Academic Work

Home

Regaining Lost Cycles with HotCalls: A Fast Interface for SGX Secure Enclaves

Published at ISCA 2017

The paper, Git repo

Abstract: Intel's SGX secure execution technology allows the running of computations on secret data using untrusted cloud servers. While recent work showed how to port applications and large scale computations to run under SGX, the performance implications of using the technology remains an open question. We present the first comprehensive quantitative study to evaluate the performance of SGX. We show that straightforward use of SGX library primitives for calling functions add between 8,200 - 17,000 cycles overhead, compared to 150 cycles of a typical system call. We quantify the performance impact of these library calls and show that in applications with high system calls frequency, such as memcached, openVPN, and lighttpd, which all have high bandwidth network requirements, the performance degradation may be as high as 79%. We investigate the sources of this performance degradation by leveraging a new set of micro-benchmarks for SGX-specific operations such as entry-calls and out-calls, and encrypted memory I/O accesses. We leverage the insights we gain from these analyses to design a new SGX interface framework, HotCalls: HotCalls provide a 13-27x speedup over the default interface. It can easily be integrated into existing code, making it a practical solution. Compared to a baseline SGX implementation of memcached, openVPN, and lighttpd - we show that using the new interface boosts the throughput by 2.6-3.7x, and reduce application response time by 62-74%.

WALNUT: Waging doubt on integrity of MEMS AcceLerometers by iNjecting acoUsTics

Published at IEEE European Symposium on Security and Privacy, 2017

The paper, paper-website
Additional links: ICS-ALERT, The New York Times, Michigan Engineering, Fortune, Gizmodo.

Abstract: Embedded systems depend on sensors to make automated decisions. Resonant acoustic injection attacks are already known to cause malfunctions by disabling MEMS-based gyroscopes. However, an open question remains on how to move beyond denial of service attacks to achieve full adversarial control of sensor outputs. Our work investigates how analog acoustic injection attacks can damage the digital integrity of a popular type of sensor in consumer devices: the capacitive MEMS accelerometer. Spoofing such sensors with intentional acoustic interference enables an out-of-spec pathway for attackers to deliver chosen digital values to microprocessors and embedded systems that blindly trust the unvalidated integrity of sensor outputs. Our contributions include (1) modeling the physics of malicious acoustic interference on MEMS accelerometers, (2) discovering the circuit-level design flaws that cause the vulnerabilities by measuring acoustic injection attacks on MEMS accelerometers as well as systems that depend on the sensors, and (3) two software-only defenses that mitigate many of the risks to the integrity of MEMS accelerometer outputs.

We characterize two classes of acoustic injection attacks: output biasing and output control. We test these attacks against 20 models of capacitive MEMS accelerometers representing the majority of the consumer market. Our experiments find that 75\% are vulnerable to output biasing, and 65\% are vulnerable to total output control. To illustrate end-to-end implications, we show how to inject fake steps into a Fitbit with a $5 speaker. In our self-stimulating attack, we play a malicious music file from a smartphone's speaker to control the on-board MEMS accelerometer trusted by a local app to pilot a toy RC car. In addition to offering hardware design fixes to eliminate the root causes of poor amplification and filtering, we introduce two low-cost defenses that mitigate output biasing attacks: randomized sampling and 180o out-of-phase sampling. These software-only approaches mitigate attacks by exploiting the periodic and predictable nature of the malicious acoustic interference signal. Our results call into question the wisdom of allowing microprocessors and embedded systems to blindly trust that hardware abstractions alone will ensure the integrity of sensor outputs.

A New Framework for Constraint-Based Probabilistic Template Side Channel Attacks

Published in CHES 2014, The major part of the Master's Thesis. Link


The implementation was submitted to the DPA v4 contest

CHES presentation
CHES presentation - offline version (Zip file contains the Prezi executable, and is therefore encrypted. Passowrd: 12345678. )

Abstract: The use of constraint solvers, such as SAT- or PseudoBoolean-solvers, allows the extraction of the secret key from one or two side-channel traces. However, to use such a solver the cipher must be represented at bit-level. For byte-oriented ciphers this produces very large and unwieldy instances, leading to unpredictable, and often very long, run times. In this paper we describe a specialized byte-oriented constraint solver for side channel cryptanalysis. The user only needs to supply code snippets for the native operations of the cipher, arranged in a flow graph that models the dependence between the side channel leaks. Our framework uses a soft decision mechanism which overcomes realistic measurement noise and decoder classification errors, through a novel method for reconciling multiple probability distributions. On the DPA v4 contest dataset our framework is able to extract the correct key from one or two power traces in under 9 seconds with a success rate of over 79%.'

Practical Template-Algebraic Side Channel Attacks with Extremely Low Data Complexity

Published in HASP 2013 Link

Abstract: Template-based Tolerant Algebraic Side Channel Attacks (Template-TASCA) were suggested in [20] as a way of reducing the high data complexity of template attacks by coupling them with algebraic side-channel attacks. In contrast to the maximum-likelihood method used in a standard template attack, the template-algebraic attack method uses a constraint solver to find the optimal state correlated to the measured side-channel leakage. In this work we present the first application of the template-algebraic key recovery attack to a publicly available data set (IAIK WS2). We show how our attack can successfully recover the encryption key even when the attacker has extremely limited access to the device under test \xe2\x80\x93 only 200 traces in the offline phase and as little as a single trace in the online phase.'

DPA v4 Contest Submission

Source code of the contest candidate. Includes the constraint solver described in CHES 2014, and decoders that were described in the HASP 2013 work

Source: https://github.com/oweisse/dpav4-contest
source code zip.

New Methods for Side Channel Cryptanalysis

Master's Thesis, 2014 Link

Abstract: Template-based Tolerant Algebraic Side Channel Attacks (Template-TASCA) were sug- gested by Wool et al. in 2012. as a way of reducing the high data complexity of template attacks by coupling them with algebraic side-channel attacks. In contrast to the maximum-likelihood method used in a standard template attack, the template- algebraic attack method uses a constraint solver to find the optimal state correlated to the measured side-channel leakage. In this work we present a practical application of the template-algebraic key recovery attack to a publicly available data set (IAIK WS2). We show how our attack can successfully recover the encryption key even when the attacker has extremely limited access to the device under test – only 200 traces in the offline phase and as little as a single trace in the online phase. However, to use such solvers the cipher must be represented at bit-level. For byte-oriented ciphers this pro- duces very large and unwieldy instances, leading to unpredictable, and often very long, run times. In this work we describe a specialized byte-oriented constraint solver for side channel cryptanalysis. The user only needs to supply code snippets for the native operations of the cipher, arranged in a flow graph that models the dependence between the side channel leaks. Our framework uses a soft decision mechanism which overcomes realistic measurement noise and decoder classification errors, through a novel method for reconciling multiple probability distributions. On the DPA v4 contest dataset our framework is able to extract the correct key from one or two power traces in under 9 seconds with a success rate of over 79%.

Toggle Menu