preventing cryptographic key leakage in cloud virtual machines · fearless engineering many ideas...
TRANSCRIPT
![Page 1: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/1.jpg)
UT DALLASUT DALLAS Erik Jonsson School of Engineering & Computer Science
FEARLESS engineering
Preventing Cryptographic Key Leakage in Cloud Virtual
Machines
Erman PattukMurat Kantarcioglu
Zhiqiang LinHuseyin Ulusoy
![Page 2: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/2.jpg)
FEARLESS engineering
Move to Cloud Computing
![Page 3: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/3.jpg)
FEARLESS engineering
Move to Cloud Computing
![Page 4: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/4.jpg)
FEARLESS engineering
Security Concerns
• To authenticate themselves to regular public– SSL/TLS protocols– Cryptographic keys
• Cloud service providers use Virtual Machine Monitors– To realize logical isolation
• A company’s VM(s) are located on the same physical machines as other companies– Potential threat!!!
![Page 5: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/5.jpg)
FEARLESS engineering
Side-channel Attacks
• Ristenpart et al. (2009) attacked a target cloud VM– Co-located his VMs with the defender’s– Executed cross-VM side-channel attack– Captured crude data (e.g., aggregate cache
usage)
• Zhang et al. (2010) used the same co-location technique– Extracted El-Gamal keys
• A wide-variety of side-channel attacks– May be applicable to cloud
![Page 6: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/6.jpg)
FEARLESS engineering
Many ideas to protect against side-channel attacks
• HomeAlone (Zhang et al., 2011)– Co-residency check to understand where a victim
VM is located– Aims physical isolation– May not be applicable to modern cloud infra
• HyperSafe (Wang et al., 2010)– Aims to preserve hypervisor integrity– We assume that is provided in cloud (e.g.,
Amazon)
• Randomization based prevention techniques– Karlof et al. (2003), hidden markov model based
attack to break down randomization
![Page 7: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/7.jpg)
FEARLESS engineering
Potential other attacks ??
• Side channels may not be the only type of attacks.
• Software bugs may be used to disclose keys as well. – Hearthbleed bug?
![Page 8: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/8.jpg)
FEARLESS engineering
Hermes – Key Idea
• Partition private keys into n shares– Threshold cryptography– Shamir secret sharing
• Create multiple VMs– Give one share to each VM– Collaborate to decrypt/sign with the private key
• Re-share the private key periodically– Some shares may be captured over time– Create new shares that are independent
![Page 9: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/9.jpg)
FEARLESS engineering
Background
• Hermes runs in two modes– Distributed-RSA (D-RSA): Additive secret sharing– Threshold-RSA (T-RSA): Shamir secret sharing
• Given an RSA key pair e,d for modulus n:• Additive secret sharing:
– d = d_1 + d_2 + … + d_L mod Φ(n)– Need all shares to exponentiate a message
• Shamir secret sharing (Shoup, 2000):– d is embedded into K-1 degree polynomial P– Each party id ε {1, ..., L} is given P(id)– Need K shares to exponentiate a message
![Page 10: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/10.jpg)
FEARLESS engineering
Hermes – SSL EnhancementC
lient
Server
(1) client_hello
(2a) server_hello
(2c) certificate_request
(2d) hello_done
(2b) server_key_exc
(3a) certificate
(3b) client_key_exc
Regular SSL
Clie
nt
VM
Com
b
(1) client_hello
(2a) server_hello
(2c) certificate_request
(2d) hello_done
(2b) server_key_exc
(3a) certificate
(3b) client_key_exc
(2aa) help_sign
(2ab) sign_partial_result
(3ba) help_decrypt
(3bb) dec_partial_result
VM
Aux
Enhanced SSL
![Page 11: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/11.jpg)
FEARLESS engineering
Hermes - Initialization
VM-1
VM-2
VM-L
Cloud Defender
…1
2
L
![Page 12: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/12.jpg)
FEARLESS engineering
Hermes – Client Connection
VM-1
VM-2
VM-L
CloudClient
![Page 13: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/13.jpg)
FEARLESS engineering
Hermes – Key Re-sharing
Cloud Defender
VM-1
VM-2
VM-L…1
2
L
![Page 14: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/14.jpg)
FEARLESS engineering
Experiment Setup
• Used Hermes in three applications:– Micro-benchmarking: Clients connect and die– Web-server: Clients retrieve a web page– Mail-server: Clients retrieve a mail box
• Initiated 10 VMs in Amazon EC2– 1 m1.xlarge with 4 virtual CPU as combiner VM– 9 m1.small with 1 virtual CPU as auxiliary VMs
• Clients:– Apache HTTP benchmarking tool and JMeter to connect– From an IBM x3500m3 server in our campus
• Implemented as a shared library in OpenSSL
![Page 15: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/15.jpg)
FEARLESS engineering
Micro -Benchmarking Fixed Parties L=10
• Overheads could be significant due to network connection• (2-6 times) slower
• Can be impacted by Amazon workloads
![Page 16: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/16.jpg)
FEARLESS engineering
Micro -Benchmarking Fixed Shares k=2
![Page 17: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/17.jpg)
FEARLESS engineering
Mail Server Results
100
1000
10000
1 2 3 4 5 6 7 8 9 10
Avg
. Lat
ency
(m
s)
Number of VMs (L)
1 Cli.10 Cli.
100 Cli.1000 Cli.
![Page 18: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/18.jpg)
FEARLESS engineering
Optimization: Key Idea
• Although keys are distributed, adversary may capture some keys
• Choosing parameters is critical:– L: Number of VMs– K: Number of shares needed– τ: Re-sharing frequency
• Choose optimal values based on 3 aspects:– Security: How likely the adv. will succeed?– Cost: How much is to purchase L VMs– Performance: What should be K
![Page 19: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/19.jpg)
FEARLESS engineering
Optimization: Security Aspect
• Probability of a successful attack on a VM– Exponentially distributed random variable– Θ: Mean time to succeed
• Probability to succeed in a re-sharing period
• Capturing k shares in a period
![Page 20: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/20.jpg)
FEARLESS engineering
Optimization: Other Aspects and Objective
• Cost increases linearly with number of VMs:– β: Unit cost of a VM
• Performance aspect depends on:– The particular application (e.g., Web or mail server)– Performance metric (e.g., latency)
• Objective:
![Page 21: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/21.jpg)
FEARLESS engineering
Optimization: Application to Micro-Benchmarking
• Applied optimization to Micro-Benchmarking– 100 clients– Performance metric is latency– 5 second re-sharing period
• Used experiment results up to L=10 VMs• Trained linear regression on latency results
– c_1 = -18, c_2 = 31, c_3 = 7
• Calculated optimal values for– Latency between 50-200 ms– Annual budget between $1820 - $14560 for L=[2,16]
![Page 22: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/22.jpg)
FEARLESS engineering
Optimization: Application to Micro-Benchmarking
![Page 23: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/23.jpg)
FEARLESS engineering
Summary
• Secret sharing can be used to protect public keys against cross VM attacks and more..
• Performance overhead can be very low for CPU bound applications
• Optimal parameters can be found using multi-objective optimization framework
![Page 24: Preventing Cryptographic Key Leakage in Cloud Virtual Machines · FEARLESS engineering Many ideas to protect against side-channel attacks • HomeAlone (Zhang et al., 2011) – Co-residency](https://reader033.vdocuments.us/reader033/viewer/2022042413/5f2d6c6680c7f828874fda52/html5/thumbnails/24.jpg)
FEARLESS engineering
Questions