Preventing Your Faults From Telling Your Secrets: Defenses Against Pigeonhole Attacks

New hardware primitives such as Intel SGX secure a user-level process in presence of an untrusted or compromised OS. Such "enclaved execution" systems are vulnerable to several side-channels, one of which is the page fault channel. In this paper, we show that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt --- leaking 27% on average and up to 100% of the secret bits in many case-studies. To mitigate this, we propose a software-only defense that masks page fault patterns by determinising the program's memory access behavior. We show that such a technique can be built into a compiler, and implement it for a subset of C which is sufficient to handle the cryptographic routines we study. This defense when implemented generically can have significant overhead of up to 4000X, but with help of developer-assisted compiler optimizations, the overhead reduces to at most 29.22% in our case studies. Finally, we discuss scope for hardware-assisted defenses, and show one solution that can reduce overheads to 6.77% with support from hardware changes.

[1]  P. Saxena,et al.  Protecting Legacy Applications with a Purely Hardware TCB , 2015 .

[2]  Naomi Benger,et al.  Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack , 2014, IACR Cryptol. ePrint Arch..

[3]  Beng Chin Ooi,et al.  M2R: Enabling Stronger Privacy in MapReduce Computation , 2015, USENIX Security Symposium.

[4]  Prateek Saxena,et al.  On the Trade-Offs in Oblivious Execution Techniques , 2017, DIMVA.

[5]  David Schultz,et al.  The Program Counter Security Model: Automatic Detection and Removal of Control-Flow Side Channel Attacks , 2005, ICISC.

[6]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[7]  Angelos D. Keromytis,et al.  The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications , 2015, CCS.

[8]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[9]  OpenSSL OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[10]  Steven M. Hand,et al.  Self-paging in the Nemesis operating system , 1999, OSDI '99.

[11]  Kartik Nayak,et al.  ObliVM: A Programming Framework for Secure Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[12]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[13]  Michael K. Reiter,et al.  Cross-Tenant Side-Channel Attacks in PaaS Clouds , 2014, CCS.

[14]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[15]  Michael K. Reiter,et al.  Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud , 2013, CCS.

[16]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[17]  Jan Reineke,et al.  CacheAudit: A Tool for the Static Analysis of Cache Side Channels , 2013, TSEC.

[18]  Christos Gkantsidis,et al.  VC 3 : Trustworthy Data Analytics in the Cloud , 2014 .

[19]  Vitaly Shmatikov,et al.  Memento: Learning Secrets from Process Footprints , 2012, 2012 IEEE Symposium on Security and Privacy.

[20]  Michael M. Swift,et al.  Scheduler-based Defenses against Cross-VM Side-channels , 2014, USENIX Security Symposium.

[21]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[22]  Geoffrey Smith,et al.  Vulnerability Bounds and Leakage Resilience of Blinded Cryptography under Timing Attacks , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[23]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[24]  Koen De Bosschere,et al.  Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[25]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[26]  Bart Coppens,et al.  Compiler mitigations for time attacks on modern x86 processors , 2012, TACO.

[27]  Markus Dürmuth,et al.  A Provably Secure and Efficient Countermeasure against Timing Attacks , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[28]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[29]  Elaine Shi,et al.  Memory Trace Oblivious Program Execution , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[30]  Geoffrey Smith,et al.  On the Foundations of Quantitative Information Flow , 2009, FoSSaCS.

[31]  Ramakrishna Gummadi,et al.  Determinating timing channels in compute clouds , 2010, CCSW '10.

[32]  Gorka Irazoqui Apecechea,et al.  Wait a Minute! A fast, Cross-VM Attack on AES , 2014, RAID.

[33]  Rafail Ostrovsky,et al.  On the (in)security of hash-based oblivious RAM and a new balancing scheme , 2012, SODA.

[34]  Daniel Pierre Bovet,et al.  Understanding the Linux Kernel , 2000 .

[35]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[36]  Tal Garfinkel,et al.  Towards Application Security on Untrusted Operating Systems , 2008, HotSec.

[37]  Milos Prvulovic,et al.  A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[38]  Danfeng Zhang,et al.  Language-based control and mitigation of timing channels , 2012, PLDI.

[39]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[40]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[41]  Laurent Mauborgne,et al.  Automatic Quantification of Cache Side-Channels , 2012, CAV.

[42]  Hovav Shacham,et al.  Iago attacks: why the system call API is a bad untrusted RPC interface , 2013, ASPLOS '13.

[43]  Elaine Shi,et al.  Oblivious RAM with O((logN)3) Worst-Case Cost , 2011, ASIACRYPT.

[44]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[45]  Andrey Bogdanov,et al.  Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[46]  Carsten Willems,et al.  Practical Timing Side Channel Attacks against Kernel Space ASLR , 2013, 2013 IEEE Symposium on Security and Privacy.

[47]  Taesoo Kim,et al.  STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud , 2012, USENIX Security Symposium.

[48]  Xiaoxin Chen,et al.  Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems , 2008, ASPLOS.

[49]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[50]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[51]  Emmett Witchel,et al.  InkTag: secure applications on an untrusted operating system , 2013, ASPLOS '13.