Hardware Security / Side Channel Attacks Flashcards
Hardware Security - Definitions 2 types of definitions:
- 1) Implementing security protection mechanisms in hardware rather than software
- 2) Protecting hardware itself
- 1) Implementing security protection mechanisms in hardware rather than software: e.g.?
- e.g., TEEs - A Trusted Execution Environment (TEE)
- e.g., PUFs - Physically Unclonable Functions (PUFs)
- 2) Protecting hardware itself e.g.,
- e.g., bitstream security in FPGAs
what is TEEs? Trusted Execution Environment
is a secure area of a main processor. It helps
code and data loaded inside it to be protected with respect to confidentiality and integrity.
what os PUFs ? Physically Unclonable Functions
is (partly) disordered physical system which
operation cannot be reproduced even by its original manufacturer. It relies on the nanoscale
structural differences present in the device. For a given challenge, a PUF provides a physically
defined “digital fingerprint” response. The response serves as a unique identifier, often used to
construct keys for encryption.
what is bitstreeam security in FPGAs?
A bitstream configures an FPGA and includes the description of the hardware logic, routing, and initial values for both registers and on-chip memory. Protecting it means making sure this configuration file is not replaced/altered/obtained by unauthorized parties. Bitstream security can be achieved by encrypting it using, e.g., PUFs (mentioned in the
last slide).
Hardware Security – Why?
In relation to 1)
* Software: is (or can be) wildly vulnerable to attacks; “easy” to corrupt; widespread
knowledge on how it works, mutable, etc.
* Hardware: is, by nature, more secure than software; immutable (hence “hard”, not
“soft”) (ASIC), reconfigurable based on a configuration file (FPGAs).
In relation to 2)
* Attacks generally need: very comprehensive knowledge; and/or target very
specific/hard-to-find vulnerabilities; or require the use of side channels;
means to install hardware trojans; or require physical access; …
Concepts:
CPU: executes instructions of a computer program, such as arithmetic, logic, controlling, and
input/output (I/O) operations.
Cache: hardware or software component that stores data so that future requests for that data can be served faster; the data stored in a cache might be the result of an earlier computation or a copy of data stored elsewhere. A cache hit occurs when the requested data can be found in a cache, while a cache miss occurs when it cannot.
Flush: what happens when the line for a given address is removed from every cache in a coherent system due to
a flush instruction (e.g., cflush)
Evict: Cache eviction is a feature where data blocks in the cache are released when usage exceeds a soft quota,
and space is created for new blocks. Can be forced manually, typically used when cflush is not available
Cache block: caches are divided into blocks. It’s the basic unit for cache storage. May contain multiple
bytes/words of data.
Memory page:fixed-length contiguous block of virtual memory, described by a single entry in a page
table. It is the smallest unit of data for memory management in an operating system that uses virtual
memory.
what is Side channel attack?
is an exploit aiming to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the
system or its hardware, rather than targeting the program or its code directly.
T/F Most commonly, these attacks aim to exfiltrate sensitive information, including
cryptographic keys, by measuring coincidental hardware emissions.
T
example of side channel attack
Ciphertext —> Decryption process –> output(plaintext)
| ^
v |
-Cache attack |
-Timing attack ——> Side-channel analysis
-Power consumption monitoring
- Acoustic cryptanalysis
-Optical attack, etc…
what is spectre attack?
use CPU cache as a side channel to steal a protected secret. The technique used in this side-channel attack is called FLUSH+RELOAD
what is CPU cache?
is a hardware cache used by the CPU of a computer to reduce the average cost (time or energy) to access data from the main memory. Accessing data
from CPU cache is much faster.
T/F When data is fetched from the main memory, it is usually cached by the CPU, so if
the same data is used again, the access time will be much faster. Therefore, when a
CPU needs to access some data, it first looks at its caches. If the data is there (hit), it
will be fetched directly from there. If the data is not there (miss), the CPU will go to
the main memory, which takes significantly longer.
T
What is a side channel attack? – CPU context
- Attack which is enabled by the micro architectural design of the CPU and based on information gained from the implementation of a computer system.
- Types:
- Cache:attack which monitors how quickly data accesses take and infer whether or not said data was in the cache. We will focus on cache side-channels.
- Timing: attack which monitors time it takes for machine to do various computations
- Power-monitoring: attack which monitors power consumption of hardware on various computations…
Cache side channel?
The side channel comes from monitoring how quickly data can be accessed from the
cache.
- Data which is accessed quickly => stored in the cache
- Data which is accessed slowly => stored in main memory
Exploiting caching - Flush + Reload
- Flush any access of memory for data you control from the cache (e.g., with cflush())
- Let malicious/normal code run and access memory you control with a “secret” (i.e., some piece of
data you don’t want disclosed – in the lab we will just use a simple value) - Try reloading elements from the controlled memory and see how quickly they are accessed (see if
they are in cache or in memory)
Exploiting caching - Evict + Reload
- Evict memory access of data you control by loading other (possibly random) data into the cache
(i.e., remove data from the cache by loading other data to force it out due to it being full) - Due to the limited size of cache, the specific cache line is evicted
- Let the victim program run and access memory using the “secret”, reload data and measure access
time
Difference between Flush+Reload and Evict+Reload
*Flush+Reload uses a dedicated machine instruction, e.g., x86’sclflush, to evict the
cache lines.
*Evict+Reload forces contention (i.e., overload) on the cache set that stores the line,
causing the processor to discard the contents of that cache line. Evict+Reload
techniques are typically used when access toclflushis unavailable
Flush+Reload – more detail
*The attack uses the timing differences between memory accesses from the cache and from the memory (DRAM)
*Suppose that your process runs the function foo() on core A, then A loads the instructions for foo() from main memory, executes them, and the instructions are
stored in the cache for later.
- If your process runs once again, the second execution will be faster than the first as A
doesn’t need to load foo() from memory; it loads from the cache - Now, let’s assume the attacker runs a process on core B, co-located in the same CPU. Since the last-level cache is shared between cores, the attacker can flush the stored
function foo() in the cache by using clflush instruction—an instruction that can be invoked by any process. - Then, the attacker calls the function foo() again. If the execution of foo() is fast, it means some other process ran the foo() before the attacker tried to reload it.
- Otherwise, it means no process ran foo() before the attacker. A Flush+Reload attacker repeats these steps periodically, monitoring a list of functions and identifies the sequence of function calls that the victim ran while processing an input
Privilege check
- Modern CPUs enforce a privilege check of a program accessing kernel memory
- This privilege check sometimes occurs too late (i.e., once the data has already
been read) - Privilege checks aren’t performed until the instruction is completed
- The CPUs knows that this occurs, so anything unprivileged which was executed will be forgotten and an exception will be raised
- As a result, the memory that was accessed recently is still stored in cache
What are Spectre and Meltdown?
- They are the nicknames for the three vulnerabilities:
- Variant 1: bounds check bypass (CVE-2017-5753)
- Variant 2: branch target injection (CVE-2017-5715)
- Variant 3: rogue data cache load (CVE-2017-5754)
- Variant 1 and 2 are Spectre
- Variant 3 is Meltdown
What do they do?
Spectre:
*Breaks the isolation between different applications
*Allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets
Meltdown:
*Breaks the most fundamental isolation between user applications and the operating system
*Allows a program to access the memory, and thus also the secrets, of other programs and the operating system
What do they affect?
*Affects some/all modern processors, servers, mobile phones (Apple SoCs)
*Meltdown
* Intel, ARM, IBM …
* Desktop, Laptop, and Cloud computers
*Spectre
* Intel, AMD, ARM, IBM …
* Desktops, Laptops, Cloud Servers, as well as Smartphones
*Affects all operating systems
* Linux, Windows, MacOS …
