Scribd Logo
Upload

Welcome to Scribd!

  • 42 views

    Conf Micro 2006

    Uploaded by

    larryshi
    The document discusses secure processor design and authentication control points. It describes how 80% of critical program information is contained in software and firmware, making secure processors and programmable logic devices essential for protecting this information. It also notes that in secure systems, critical technology may be available to adversaries if they access the system software in the event a system is captured intact. The document then outlines a layered security architecture and discusses solutions at each layer to prevent exploits. It proposes an architecture with a secure processor, encryption/decryption engine, and encrypted memory to provide integrity verification.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd

    Conf Micro 2006

    Uploaded by

    larryshi
    42 views26 pages
    The document discusses secure processor design and authentication control points. It describes how 80% of critical program information is contained in software and firmware, making secure processors and programmable logic devices essential for protecting this information. It also notes that in secure systems, critical technology may be available to adversaries if they access the system software in the event a system is captured intact. The document then outlines a layered security architecture and discusses solutions at each layer to prevent exploits. It proposes an architecture with a secure processor, encryption/decryption engine, and encrypted memory to provide integrity verification.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses secure processor design and authentication control points. It describes how 80% of critical program information is contained in software and firmware, making secure processors and programmable logic devices essential for protecting this information. It also notes that in secure systems, critical technology may be available to adversaries if they access the system software in the event a system is captured intact. The document then outlines a layered security architecture and discusses solutions at each layer to prevent exploits. It proposes an architecture with a secure processor, encryption/decryption engine, and encrypted memory to provide integrity verification.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    42 views26 pages

    Conf Micro 2006

    Uploaded by

    larryshi
    The document discusses secure processor design and authentication control points. It describes how 80% of critical program information is contained in software and firmware, making secure processors and programmable logic devices essential for protecting this information. It also notes that in secure systems, critical technology may be available to adversaries if they access the system software in the event a system is captured intact. The document then outlines a layered security architecture and discusses solutions at each layer to prevent exploits. It proposes an architecture with a secure processor, encryption/decryption engine, and encrypted memory to provide integrity verification.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 26

    Authentication Control Point and Its Implications For Secure Processor Design

    Weidong Shi Hsien-Hsin S. Lee

    Motorola Labs Georgia Tech

    Problem Statement
    Excerpt From SOD Public Document
    Studies indicate that approximately 80% of all CPI (Critical Program Information ) is contained in software/firmware. A broader range of robust techniques or technologies that protect software, data, and firmware is essential and will have a broad impact on protecting CPI. Secure programmable logic devices and secure processors are needed.
    In secure systems, particularly weapon systems, critical technology may be available to an enemy if access is acquired to the system software. In case of capture of a system intact, this information may be available to an adversary by reading the system memory.
    2

    Layered Security Architecture


    Layer
    Application OS Firmware/ Boot image Platform Level Sub Platform Level (sidechannels) Package & Circuit Level

    Exploits
    software patching/amputation, de-compilation, worm, virus rootkit, system call tampering kernel space eavesdrop BIOS spoof/hijack,boot image virus chip interconnect/bus chip interconnect/bus snoop, eavesdrop, device spoof power analysis,timing analysis, etc de-packaging, micro-probing, optical reverse engineer

    Solution
    application signing, access control, OS signing, virtualization, TCG/TPM (trusted platform module) secure processor, memory encryption self-timed circuit, obfuscated power footprint secure packaging, private circuit
    3

    Architecture Overview
    Processor Core

    L1/L2 $

    Memory Enc/Dec, Integrity Verification Engine Trusted Secure Proc Encrypted Memory

    Micro 2003, PACT 2004, ASPLOS 2004, ISCA 2005, ISCA 2006.
    4

    Integrity Check vs. Superscalar Processor


    Encrypted Memory Line

    Issue of implementing integrity

    Decryption

    Integrity Wait for integrity Verification verification


    Processor Pipeline

    verification in superscalar processor Decryption is faster than authentication Great temptation to issue decrypted instructions/data before authentication Disassociation of decryption and authentication

    Memory fetch side-channel Disclose information through


    fetch address

    Confidentiality violations
    5

    Decryption and Integrity Verification


    Decryption Pad Computation Memory Fetch

    Pad

    Pad

    Pad

    Pad

    Cipher Block

    Cipher Block

    Cipher Block

    Cipher Block

    MAC

    Cipher Block Clear Block Clear Block Clear Block Clear Block

    Cipher Block

    Cipher Block

    Cipher Block

    = =?

    MAC

    Integrity Verification and Stall


    Authentication-then-commit Reorder Buffer Rename File
    Instruction Fetch

    Issue Queue

    Reservation Station

    Issue Queue

    Reservation Station

    FU

    LQ

    SQ

    Integrity Veri Veri Request FIFO Memory Enc/Dec

    Authentication-then-issue dL1$ Authentication-then-write


    WriteBack Buffer

    iL1$

    L 2 $

    Authentication-then-fetch
    Front Side Bus Control
    7

    Write/Fetch Stall Due to Integrity Veri


    R1<-[R3]

    Authentication-then-fetch Stall external Mem fetch

    TEST R1, R5

    NO
    BEQ Addr2

    Authentication-then-write Stall external Mem write

    R3<-R1+4

    R2<-[R1]

    R4<-[Add1]

    R1<-[R3]

    R4<-R4+R2

    [Addr1]<-R4

    Dangerous of Speculative Fetches


    Bit Flipping Attack ciphertext
    1 0 1 1 0 1 0 1 1

    plaintext
    0 1 0 1 0 0 1 1 0

    addr =
    Data Next Data Next

    0 0 0 0 1 1 0 0

    Why? Fetches not considered as state changes. Fetch is launched speculatively to improve performance.

    Secret

    Fetch as a result of malicious tampering.


    1 1 1 0 0 1 0 1

    Cipher text of NULL Pointer Target Address XOR


    0 0 0 0 1 1 0 0

    Data NULL
    1 1 1 0 1 0 0 1
    9

    Dangerous of Speculative Fetches


    Int* p; Sum = 0; while (p) { Sum += *p; p++; }
    R1<-[R3]

    Load Tampered Pointer

    Data NULL
    JMP Add1

    Secret

    JMP Add1

    R4 <- 0 Add1 R5 <- 0 TEST R1, R5 BEQ Addr2 R2 <- [R1] R4 <- R4 + R2 R3<- R1+4 R1<- [R3] JMP Add1 Add2

    TEST R1, R5

    TEST R1, R5

    NO
    BEQ Addr2 BEQ Addr2

    NO

    R2<-[R1]

    R3<-R1+4

    R2<-[R1]

    Disclose Secret
    R4<-R4+R2 R1<-[R3]

    Load Secret
    10

    Compare of Different Schemes


    Precise Uncorrupted Uncorrupted Interrupt Memory State Arch State
    Authenticate-then-Issue Authenticate-then-Commit Authenticate-then-Write Authenticate-then-Fetch Authenticate-then-Commit + Fetch Authenticate-then-Commit + Addr Obfuscation

    Disclose Secret Through Memory Fetch Address No Yes Yes No No No

    Yes Yes No No Yes Yes

    Yes Yes Yes No Yes Yes

    Yes Yes No No Yes Yes

    11

    Simplified Implementation
    Integrity Verification Logic Verified Integrity of Line (Tag = 6)

    ID, Enc Line, MAC


    Tag MAC Veri Reqs 4 Line X Line Y 5 6 Line Z 7 Line U 8 Line V Tag Addr Line 6 0xff0 0xdeadbeef Tag Addr 8 0x120

    Write Line

    Read Line

    Memory Line Authentication Request FIFO


    12

    Experiment Setup
    Parameters L1 I/D Cache L2 Cache Memory Bus CPU Clock L1 Latency Value DM, 16KB 4way, unified, 256KB/1M 200MHz, 8B wide 1GHz 1 cycle

    L2 Latency
    Decryption Latency RUU

    4 cycles (256KB), 8 cycles (1MB)


    80ns 64, 128 entries

    Simplescalar 3.0 SPEC2000 INT/FP


    13

    Results
    1.2 1 0.8 0.6 0.4 0.2 0
    m cf am m p ap pl u a m gr id pa rs er ol f im vp r w up w is av e er ag e bz ip 2 ap si gz ip pe rl ga p gc c ar t m es sw tw vo r te x

    Normalized IPC (256K)

    authen_then_issue authen_then_write authen_then_commit+fetch

    authen_then_commit authen_then_fetch authen_then_commit+addr_obfuscation

    Performance Ranking write > commit > fetch > commit+fetch > issue > commit + addr obfuscation
    14

    Results
    1.2 1 0.8 0.6 0.4 0.2 0
    m cf am m p ap pl u a m gr id pa rs er pe rl sw im ol f vp r w up w is av e er ag e bz ip 2 ga p ap si gc c gz ip ar t m es tw vo r te x

    Normalized IPC (1M)

    authen_then_issue authen_then_write authen_then_commit+fetch

    authen_then_commit authen_then_fetch authen_then_commit+addr_obfuscation

    Performance Ranking write > commit > fetch > commit+fetch > issue > commit + addr obfuscation
    15

    Results
    0.6 0.5 0.4 0.3 0.2 0.1 0
    m cf am m p ap pl u a m gr id pa rs er pe rl sw im ol f vp r w up w ise av er ag e bz ip 2 ga p ap si gc c gz ip ar t m es tw vo r te x

    IPC Improvement (256K)

    commit_over_issue write_over_issue

    commit+fetch_over_issue

    Significant Advantage of Write, Commit Over Issue Commit + Fetch 5-10% Faster Than Issue
    16

    Results
    0.35 0.3 0.25 0.2 0.15 0.1 0.05 0
    m cf am m p ap pl u a m gr id pa rs er pe rl sw im ol f w up w i av se er ag e bz ip 2 ga p gc c ap si gz ip m es tw vo r te x vp r ar t

    IPC Improvement (1M)

    commit_over_issue write_over_issue

    commit+fetch_over_issue

    Significant Advantage of Write, Commit Over Issue Commit + Fetch Marginal Averaged Improvement, mgrid, vpr, 5-10%
    17

    Results
    1.2 1 0.8 0.6 0.4 0.2 0
    m cf am m p ap pl u a m gr id pa rs er pe rl sw im ol f vp r w up w ise av er ag e bz ip 2 ga p ap si gc c gz ip ar t m es tw vo r te x

    Hash Tree

    authen_then_issue authen_then_write authen_then_commit_fetch

    authen_then_commit authen_then_fetch

    Write > Fetch > Commit > Commit+Fetch > Issue


    18

    Results
    0.4 0.35 0.3 0.25 0.2 0.15 0.1 0.05 0
    m cf am m p ap pl u a m gr id pa rs er pe rl sw im ol f vp r w up w i av se er ag e bz ip 2 ga p gc c gz ip ap si ar t m es tw vo r te x

    IPC Improvement (Hash Tree)

    commit_over_issue

    commit+fetch_over_issue

    Significant Advantage of Commit, Commit+Fetch Over Issue


    19

    Results
    1.2 1 0.8 0.6 0.4 0.2 0
    m cf am m p ap pl u a m gr id pa rs er pe rl sw im ol f vp r w up w is av e er ag e bz ip 2 ga p ap si gc c gz ip ar t m es tw vo r te x

    Normalized IPC (64 RUU)

    authen_then_issue authen_then_write

    authen_then_commit authen_then_commit_fetch

    Performance Ranking write > commit > fetch > commit+fetch > issue > commit + addr obfuscation
    20

    Results
    0.6 0.5 0.4 0.3 0.2 0.1 0
    m cf am m p ap pl u a m gr id pa rs er pe rl sw im ol f vp r w up w ise av er ag e bz ip 2 ga p ap si gc c gz ip ar t m es tw vo r te x

    IPC Improvement (64 RUU)

    commit_over_issue

    commit+fetch_over_issue

    21

    Conclusions
    OOO processor pipeline requires special attention on when decrypted data or instruction can be used or issued. To prevent memory fetch address side-channel exploits, authentication-then-issue and authentication-then-fetch are recommended. Performance ranking authen-then-write > authen-then-fetch+commit > authen-then-commit > authen-then->issue Authentication-then-fetch+commit outperforms authenticationthen-issue Precise interrupt Integrity verified architecture and memory states

    22

    Questions

    23

    Georgia Tech MARS Labs


    http://arch.ece.gatech.edu

    Much Simplified Exploits


    Look for Invariant Prologue or Epilogue or Predicable Code Sequence (e.g., NOPs)

    Invariant Prologue
    SP, -16(SP) STQ Zero, 8(SP)

    After Step 2
    R1<-[addr] R2<-[R1]

    Replace the Victim Code Sequence with Disclosing Kernel

    Runtime
    R1<-[addr] R2<-[R1]

    Issued Executed Verified X X X X X X

    Run the Tampered Code Recover Secret from Logical Analyzer

    R1<-[addr]

    Load Secret
    R2<-[R1]

    Disclose Secret
    25

    Timing Analysis
    Latency of new fetch address from the previous fetch

    Authentication-then-issue
    external decryption memory fetch authentication Frequent Values Frequent Values Frequent Values external Frequentfetch Values memory

    Time Line
    decryption authentication Frequent Values Frequent Values

    Stall

    Issue decrypted inst/operand

    Issue new fetch

    Issue decrypted inst/operand

    Latency of new fetch address from the previous fetch

    Authentication-then-fetch
    external memory fetch decryption

    Frequent Values Frequent Values Frequent Values authentication


    Issue decrypted inst/operand

    external Frequent Values memory fetch

    decryption

    authentication Frequent Values Frequent Values

    Issue new fetch

    Issue decrypted inst/operand


    26

    You might also like