Understanding ContentionBased Channels and Using Them for Defense

Understanding Contention-Based Channels and Using Them for Defense Casen Hunger Alex Dimakis Ankit Rawat Mikhail Kazdagli Mohit Tiwari Sriram Vishwanath HPCA 2015 The University of Texas at Austin

Co-Resident Attacks

Co-Residency On The Cloud? Are co-residency attacks even possible?

Co-Residency On The Cloud? Are co-residency attacks even possible? - Attacker can force co-residency on EC 2

Co-Residency On The Cloud? Are co-residency attacks even possible? - Attacker can force co-residency on EC 2 - Attacker can verify co-residency

Co-Resident Side Channel Attacks Information inferred from the physical implementation of software

Co-Resident Side Channel Attacks Information inferred from the physical implementation of software AES

Co-Resident Covert Channel Attacks Forbidden communication of information between two colluding attackers

Channel Capacity

Channel Capacity - Use information theory to analyze channels

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec “Bucket” Model

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec “Bucket” Model - All channels rely on contention

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec “Bucket” Model - All channels rely on contention - Reads are destructive

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec “Bucket” Model - All channels rely on contention - Reads are destructive Intelligent Attacker Detection

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec “Bucket” Model - All channels rely on contention - Reads are destructive Intelligent Attacker Detection - Implies perfect detection in noiseless setting

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec “Bucket” Model - All channels rely on contention - Reads are destructive Intelligent Attacker Detection - Implies perfect detection in noiseless setting - Model detection as a game: Detector wins

Prime-Access-Probe Receiver Sender P 0 P 1 Cache

Prime-Access-Probe Step 1) Receiver primes the cache Receiver Sender P 0 P 1 Cache

Prime-Access-Probe Step 2) Sender accesses the cache to communicate Receiver Sender P 0 P 1 Cache

Prime-Access-Probe Step 3) Receiver probes the cache Receiver P 0 Cache

Prime-Access-Probe Step 3) Receiver probes the cache Receiver P 0 Yes 1 Sent Cache > Average? No 0 Sent

Load Instruction Bandwidth Receiver Sender P 0 P 1 Load Instruction Bandwidth

Load Instruction Bandwidth - Receiver executes as many loads as possible in a given time period Receiver Sender P 0 P 1 Load Instruction Bandwidth

Load Instruction Bandwidth - Receiver executes as many loads as possible in a given time period - Probe performance counter values for loads executed Receiver Sender P 0 P 1 Load Instruction Bandwidth

Load Instruction Bandwidth - To send 1, Sender reduces contention Receiver Sender P 0 P 1 Load Instruction Bandwidth

Load Instruction Bandwidth - To send 0, Sender increases contention Receiver Sender P 0 P 1 Load Instruction Bandwidth

Additional Channels - L 1, L 2, L 3 Cache Access Driven L 3 (Set Specific) Branch History Table Memory Bus

Additional Channels - L 1, L 2, L 3 Cache Access Driven L 3 (Set Specific) Branch History Table Memory Bus Load/Store Bandwidth AES Encryption Unit

Non-Contention Channels - Sound [1] EM Radiation [2] Temperature [3] Network Packet Characteristics [4] [1] Inaudible Sound as a Covert Channel in Mobile Devices USENIX `14 [2] Reverse Engineering Microprocessor Content Using Electromagnetic Radiation [3] Temperature-based covert channel in FPGA systems Re. Co. Soc `11 [4] Characteristics CLACK: A Network Covert Channel Based on Partial Acknowledgment Encoding ICC `09

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec “Bucket” Model - All channels rely on contention - Reads are destructive Intelligent Attacker Detection - Implies perfect detection in noiseless setting - Model detection as a game: Detector wins

Communication Issues

Communication Issues Drift in absolute value ft i h S

Communication Issues Drift in absolute value Deletion of Bits Deletions

Si. Fy: Offline Analysis

Si. Fy: Offline Analysis 1) Select starting time

Si. Fy: Offline Analysis 1) Select starting time 2) Select period length for each bit

Si. Fy: Offline Analysis 1) Select starting time 2) Select period length for each bit 3) Synchronize again after each bit

Si. Fy: Clock Alignment

Si. Fy: Clock Alignment Step One: Use Network Time Protocol

Si. Fy: Clock Alignment Step One: Use Network Time Protocol - Pass timestamps between both processes, taking into consideration round-trip time

Si. Fy: Clock Alignment Step One: Use Network Time Protocol - Pass timestamps between both processes, taking into consideration round-trip time RTT Clock Offset = t. S – t. R – RTT 2 t. S – Sender Timestamp t. R – Receiver Timestamp RTT – Round Trip Time

Si. Fy: Clock Alignment Step One: Use Network Time Protocol - Pass timestamps between both processes, taking into consideration round-trip time RTT Clock Offset = t. S – t. R – RTT 2 t. S – Sender Timestamp t. R – Receiver Timestamp RTT – Round Trip Time Step Two: Use covert communication for precise alignment

Si. Fy: Clock Alignment Step One: Use Network Time Protocol - Pass timestamps between both processes, taking into consideration round-trip time RTT Clock Offset = t. S – t. R – RTT 2 t. S – Sender Timestamp t. R – Receiver Timestamp RTT – Round Trip Time Step Two: Use covert communication for precise alignment - Repeatedly send predetermine message across channel

Si. Fy: Clock Alignment

Synchronization Results No Drift!

Synchronization Results No Deletions!

Calculating Capacity Easy to calculate bit flip probabilities after synchronization - Send 10, 000 bit sequence 20 times for each frequency tested

Calculating Capacity Easy to calculate bit flip probabilities after synchronization - Send 10, 000 bit sequence 20 times for each frequency tested Use Blahut-Arimoto - Maximize mutual information over all distributions

Calculating Capacity Easy to calculate bit flip probabilities after synchronization - Send 10, 000 bit sequence 20 times for each frequency tested Use Blahut-Arimoto - Maximize mutual information over all distributions Experimental Setup - Intel Quad-Core i 7 2600 3. 4 GHz - Ubuntu 12. 04 LTS - QEMU with KVM extensions - PAPI Performance Counter Library

Channel Capacities Logarithmic scale

Channel Capacities Logarithmic scale Previous Best

Channel Capacities Logarithmic scale 1 Kbps Previous Best

Channel Capacities Logarithmic scale 1 Kbps Previous Best 624 Kbps

Channel Capacities

Channel Capacities - 41. 7% average decrease

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec “Bucket” Model - All channels rely on contention - Reads are destructive Intelligent Attacker Detection - Implies perfect detection in noiseless setting - Model detection as a game: Detector wins

Bucket Model Alice Bob

Bucket Model Alice Primitives Write your colored water to the bucket - Displaces previous water Bob

Bucket Model Yes Alice Bob Primitives Write your colored water to the bucket - Displaces previous water Check if your water is still in the bucket - Does not displace water - Does not reveal identity of other’s water × No

Send 0 Alice Bob

Send 0 Alice writes her water Bob

Send 0 Alice writes her water Bob does nothing Bob

Send 0 Yes Alice Bob Alice writes her water Bob does nothing Alice checks to find her water remains in the bucket

Send 1 Alice writes her water Bob

Send 1 Alice writes her water Bob writes his water Bob

Send 1 × No Alice writes her water Bob writes his water Alice checks to find her water is gone Bob

Intercept 1 Alice Bob Eve

Intercept 1 Alice writes her water Bob Eve

Intercept 1 Alice writes her water Eve writes her water Bob Eve

Intercept 1 Alice writes her water Eve writes her water Bob writes his water Bob Eve

Intercept 1 Alice Bob × No Eve Alice writes her water Eve writes her water Bob writes his water Eve checks and intercepts 1

Intercept 1 × No Alice Bob Eve Alice writes her water Eve writes her water Bob writes his water Eve checks and intercepts 1 Alice checks and reads 1

Intercept 0 Alice writes her water Bob Eve

Intercept 0 Alice writes her water Eve writes her water Bob Eve

Intercept 0 Alice writes her water Eve writes her water Bob does nothing Bob Eve

Intercept 0 Alice Bob Yes Eve Alice writes her water Eve writes her water Bob does nothing Eve checks and intercepts the 0

Intercept 0 × No Alice Bob Eve Alice writes her water Eve writes her water Bob does nothing Eve checks and intercepts the 0 Alice checks and incorrectly reads 1

Intercept 0 × No Alice Bob Eve Alice writes her water Eve writes her water Bob does nothing Eve checks and intercepts the 0 Alice checks and incorrectly reads 1 Reads are destructive!

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bits/sec to 600 Kilobits/sec “Bucket” Model - All channels rely on contention - Reads are destructive Intelligent Attacker Detection - Implies perfect detection in noiseless setting - Model detection as a game: Detector wins

Detection Game Our Detector vs an attacker (Eve)

Detection Game Our Detector vs an attacker (Eve) Three scenarios 1) Baseline Detector vs Baseline Eve 2) Baseline Detector vs Intelligent Eve 3) Intelligent Detector vs Intelligent Eve

Detection Game Our Detector vs an attacker (Eve) Three scenarios 1) Baseline Detector vs Baseline Eve 2) Baseline Detector vs Intelligent Eve 3) Intelligent Detector vs Intelligent Eve Using load instruction bandwidth Apache httpd as victim

Detecting Adversaries Take a baseline reading of the channel

Detecting Adversaries Take a baseline reading of the channel Compare to when attacker is executing Easily Separable

Intelligent Adversaries Intelligent adversaries will hide within the system noise

Intelligent Adversaries Intelligent adversaries will hide within the system noise - Eve MUST sleep! Even busy waiting is seen on the load instruction channel

Intelligent Adversaries Eve wants to spy on Apache Httpd

Intelligent Adversaries Eve wants to spy on Apache Intelligent adversaries will detect Detector - Detector is distinguishable from victim program Httpd Detector at 50 Kbps

Detecting Intelligent Adversaries Detector can mimic benign program with machine learning Httpd

Detecting Intelligent Adversaries Detector can mimic benign program with machine learning - Indistinguishable from victim program Httpd Detector

Future Work Test overhead on large scale deployment Improved mimicry of benign programs - STM: Cloning the spatial and temporal memory access behavior [HPCA `14] - Syn. Full: synthetic traffic models capturing cache coherent behaviour [ISCA `14] Explore multiple channels for detection

Channel Capacity - Use information theory to analyze channels - Sy. Fi: Synchronize First - Increased capacities from 100 bps to 600 Kbps “Bucket” Model - All channels rely on contention - Reads are destructive Intelligent Attacker Detection - Implies perfect detection in noiseless setting - Model detection as a game: Detector wins

Thank you! Questions?