Beruflich Dokumente
Kultur Dokumente
Weidong Shi Hsien-Hsin (Sean) Lee Chenghuai Lu Tao Zhang School of Electrical and Computer Engineering Georgia Institute of Technology
1
Content
Why Software Copy Protection So Hard Security In Silicon, the Future of Software Right
Protection? Issues of Enforcing Software Right In Hardware Memory Encryption, Security Should not Be Taken for Granted - Counter Mode Memory Encryption - Security of Selective Protection Conclusions
MOD Chip (PCB with micro-controller and Flash memory) BIOS hijack Low cost FPGA based bus snooping device
Consoles are much better protected than PCs designed with copy right protection in mind. 5
Security In Silicon
Processor Core
Unprotected RAM
Crypto Engine EncryptK(Software)
Private Key
Unprotected Storage Software Encrypted by a Symmetric Key, K. Key K encrypted by public key of processor. ASPLOS 02, ICS 03, Micro 03, SOSP 03
Programming Model. Test and Verification. Debug. Software Distribution. User Privacy
Counter Mode
Pros
Widely used, allow pad pre-computation. Proved to be secure by Bellare, etc (1997). If you break counter-mode, you break the underlying cipher.
Cons
Chosen ciphertext malleable. Flip bits in the ciphertext can induce flipped corresponding bits in the plaintext. Miss use of counter mode can jeopardize security. Timely, appropriate check on integrity is a MUST.
10
Counter Mode
Chosen ciphertext malleable
ciphertext
1 0 1 1 0 1 0 1 1
plaintext
0 1 0 1 0 0 1 1 0
Block Cipher
plaintext
1 0 1 1 0 0 1 1 1
11
12
13
0x9426814a
ciphertext
0x9426814a
plaintext
0x40c05411
Instruction
addq t5, 0x2, a1
Opcode 0x10
RA
Disp
RA RA RA RB RB
6-bit opcode, 64 possible opcodes. Flip bits of opcode ciphertext and trace program control.
14
RA
Disp
RA
Disp
Flip bits of opcode ciphertext based on guessed opcode. The target is opcode 0x30 (opcode of jmp)
ciphertext
1 0 0 1 0 1
guessed opcode
0 0 0 1 0 0
target opcode
1 1 0 0 0 0
RA
Disp
RA
Disp
15
RA
Disp
RA
Disp
Flip bits of opcode ciphertext based on guessed opcode. The target is opcode 0x30 (opcode of jmp)
ciphertext
1 0 0 1 0 1
guessed opcode
0 1 0 0 0 0
RA
Disp
RA
Disp
16
ciphertext
decrypted opcode
RA
Opcode 0x30
RA
Disp 0x5411
0x12001139c 0x9426814a
Decrypted instruction triggers fetch from a new address, which discloses 21 bits of plaintext.
17
predictable. predictable data/code, array of 0s, binary search code (constant starts from 2^16, if R2>2^16, try 2^24 next, At most 32 trials to compromise the secret)
R1 = a constant value; R2 = load some secret if (R1<R2) goto addr1 else goto addr2
Small enough to fit into one cache line. A cache line of uniform values widely exits.
18
20
Enter security
Taken from ASPLOS 2002, SOSP 2003. XOM Boundary between protected an un-protected domains set by individual load/store instructions.
21
// not protected data and code unsigned int array_dat[] = { ... }; ... //protected code,encrypted/authenticated enter_security ... // load array_dat and secure_save unsigned int x; for (i=0; i<sizeof(array_dat)/4; i++) { load array_dat[i] to x; secure_store x to array_dat[i]; ... } ... exit_security
Manipulate input or address used by secure load/store. Can generate arbitrary encrypted code or software patch with arbitrary code input.
22
// disclose results of computing to public struct node_t { unsigned int dat; ... node_t* pnext;} //protected code,encrypted/authenticated enter_security ... //process link-list //release results node_t* pnode = head of link_list; while (pnode) { secure_load pnode->dat to temp; save temp to un-encrypted memory; pnode = pnode->pnext; // regular load } exit_security
Secret
Data NULL
23
Conclusions
Hardware cryptography based copy protection
maybe a direction for future software right protection.
24
Counter Mode
cache line cache line cache line cache line cache line memory block memory block memory block memory block memory block memory block counter counter counter counter counter counter
Crypto Engine
Processor Core
Secure Processor