The objective of this paper is to give a comprehensive introduction to applied cryptography with an engineer or computer scientist in mind. The emphasis is on the knowledge needed to create practical systems which supports integrity, confidentiality, or authenticity. Topics covered includes an introduction to the concepts in cryptography, attacks against cryptographic systems, key use and handling, random bit generation, encryption modes, and message authentication codes. Recommendations on algorithms and further reading is given in the end of the paper. This paper should make the reader able to build, understand and evaluate system descriptions and designs based on the cryptographic components described in the paper.

[서평]「Applied Cryptography」

We introduce Minos, a microarchitecture that implements Biba's low-water-mark integrity policy on individual words of data. Minos stops attacks that corrupt control data to hijack program control flow but is orthogonal to the memory model. Control data is any data which is loaded into the program counter on control flow transfer, or any data used to calculate such data. The key is that Minos tracks the integrity of all data, but protects control flow by checking this integrity when a program uses the data for control transfer. Existing policies, in contrast, need to differentiate between control and non-control data a priori, a task made impossible by coercions between pointers and other data types such as integers in the C language. Our implementation of Minos for Red Hat Linux 6.2 on a Pentium-based emulator is a stable, usable Linux system on the network on which we are currently running a web server. Our emulated Minos systems running Linux and Windows have stopped several actual attacks. We present a microarchitectural implementation of Minos that achieves negligible impact on cycle time with a small investment in die area, and minor changes to the Linux kernel to handle the tag bits and perform virtual memory swapping.

/pdf/minos-control-data-attack-prevention-orthogonal-to-memory-4xhty1cqin.pdf

Minos: Control Data Attack Prevention Orthogonal to Memory Model

In cryptography it is assumed that adversaries only have black box access to the secret keys of honest parties. In real life, however, the black box approach is not sufficient because attackers have access to many physical means that enable them to derive information on the secret keys. In order to limit the attacker’s ability to read out secret information, the concept of Algorithmic Tamper Proof (ATP) security is needed as put forth by Gennaro, Lysyanskaya, Malkin, Micali and Rabin. An essential component to achieve ATP security is read-proof hardware. In this paper, we develop an implementation of read-proof hardware that is resistant against invasive attacks. The construction is based on a hardware and a cryptographic part. The hardware consists of a protective coating that contains a lot of randomness. By performing measurements on the coating a fingerprint is derived. The cryptographic part consists of a Fuzzy Extractor that turns this fingerprint into a secure key. Hence no key is present in the non-volatile memory of the device. It is only constructed at the time when needed, and deleted afterwards. A practical implementation of the hardware and the cryptographic part is given. Finally, experimental evidence is given that an invasive attack on an IC equipped with this coating, reveals only a small amount of information on the key.

/pdf/read-proof-hardware-from-protective-coatings-4ilzcihorq.pdf

Read-proof hardware from protective coatings

Secure processors enable new applications by ensuring private and authentic program execution even in the face of physical attack. In this paper we present the AEGIS secure processor architecture, and evaluate its RTL implementation on FPGAs. By using Physical Random Functions, we propose a new way of reliably protecting and sharing secrets that is more secure than existing solutions based on non-volatile memory. Our architecture gives applications the flexibility of trusting and protecting only a portion of a given process, unlike prior proposals which require a process to be protected in entirety. We also put forward a specific model of how secure applications can be programmed in a high-level language and compiled to run on our system. Finally, we evaluate a fully functional FPGA implementation of our processor, assess the implementation tradeoffs, compare performance, and demonstrate the benefits of partially protecting a program.

/pdf/design-and-implementation-of-the-aegis-single-chip-secure-gh3mbsllv5.pdf

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions

Protection from hardware attacks such as snoopers and mod chips has been receiving increasing attention in computer architecture. This paper presents a new combined memory encryption/authentication scheme. Our new split counters for counter-mode encryption simultaneously eliminate counter overflow problems and reduce per-block counter size, and we also dramatically improve authentication performance and security by using the Galois/Counter Mode of operation (GCM), which leverages counter-mode encryption to reduce authentication latency and overlap it with memory accesses. Our results indicate that the split-counter scheme has a negligible overhead even with a small (32KB) counter cache and using only eight counter bits per data block. The combined encryption/authentication scheme has an IPC overhead of 5% on average across SPEC CPU 2000 benchmarks, which is a significant improvement over the 20% overhead of existing encryption/authentication schemes.

/pdf/improving-cost-performance-and-security-of-memory-encryption-4rh0wpoeqq.pdf

Improving Cost, Performance, and Security of Memory Encryption and Authentication

Due to the widespread software piracy and virus attacks, significant efforts have been made to improve security for computer systems. For stand-alone computers, a key observation is that other than the processor, any component is vulnerable to security attacks. Recently, an execution only memory (XOM) architecture has been proposed to support copy and tamper resistant software by D. Lie et al. (2000), D. Lie et al. (2003) and T. Gilmont et al. (1999). In this design, the program and data are stored in encrypted format outside the CPU boundary. The decryption is carried after they are fetched from memory, and before they are used by the CPU. As a result, the lengthened critical path causes a serious performance degradation. In this paper, we present an innovative technique in which the cryptography computation is shifted off from the memory access critical path. We propose to use a different encryption scheme, namely "one-time pad" encryption, to produce the instructions and data ciphertext. With some additional on-chip storage, cryptography computations are carried in parallel with memory accesses, minimizing performance penalty. We performed experiments to study the trade-off between storage size and performance penalty. Our technique improves the execution speed of the XOM architecture by 34% at maximum.

/pdf/fast-secure-processor-for-inhibiting-software-piracy-and-20lekyevo1.pdf

Fast secure processor for inhibiting software piracy and tampering

Due to the widespread software piracy and virus attacks, significant efforts have been made to improve security for computer systems. For stand-alone computers, a key observation is that, other than the processor, any component is vulnerable to security attacks. Recently, an execution only memory (XOM) architecture has been proposed to support copy and tamper resistant software. In this design, the program and data are stored in an encrypted format outside the CPU boundary. The decryption is carried out after they are fetched from memory and before they are used by the CPU. As a result, the lengthened critical path causes a serious performance degradation. We present an innovative technique in which the cryptography computation is shifted off from the memory access critical path. We propose using a different encryption scheme, namely, "pseudo-one-time pad" encryption, to produce the instructions and data ciphertext. With some additional on-chip storage, cryptography computations are carried in parallel with memory accesses, minimizing the performance penalty. We performed experiments to study the trade-off between storage size and performance penalty. Our technique reduces the performance overhead from 20.79 percent to 1.28 percent on average for reasonably sized (64 KB) on-chip storage.

/pdf/improving-memory-encryption-performance-in-secure-processors-45t60qkag6.pdf

Improving memory encryption performance in secure processors

With the increasing concern of the security on high performance multiprocessor enterprise servers, more and more effort is being invested into defending against various kinds of attacks. This paper proposes a security enhancement model called SENSS, that allows programs to run securely on a symmetric shared memory multiprocessor (SMP) environment. In SENSS, a program, including both code and data, is stored in the shared memory in encrypted form but is decrypted once it is fetched into any of the processors. In contrast to the traditional uniprocessor XOM model (Lie et al., 2000), the main challenge in developing SENSS lies in the necessity for guarding the clear text communication between processors in a multiprocessor environment. In this paper we propose an inexpensive solution that can effectively protect the shared bus communication. The proposed schemes include both encryption and authentication for bus transactions. We develop a scheme that utilizes the cipher block chaining mode of the advanced encryption standard (CBC-AES) to achieve ultra low latency for the shared bus encryption and decryption. In addition, CBC-AES can generate integrity checking code for the bus communication over time, achieving bus authentication. Further, we develop techniques to ensure the cryptographic computation throughput meets the high bandwidth of gigabyte buses. We performed full system simulation using Simics to measure the overhead of the security features on a SMP system with a snooping write invalidate cache coherence protocol. Overall, only a slight performance degradation of 2.03% on average was observed when the security is provided at the highest level.

/pdf/senss-security-enhancement-to-symmetric-shared-memory-3mn8us6iy6.pdf

SENSS: security enhancement to symmetric shared memory multiprocessors

The address sequence on the processor-memory bus can reveal abundant information about the control flow of a program. This can lead to critical information leakage such as encryption keys or proprietary algorithms. Addresses can be observed by attaching a hardware device on the bus that passively monitors the bus transaction. Such side-channel attacks should be given rising attention especially in a distributed computing environment, where remote servers running sensitive programs are not within the physical control of the client. Two previously proposed hardware techniques tackled this problem through randomizing address patterns on the bus. One proposal permutes a set of contiguous memory blocks under certain conditions, while the other approach randomly swaps two blocks when necessary. In this paper, we present an anatomy of these attempts and show that they impose great pressure on both the memory and the disk. This leaves them less scalable in high-performance systems where the bandwidth of the bus and memory are critical resources. We propose a lightweight solution to alleviating the pressure without compromising the security strength. The results show that our technique can reduce the memory traffic by a factor of 10 compared with the prior scheme, while keeping almost the same page fault rate as a baseline system with no security protection.

/pdf/a-low-cost-memory-remapping-scheme-for-address-bus-34o5a8rg3w.pdf

A low-cost memory remapping scheme for address bus protection

Recently proposed trusted processor model is a promising model for building secure applications. While effective designs have been proposed for protecting data confidentiality and data integrity in such environments, an important security criterion -- user privacy is usually neglected in current designs. Due to the increasing concern of privacy protection in the Internet era, such deficiency can hinder the adoption of the new model.In this paper, we identify the threat model to user privacy and propose a new scheme for user privacy protection. In addition to providing the same ability in protecting data confidentiality and data integrity, the new scheme effectively protects user privacy and only introduces very low overhead.

/pdf/architectural-support-for-protecting-user-privacy-on-trusted-1z98va50fo.pdf

Lan Gao

Papers

Fast secure processor for inhibiting software piracy and tampering

Improving memory encryption performance in secure processors

SENSS: security enhancement to symmetric shared memory multiprocessors

A low-cost memory remapping scheme for address bus protection

Architectural support for protecting user privacy on trusted processors