Usermode Secret Protection SP architecture Paper and slides
- Slides: 17
User-mode Secret Protection (SP) architecture Paper and slides from: Ruby Lee, Peter Kwan, Patrick Mc. Gregor, Jeffrey Dwoskin and Zhenghong Wang, “Architecture for Protecting Critical Secrets in Microprocessors”, IEEE/ACM International Symposium on Computer Architecture (ISCA), June 2005. Princeton Architecture Laboratory for Multimedia and Security (PALMS), Princeton University
One User, Many Documents/Keys, Multiple Devices 1
Attacks on Devices Reduced security perimeter: Physical probing From the box to the chip Processor chip On-chip cache Off-chip cache Disk Main memory Video Registers SW Access to hard disk Network Other I/O SWSecure Access I/O in supervisor mode SW Access in OS Interrupt Handler • Security vulnerabilities: – Software – Physical (device theft) 2
Past Work • Distributed software-based key management – Involves multiple servers • Secure coprocessors and crypto tokens (deployed) – Tamper-resistant crypto modules (IBM’s 4758) and smartcards • Trusted Computing Group (TPM recently available) – Industry: Microsoft NGSCB, Intel La. Grande. • Recent secure processor proposals (research) – XOM, AEGIS, VSCo. P • Our approach – Lower cost, high performance, no auxiliary hardware, no permanent secret and requires minimal trusted software 3
Secret Protected (SP) Architecture Security Goal: Keep user’s keys private to the user 1. New Trust Model – Most SW and HW untrusted 2. Trusted software module (TSM) – Securely perform operations using the keys 3. Encrypted keychain – Reduce the amount of secrets needing protection 4. Concealed execution mode (CEM) – Protect the execution environment of TSM 5. New processor features – – Very small additions to ISA Secure I/O – input of the user key. 4
New Trust Model TSM API Unprivileged Software Trusted Software Module Privileged Software User Secrets OS Kernel User Secrets Disjoint region of trust wrt CPU protection rings 6
1, 000’s keys are secured by protecting 1 Passphrase Hash() User Master Key K 1 K 3 K 2 K 4 K 5 7
HW Supporting the Key Chain L 1 instr. Cache Core L 1 data cache L 2 unified cache Encryption/ hashing engine External memory Secure I/O logic LEDs, buttons, keyboard New registers: CEM Status Flags (2) CEM Return Address (64) User Master Key (128) Device Master Key (128) CEM Interrupt Hash (128) 8
Secret Protected (SP) Architecture 1. New Trust Model – Orthogonal to protection rings 2. Hierarchical keychain – Reduce amount of secrets needing protection 3. Trusted software module (TSM) – Carry out operations using the keys 4. Concealed execution mode (CEM) –isolation – Protect TSM program integrity – Protect TSM data in main memory and caches – Protect registers on interrupts 5. New processor features – Very little addition to achieve the goal 9
Protect TSM program integrity TSM code Device Master Key Code address Keyed_hash() MAC 48 bytes Instructions 16 MAC Instructions MAC ……. 64 -byte cache line • Device Master Key • Provide keyed hash (Message Authentication Code) per cache line 10
Basic Approach for protecting TSM data Outside security perimeter: • data exists as ciphertext • Use Encryption and hashing Inside security perimeter: • data exists as plaintext • Use Tagging DRAM Off-chip cache Processor chip On-chip cache 11
Protection over the entire memory hierarchy Secure Instruction Tags Main Memory L 2 Unified Cache Secure Code 2 Code 3 L 1 Instr Cache Secure Code 1 Code 3 Secure Code 1 Secure Code Data 2 2 Decryption and hashing Secure Code 1 Secure Code 2 Code 3 Secure Data 2 L 1 Data Cache Data 3 Secure Data 2 Data 3 Data 1 = Y N Secure Data 2 Data 1 Data 3 Secure Code 2 Secure Data Tags • Cache line tagging – separating secure from nonsecure, and data from code. 12
HW Supporting memory protection L 1 instr. Cache Core Registers L 1 data cache L 2 unified cache Encryption/ hashing engine External memory Secure I/O logic LEDs, buttons, keyboard New registers: CEM Status Flags (2) CEM Return Address (64) User Master Key (128) Device Master Key (128) CEM Interrupt Hash (128) 13
Protecting register values during interrupts New registers: CEM Status Flags (2) R 0 R 1 R 2 . . . R 31 R 0 One R 1 Plaintext R 2. . . message. R 31 CEM Return Address (64) User Master Key (128) Encryption() Device Master Key (128) CEM Interrupt Hash (128) Ciphertext message. R 31 R 0 One. R 1 R 2 R 0 R 1 Hash() R 2 . . . R 31 • “In situ” registers encryption – no change required in OS interrupt handler • Store hash on-chip • Return address trigger 14
Architectural summary Secure I/O User Master Key protects Operates upon Trusted software module Code Memory Registers Execution environment on device protects Device initialization Device Master Key 15
Small additions to the processor L 1 instr. Cache New registers: Core CEM Status Flags (2) L 1 data cache Core CEM Return Address (64) User Master Key (128) Device Master Key (128) L 2 unified cache Encryption/ hashing engine External memory CEM Interrupt Hash (128) New registers: CEM Status Flags (2) CEM Return Address (64) L 1 instr. L 1 data User Master Key (128) cache Cache Device Master Key (128) L 2 unified cache Secure I/O logic LEDs, buttons, keyboard Secure I/O logic CEM Interrupt Hash (128) 5
Contributions and Conclusions • Minimalist SP-architecture protects critical secrets (keys) which then protect other sensitive data Core • Decouples users from devices L 2 unified cache more convenient and realistic usage model • No permanent secret defends against factory database compromise L 1 instr. L 1 data Cache cache • Master keys are symmetric keys faster and less storage • Security without compromising performance, cost, usability 16
- Usermode linux
- A small child slides down the four frictionless slides
- Energy conservation quick check
- Surge current protection
- Architecture runway slides
- English general paper paper 2 comprehension
- What is aice general paper
- Difference between copyright and patent
- Coraline inkagames
- Here comes charlie chapter 1
- Examples of little foxes that spoil the vine
- Lila and the secret of rain
- @gloss_3179:https://youtu.be/b2wispv4qts
- Yang the second and her secret admirers
- Secret service worthy of trust and confidence
- Call and return architecture
- Folding architecture
- Webmail kth