Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Department of Electrical & Computer Engineering
EC 500Hardware Security
Prof. Michel A. Kinsy
Introduction to cybersecurityCyber attacks examples
Department of Electrical & Computer Engineering
Course Topics § Classic and Modern encryption algorithms: AES, RSA, Hash,
MAC, digital signatures, etc. § Hardware Security Primitives: Physical unclonable functions,
Oblivious RAM, Circuit obfuscation, Hardware Trojans § Distributed Trustworthy Systems: Distributed Key
Management, Authentication, Confidentiality § Secure Computing: Secure Multiparty Computation,
Homomorphic Computation § Secure Architecture Design Concepts: Isolation, Obfuscation,
Attestation § Memory Integrity, Cache Side-Channel, Secure Boot, Trusted
OS § Software Guard Extensions (SGX) and Trusted Execution
Technology (TXT)
Department of Electrical & Computer Engineering
Course Learning Vehicle§ As a 500 Level course, it is primarily a reading,
presentation and project driven course § The class project is built around the RISC-V ISA§ We will try to build secure architecture features
targeting each or some of these course topics
Department of Electrical & Computer Engineering
Large-Scale System Security Breaches
§ The Emerging Mobile App “Wild West”• https://securityintelligence.com/how-to-protect-mobile-apps-
essentials/§ Apple has now removed over 300 pieces of software
from the App Store• http://www.wired.com/2015/09/apple-removes-300-infected-
apps-app-store/§ Security researcher obtained physical access to the
plane control system through the Seat Electronic Box• http://www.wired.com/2015/05/feds-say-banned-researcher-
commandeered-plane/§ Stuxnet computer worm is shown to work on Siemens
SIMATIC WinCC SCADA system• http://www.theguardian.com/world/2011/apr/17/iran-siemens-
stuxnet-cyberattack
Department of Electrical & Computer Engineering
Large-Scale System Security Breaches§ Home routers
§ Stealthy, destructive malware infects half a million routers https://www.wired.com/story/vpnfilter-router-malware-outbreak/
§ Services sector: databases and data centers§ Equifax breach of 145.5 million people's data§ Yahoo hack that affected 3 billion accounts§ Hospitals
§ https://www.zdnet.com/article/us-hospital-pays-55000-to-ransomware-operators/§ https://www.healthcareitnews.com/news/when-medical-devices-get-hacked-hospitals-
often-dont-know-it
§ Fitness and wellness § Under Armour
§ https://www.wired.com/story/under-armour-myfitnesspal-hack-password-hashing/
§ Internet of Things § World's largest DDoS attack launched from 152,000 hacked Smart
Deviceshttps://thehackernews.com/2016/09/ddos-attack-iot.html§ 230 crypto keys are actively being used by more than 4 Million IoT
devices§ https://thehackernews.com/2015/11/iot-device-crypto-keys.html
Department of Electrical & Computer Engineering
Large-Scale System Security Breaches§ Power grid systems: their control systems§ U.S. investigators find proof of cyberattack on
Ukraine power grid§ https://www.cnn.com/2016/02/03/politics/cyberattack-
ukraine-power-grid/index.html
Source: U.S. Department of Energy
Department of Electrical & Computer Engineering
Example: MicrogridsAn information-centric energy infrastructure: The Berkeley view
Source: http://www.energy-daily.com/images/smart-grid-electricity-schematic-bg.jpg.
Department of Electrical & Computer Engineering
Example: Cybersecurity of Microgrids
§ Computation requirements§ The control systems deal with continuous,
computational intensive dynamics, discrete events, and generic commands§ Low and high-performance processing units required
§ The correctness, stability, and efficiency in controlling these system are closely related to the data propagation delay in the control (low-latency, and hard real-time)§ Fast and predictable execution units are imperative
§ Security requirements
Department of Electrical & Computer Engineering
Example: Cybersecurity of Microgrids
§ Computation requirements§ Security requirements
§ Local control algorithms change over time, due to changes in the physical plant functions or capacity§ Programmable architectures are required
§ The system wide control is a network of independent or loosely coupled local controls§ Robust network security is needed
§ Firewalls, intrusion detection, deep packet sniffing, logging, unauthorized access monitoring, etc.
Department of Electrical & Computer Engineering
Social media and networks Mobile devices
Scientific instruments
Sensor technologyData storage has grown significantly, shifting markedly from analog to digital after 2000
SOURCE: Hilbert and López, “The world’s technological capacity to store, communicate, and compute information,” Science, 2011
Global installed, optimally compressed, storage
OverallExabytes
Detail%; exabytes
NOTE: Numbers may not sum due to rounding.
50
300
250
200
150
100
02007200019931986
6
75
979994
100% =
Analog
Digital
20072000
54 295
25
1993
163
1986
31
Evolving Nature of Applications
Department of Electrical & Computer Engineering
Computer System Components View
Digital Design
Circuit Design
Compiler
OperatingSystem
Applications
Firmware
Datapath & Control
Layout
I/O systemProcessor Memory organizationISA
Department of Electrical & Computer Engineering
Computer Architecture Domains§ The art of abstraction
Algorithm
Register-Transfer Level (RTL)
Application
Instruction Set Architecture (ISA)Operating System/Virtual Machine
Microarchitecture
Devices
Programming Language
Circuits
Physics
Original domain of
the computer architect
(‘50s-‘80s)
Domain of computer architecture (�90s)
Reliability, power
Parallel computing security, …
Department of Electrical & Computer Engineering
Computer Architecture Components
§ The processing elements or cores do the actual computations, i.e., data manipulations, operations
On-chip Interconnect
Memory Subsystem
Processing Cores
Department of Electrical & Computer Engineering
Computer Architecture Components
§ The memory hierarchy is responsible for the on-chip data storage, organization and access scheme
On-chip Interconnect
Memory Subsystem
Processing Cores
Department of Electrical & Computer Engineering
Computer Architecture Components
§ On-chip network handles data movements, e.g., cache lines and cache coherence messages, between processor cores and memory modules
On-chip Interconnect
Memory Subsystem
Processing Cores
Department of Electrical & Computer Engineering
Why Hardware Level Security? Defense becomes more and more complex, yet still outmatched by offense
Unified threatmanagement
Network flightrecorder
SnortMilky WayStalkerDEC seal
10,000,000
8,000,000
6,000,000
4,000,000
2,000,000
01985 1990 1995 2000 2005 2010
Line
s of
cod
e
Security software
Malware:125 lines of code*
Source: Defense Advanced Research Projects Agency (DARPA)
Brief to Defense Science Board (DSB) Task Force (May 2011).
Data through 2010.
Department of Electrical & Computer Engineering
Computing Systems Security§ Hardware Security
• Circuit Level§ Hardware obfuscation
• Digital Design§ IC watermarking
• Datapath & Control§ Self-repair and regeneration of
datapaths• Component Level
§ Hardware security primitives (PUF, ORAM, RNG,…)
• Architecture Level§ Secure computing architectures
• Secure heterogeneous system-on-chip (SoC) architectures
Hardware
OS
Applications
Network
Department of Electrical & Computer Engineering
Architecture Design Challenge§ Relatively easy to get two of three, harder to get
all three!
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Uniprocessor ASIC Superscalar
Department of Electrical & Computer Engineering
Architecture Design Challenge§ Relatively easy to get two of three, harder to get
all three!
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Uniprocessor ASIC Superscalar
Performance
Energy Efficiency
Programmability The general design objectives of the community have been:§ If only I could get all three! § Image the future of
computing!
Department of Electrical & Computer Engineering
Architecture Design Challenge§ Relatively easy to get two of three, harder to get
all three!
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Performance
Energy Efficiency
Programmability
Uniprocessor ASIC Superscalar
Performance
Energy Efficiency
ProgrammabilityWhat about security? § What about privacy-preserving computing? § What about the integrity of the execution? § On-chip data confidentiality?
§ Albert! You really know how to kill a party!!!
Department of Electrical & Computer Engineering
Computer Architecture Security§ The mainstream wake-up call § Meltdown and Spectre
§ Meltdown security vulnerability allows a local, unprivileged, userspace process to read data from any memory location mapped to the process, including kernel memory§ The key reason why this vulnerability is so terrifying
§ Spectre security vulnerability allows a local, unprivileged, userspace process to read data from memory locations assigned to other processes
Department of Electrical & Computer Engineering
Control Flow and Performance§ A basic block is a piece of code with no control flow
instruction, i.e., no branches or jumps§ Profiling results on a small set of common applications
using the Intel Pintool44
38
4230
5425 20
824
8081
4.65
4.69
4.62
4.66
4.59
C LEAR MKDIR LS UNTAR FIND
BASIC BLOCK DISTRIBUTIONNumber of BBLs Average Inst/BBLs
Department of Electrical & Computer Engineering
Reducing Control Flow Penalty § Modern processors may have > 10 pipeline
stages between next pc calculation and branch resolution!
FetchI-cache
Fetch Buffer
IssueBuffer
Func.Units
Arch.State
Execute
Decode
ResultBuffer
Commit
PC
Department of Electrical & Computer Engineering
Pentium 4: A Superscalar CISC Architecture3 4
TC Fetch5
Drive6
Alloc9
Que10Sch
12Sch
13Disp
14Disp
15RF
16RF
17Ex
18Flgs
19BrCk
20Drive
1 2TC Nxt IP
7 8Rename
11Sch
3.2 GB/s System
Interface
L2 Cache and Control
BTB
BTB & I-TLB
Decoder
Trace Cache
Rename/Alloc
µop Queues
Schedulers
Integer RFFP RFµCode
ROM
StoreAGULoad AGUALUALUALUALU
FP moveFP store
FmulFaddMMXSSE
L1 D-Cache and D
-TLB
Department of Electrical & Computer Engineering
Reducing Control Flow Penalty § Modern processors may have > 10
pipeline stages between next pc calculation and branch resolution!
§ Hardware solutions§ Find something else to do - delay
slots replaces pipeline bubbles with useful work (requires software cooperation)
§ Speculate - branch prediction speculative execution of instructions beyond the branch
FetchI-cache
Fetch Buffer
IssueBuffer
Func.Units
Arch.State
Execute
Decode
ResultBuffer
Commit
PC
Department of Electrical & Computer Engineering
Reducing Control Flow Penalty § Sequential execution of
instructions § Speculative non-sequential
execution of instructions i: instruction
i+1: instruction
i+2: instruction
i+3: instruction
i+4: instruction
j: instruction
j+k: instruction…
…
i: instruction
i+1: instruction
i+2: instruction
i+3: instruction
j: instruction
j+1: instruction
j+k: instruction
i+4: instruction
unprivileged Non-control flow instruction
unprivileged control flow instruction
unprivileged control flow resolution instruction
privileged instruction
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
ATP
ATP: Attack Transmission Process
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
ATP
ATP: Attack Transmission Process
ATP requests and sends out the secret
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
ATP
ATP: Attack Transmission Process
ATP requests and sends out the secret
SRP
SRP: Secret Receiving Process
Department of Electrical & Computer Engineering
Victim’s Domain
. . .
. . .Inputs Outputs
Data
Process
Secret
Attacker
Initiate attack
ATP
ATP: Attack Transmission Process
ATP requests and sends out the secret
SRP
SRP: Secret Receiving Process
A new attack channel may be created (e.g., side-channel)
Department of Electrical & Computer Engineering
Next Class§ Secure Design Examples