit Debugging, Probing and Side-Channel Attacks (SCA). L1 Cache 4 L1 Cache BRAM Secure Boot (3)3to protect against attacks such as: Image Hacking, Botnet Enrolling and Cold-Boot attack. Coherent Fabric L2 Cache SPI UART Ethernet 2 Trusted Execution Environment (TEE) (4) which guarantees isolated execution environment for the trusted application. This feature is essential for protecting against attacks such as: Software Exploitation, Privilege Escalation and Botnet Enrolling. Memory Protection Unit (MPU) Memory Controller (MC) Debug 1 Trusted Off-Chip Memory (5) is an essential feature that protects against Side-Channel Attacks (SCA), Probing and Key Extraction from main memory. 5 DRAM

Malicious modifications that compromise the memory: Spoofing attacks: Existing memory block is replaced with arbitrary fake data. Splicing/Relocation attacks: Spatial permutation of memory blocks where memory block at address A is replaced with memory block at address B. Replay attacks: Temporal permutation of a memory block where memory block located at a given address is recorded and inserted back to the same address at a later point in time. In doing so, the current block s value is replaced by an older version one.

Aim of MPU is to provide confidentiality, integrity and freshness of the off-chip memory by following the requirements listed below. The only data that an adversary can retrieved from memory is in confidential form (i.e. encrypted as ciphertext). The only information an adversary can learn from memory is whether a memory block was changed. Prevention of spoofing, splicing and replay attacks.

Memory encryption mainly concerned with the confidentiality of data and code during execution deployed using symmetric key encryption Memory authentication (i.e. integrity verification) needed to prevent hardware attacks that may compromise data integrity and also insusceptible against replay attacks. deployed the keyed Message Authentication Code (MAC) using the block address information and counter (prevent replay attack). deployed integrity tree is favourable option as the tree s root is stored on the secure onchip memory storage

A shared-key based transformation, to the message to provide both encryption and authentication. [Encryption] ciphertext is derived by encrypting the plaintext with a secret key [Decryption] same secret key and the ciphertext are used to obtain either the original plaintext or an indicator to verify the authenticity of the ciphertext. Hardware cost saving since the encryption and authentication can share a part of the computation Recommended modes for AE: Counter with Cipher Block Chaining Mode (CCM) Galois Counter Mode (GCM) NIST s recommendation: AES cipher combined GCM to form AES-GCM

Authentication Encryption I V Address Counter Nonce 0 Nonce 1 Nonce 2 Nonce N AES-GCM is a counter-based encryption scheme which also provides data authentication. CacheLine (CL) Block 0 Block 1 Block 2 Block N AES AES AES AES CL CL CL CL CipherT0 CipherT1 CipherT2 CipherTN [Encryption] operates as a standard counter mode where sequence of pads is generated from a nonce and XORed with plaintext to produce the ciphertext. Nonce GF mult GF mult GF mult GHASH GF mult [Decryption] is identical to encryption, except that the plaintext and ciphertext are swapped. AES Hash (Tag) Encryption and authentication with AES-GCM

Benefit of AES-GCM for RISC-V SoC Implementations: GCM authentication portion has been proven to be as secure as the deployed cipher, which is the AES. GCM authentication can be largely overlapped with memory latency. With that, program performance is not severely affected. Both the encryption and authentication portions shares the same AES hardware and this offer an optimal cost-effective solution

LEGEND: System on Chip Core L1 Cache Transactions to unsecure memory region Transactions to secure memory region Auto-generated transactions to metadata region Other On-Chip memory transactions L2 Cache MPU SMRR AES GCM Memory Controller (MC) Untrusted DRAM Non-trusted Region TR Metadata Trusted Region (TR) Non-trusted Region Dynamic and reconfigurable DRAM memory region allocation. Partial Memory Encryption (PME) feature: DRAM allocation is freed and repartitioned into finer granularity regions: trusted region, non-trusted region or medata region These regions allocation is protected from interception and modification by software. Data memory will be mapped to the allocated region according to their memory address.

Level 3 (root : on-chip) n37 n36 n35 n34 n33 n32 n31 n30 Efficient implementation Bonsai Merkle Tree (BMT): Level 2 Tag34 n27 n26 n25 n24 n23 n22 n21 n20 MAC over every memory cache line (CL) with a nonce. Level 1 Level 0 Data covered by the BMT Tag20 Tag15 Tag05 n17 n07 Ctr7 n16 n06 Ctr6 n15 n05 Ctr5 n14 n04 Ctr4 n13 n03 Ctr3 n12 n02 Ctr2 n11 n01 Ctr1 n10 n00 Ctr0 Counter (Ctr) concatenated with the data address (addr) and Initialization Vector (IV) as extra input of the MAC function: MAC = MACK (CL, {IV addr Ctr }) Hash Code Protected Data (Cache Lines) Tag7 Tag6 CL7 Tag5 nonce Tag4 Tag3 Tag2 Tag1 CL0 Tag0 [Advantage] BMT is applied to build the integrity tree over the Counters instead over the CL data I V addr CL0 Ctr0 AES GCM Tag0 Branch of the Bonsai Merkle Tree (BMT)

The specific instantiation of the MPU data structure is defined by setting Cache Line: 512 bits Counter: 56 bits Tag (hash code): 64 bits. We built an 8-ary tree over the cache lines Counters; Each cache line, eight Counters and one Tag are stored. The infrastructure supports 128MB of secure memory region. A tree of 6 levels, the root (top level) will be securely stored in the on-chip memory and the other levels stored inside the main memory at the metadata section.

TileLink NASTI Rocket Tile io_cached io_uncached L2 Cache Bus Grant Acquire MPU connecttilelinknasti NastiIOTileLinkIOConverter() Chisel nasti.r nasti.w System Verilog Memory Controller (MC) Bus Interface for MPU in RISC-V Rocket. Rocket core uses TileLink internal buses to connect tiles, caches components. A custom bus interface, NASTI/NASTI-Lite is deployed (UC Berkeley implementation of AXI-Lite) for the external buses and as Rocket interface for all the IO devices. Therefore, the interconnection between the cache, MC and DRAM involves interface convertor connecttilelinknasti that requires NastiIOTileLinkIOConverter().

For effective alignment and efficient performance, the cryptographic primitives are place in between or within the connector. [Unencrypted side], translation of the memory request, decoding write request and encoding read request are performed. [Encrypted side], support for memory read/write operations that is integrated with authenticated encryption schemes is provided.

R/W Port Rocket Core READ DRAM MPU Check Address CipherText Tag/Nonce Encryption secret Authentication nonsecret PlainText Every memory request from TileLink io.tl.acquire.valid will invoke AE computation and metadata generation before storing/fetching to DRAM via NASTI buses. WRITE request: the outgoing TileLink Acquires invokes AE computation and followed by decomposition into NASTI address and data channels to DRAM (io.nasti.w.bits). Data secret nonsecret READ request: the incoming NASTI responses (io.nasti.ar.bits) go through AE and aggregated into TileLink Grants. WRITE Check Address Write/Read memory request flow.

Execution overhead which resulted from the timing latencies is analyzed in terms of total number of cycles required to perform encryption and authentication of a cache line of 64 bytes for real world benchmarks (SPEC2006). Storage overheads are observed in terms of the additional memory allocated for the metadata in both the internal cache and the external RAM.

New memory protection unit (MPU) implemented into RISC-V lightweight SoC. The framework: Uses AES-GCM for authenticated encryption and alongside with the lightweight integrity tree, the customized cryptographic primitives Incurred the least storage overhead in comparison to the existing technologies. Features partial memory encryption where sensitive software, data or application programming interfaces (APIs) will be diligently identified, encrypted and stored in the reconfigurable trusted region of the DRAM. From security perspective, our MPU fulfilled the conditions required to preserve the confidentiality, integrity and freshness of data memory that is essential for secure SoC

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback