Meeting Cybersecurity Challenges through Innovative Computer System Design. Srini Devadas MIT

(1)

Meeting Cybersecurity Challenges

through Innovative Computer System

Design

(2)

Attackers routinely compromise

computer systems

(3)

Attackers routinely compromise

computer systems

(4)

Attackers routinely compromise

computer systems

(5)

Attackers routinely compromise

computer systems

(6)

Attackers routinely compromise

computer systems

(7)

How to protect ourselves?

No easy answer!

This talk:

Focus on encrypted computation

We either keep our data on trusted computers or

ask untrusted software to compute on our

encrypted data to produce encrypted results that

only we can decrypt

(8)

Outline

A Classic Encryption Puzzle

Fully Homomorphic Encryption

Querying an Encrypted Database

Hardware to the Rescue

(9)

Secure Communication Through

Encryption

Alice can encrypt her message using a secret key K

If Bob knows K, Mal does not know K and the encryption algorithm is hard to break, communication is secure

Bob Mal

(10)

How Is the Key Exchanged?

How do Alice and Bob exchange a secret key?

Alice could whisper the key in Bob’s ear when no one is eavesdropping

Alice could write Bob a letter with a message that serves as the key, but it might be intercepted.

Alice could hide her key in the message somehow

− Bob needs to be able to discover the key

(11)

A Pirate Puzzle

Pirates will take away all keys and use them. Pirates will not be able to open a locked box for which they don’t have a key.

(12)

(13)

Classical Diffie-Hellman Key Exchange

Locks were commutative not nested: Alice put her lock on, Bob put his, and then Alice removed hers

Bob Chooses secret y Computes (gx₎y_{mod N} Alice Chooses secret x Computes (gy₎x_{mod N} gx _{mod N} gy _{mod N}

(14)

Do We Trust the Cloud?

I want to delegate storage and processing of my

data, without giving away access to it.

(15)

Application: Secure Cloud Storage

Storing my files on the cloud

• Encrypt them to protect my information

• Later, I want to retrieve the files containing “cloud” within 5

words of “computing”.

• Cloud should return only these (encrypted) files, without

knowing the key

I want to delegate storage and processing of

my data, without giving away access to it.

(16)

Application: Secure Cloud Computing

Separating processing from access via encryption:

• I will encrypt my data before sending it to the cloud

• They will apply their processing on the encrypted data,

send me back the processed (still encrypted) result • I will decrypt the result and get my answer

I want to delegate processing of my data,

without giving away access to it.

(17)

How do you trust the cloud to do computation on your private data … while keeping your data private?

Users, limited resources Untrusted servers, public programs, many resources Hidden requests:

1.) Do I have E_k(lyme) disease? I’ve been E_k(coughing)? 2.) Compute taxes I owe given my E_k(W2) forms.

Hidden responses:

1.) E_k(Yes, you have lyme disease)

2.) E_k($984.00)

Server cannot learn anything

about encrypted data.

E_k(A) = encryption of A

(18)

An Analogy: Alice’s Jewelry Store

Courtesy: C. Gentry

Alice’s workers need to assemble raw materials into jewelry But Alice is worried about theft

How can the workers process the raw materials without having access to them?

(19)

An Analogy: Alice’s Jewelry Store

Courtesy: C. Gentry

Alice puts materials in locked glove box

• For which only she has the key

Workers assemble jewelry in the box Alice unlocks box to get “results”

(20)

The Analogy

Encrypt: putting things inside the box

• Alice does this using her key

• c_i ß Enc(m_i)

Decrypt: Taking things out of the box

• Only Alice can do it, requires the key

• m* ß Dec(c*)

Process: Assembling the jewelry

• Anyone can do it, computing on ciphertext

• c* ß Process(c₁,…,c_n)

(21)

A homomorphic symmetric encryption

M. van Dijk et al

Shared secret key: odd number p

To encrypt a bit m:

• Choose at random small r, large q

• Output c = m + 2r + pq

• Ciphertext is close to a multiple of p

• m = LSB of distance to nearest multiple of p

To decrypt c:

• Output m = (c mod p) mod 2

• m = c – p • [c/p] mod 2 = c – [c/p] mod 2 = LSB(c) XOR LSB([c/p]) Noise much smaller than p The “noise”

(22)

Why is this homomorphic?

Homomorphic means that if you sum (multiply) two

encrypted numbers and decrypt the sum

(product) you get the addition (multiplication) of

the two original numbers

This scheme is homomorphic because:

• If you add or multiply two near-multiples

of p, you get another near multiple of p…

(23)

Evaluating Polynomials

c₁=m₁+2r₁+q₁p, …, c_t=m_t+2r_t+q_tp

Let f be a multivariate Boolean function where AND is treated as x and OR is treated as +

Let C = f(c₁, …, c_t)

• f(c₁, …, c_t) = f(m₁+2r₁, …, m_t+2r_t) + Qp

= f(m₁, …, m_t) + 2r + Qp • Then (C mod p) mod 2 = f(m₁, …, m_t) mod 2

Assume this noise is much smaller than p

We have accomplished encrypted

computation!

(24)

Encrypted computation can thus be achieved using Fully Homomorphic Encryption (FHE) without trusting anything on the server side

• Server does not need to store a secret key

Unfortunately, FHE overheads are about 108_{to 10}9_for

straight-line code and overheads grow if there is complex control in the program

Only usable for simple computations

What About Specialized Tasks?

(25)

Application DB Server SQL User 1 User 2 User 3

} 

Confidential data leaks from databases (DB)

}  2012: hackers extracted 6.5 million hashed passwords

from the DB of LinkedIn

System administrator

Threat: passive DB server attacks

Hackers

}  Process SQL queries on encrypted data

(26)

salary 60 100 800 100 100 = query ? index 60 Unencrypted databases fast insecure FHE [Gentry’09], [GHS’12],.. … 100 800 salary xa32601 x8199f3 x62d03b xcef3f7 … circuit C output slow strong security CryptDB fast high degree of security query input x24ab1c

Spectrum

Courtesy: Raluca Popa

(27)

DB Server

transformed query

Proxy

plain query

Ø  Stores schema, master key

Ø  No data storage

Ø  No query execution

Under passive attack

Application

decrypted results encrypted results

Trusted Ø  Process queries completely at the DBMS, on encrypted database Encrypted DB

System Setup

(28)

col1/rank col2/name table1/emp SELECT * FROM emp

WHERE salary = 100

x934bc1 x5a8c34

x5a8c34 x84a21c

SELECT * FROM table1 WHERE col3 = x5a8c34 Proxy ? x5a8c34 x5a8c34 ? x5a8c34 x5a8c34 x4be219 x95c623 x2ea887 x17cea7 col3/salary Application 60 100 800 100

Randomized

encryption

Deterministic

encryption

Simple Example - 1

(29)

col1/rank col2/name table1 (emp) x934bc1 x5a8c34 x5a8c34 x84a21c x638e54 x638e54 x922eb4 x1eab81

SELECT * FROM table1 WHERE col3 ≥ x638e54

Proxy x638e54 x922eb4 x638e54 col3/salary Application 60 100 800 100

Deterministic

encryption

SELECT * FROM emp WHERE salary ≥ 100

OPE (order)

encryption

(30)

e.g., =, !=, IN, COUNT, GROUP BY, DISTINCT Scheme RND HOM DET SEARCH JOIN OPE Function none + equality join word search order Construction AES in CBC AES in CMC Paillier Popa ‘12 Song et al.,‘00 BCLO’09 + Popa ‘12 e.g., >, <, ORDER BY, SORT, MAX, MIN, GREATEST restricted ILIKE Highest Security e.g., sum

Encryption Schemes

(31)

Ø

 

Encryption schemes needed depend on queries

Ø

 

May not know queries ahead of time

Leaks order! rank ALL? col1-RND col1-HOM col1-SEARCH col1-DET col1-JOIN col1-OPE ‘CEO’ ‘worker’

(32)

int value HOM Onion Add value JOIN DET RND Onion Equality Onion Search

Ø  Same key for all items in a column for same onion layer

Ø  Start out the database with the most secure encryption

scheme OR each value value OPE-JOIN OPE RND Onion Order text value SEARCH

Onions of Encryptions

(33)

Ø 

Strip off layers of the onions

Ø 

Proxy gives keys to server using a SQL UDF

(“user-defined function”)

Ø 

Proxy remembers onion layer for columns

Ø 

Do not put back onion layer

(34)

SELECT * FROM emp WHERE

rank = ‘CEO’;

emp:

rank name salary ‘CEO’ ‘worker’ ‘CEO’ JOIN DET RND Onion Equality col1-OnionEq col1-OnionOrder col1-OnionSearch col2-OnionEq table 1:

…

RND RND SEARCH RND SEARCH RND RND RND

Example

(35)

UPDATE table1 SET col1-OnionEq =

Decrypt_RND(key, col1-OnionEq);

‘CEO’

JOIN DET RND

SELECT * FROM table1 WHERE col1-OnionEq = xda5c0407; DET

Onion Equality

RND RND

SELECT * FROM emp WHERE

rank = ‘CEO’;

DET DET col1-OnionEq col1-OnionOrder col1-OnionSearch col2-OnionEq table 1

…

RND RND SEARCH RND SEARCH RND

Example – contd.

(36)

Ø 

More complex operators, e.g., trigonometry

Ø 

Operations that require combining

encryption schemes

Ø 

e.g., T1.a + T1.b > T2.c

Extensions:

split queries, precompute

columns, use FHE or other encryption

schemes

(37)

Hardware to the Rescue: Secure Processors

What is a secure processor?

• Tamper-resistant chip: server cannot look inside

• Server can monitor chip pins (I/O, power)

• Server knows chip architecture

Secure processors (e.g., Aegis, smartcard,

TPM) assume

trusted programs

.

Processor chip

Tamper-‐resistant

I/O to external memory Power

(38)

Security Model & Protocol

2-interactive protocol for a secure processor:

TCB is just the processor chip. No software is trusted.

We only want to leak |Encrypt(x)| and “Time budget T”

Problem: Server specifies P è server can learn about x by applying different P and monitoring the secure processor

User Secure

Processor

2 Encrypt(x), Time budget T (1 interaction)

1 _{(several interactions)}Key sharing

Initialize secure processor

3

Trusted Computing Base

Perform computation 4 _O(|_T_{|) interactions} 5 Untrusted Server Program P, Public inputs y,

external RAM

(39)

“Normal” Secure Processor Untrusted Server External RAM Ek(Inputs), Curious() (1) What is the chip’s pin traffic?

(2) How long until the program completes?

Ek(results) Curious():

while (Memory[0] & 0x1) { send requests to memory }

return;

(2) Program does not enter loop: E_k(result) appears –or– chip powers down

(1) Program enters loop: causes pin traffic

knows k

Encrypted input from client

(40)

“Tamper proof”:

The server cannot look

inside the processor

The server can monitor what happens outside

The “time budget” partially solves problem (2)

How can we obfuscate pin behavior? Secure Processor Trusted Computing Base Untrusted Server External RAM Inputs, Curious() (1) What is the chip’s pin traffic?

(2) How long until the program completes?

Curious():

while (x[0] & 0x1) {

send requests to memory }

return;

(2) Completion point (1) Accessing memory causes pin traffic

(41)

Key idea: Instruction obfuscation in hardware

Given program P, time budget T, and any two inputs M and M*:

Make running P(M) for time T indistinguishable from running P(M*) for T from the perspective of chip pins

•  Pin traffic

–  Need to hide what memory addresses were accessed – Oblivious RAM (ORAM)

–  Need to hide whether memory was accessed at a

particular time – access ORAM periodically

–  Run program P for specified time T regardless of termination

(42)

Key idea: Instruction obfuscation in hardware

Given program P, time budget T, and any two inputs M and M*:

Make running P(M) for time T indistinguishable from running P(M*) for T from the perspective of chip pins

•  Power at pins

–  All internal modules (e.g., functional units, caches,

encryption) exercised periodically independent of instructions or data

–  External RAM accessed periodically for on-chip misses

–  Assume that internal modules have been designed for

data-independent power draw using logic design

techniques

(43)

• Instruction obfuscation in hardware

• Given program P, time budget T, and any two inputs M and

M*:

•  Make running P(M) for time T indistinguishable from

running P(M*) for T from the perspective of the chip pins

Decode Register

File

Exe 1 Exe 2 Exe N Load/ Store mux Encrypted Instruction Memory (MB) Encrypted Data Memory (GB) PC Ascend Chip M, P, T Encrypted results

(after T time has passed)

On each instruction fetch:

1.) Scan ENTIRE instruction memory to perform read 2.) Activate all circuits on chip

3.) Scan+re-encrypt ENTIRE data memory to perform read/write

Repeat this T times. (T is known to the server)

All circuits in Ascend must have data-independent power draws

Scan

(44)

On each instruction fetch

1) Read instruction memory 2) Fire all execution units (with real/dummy work) 3) Read/write data memory

(with real/dummy work)

Repeat this T times. (T is known to the server)

Decode Register

File

Exe 1 Exe 2 Exe N Load/ Store mux Instruction Memory (MB) Data Memory (GB) PC

Fire all execution units!

Ascend Chip

Encrypted program inputs Server-‐specified program Time budget T

Encrypted results

Assumption: it is possible to make dummy work look like real work

(45)

Why This Won’t Work As Is

1.  Problem: We can’t store a program’s memory inside of a chip 2.  Problem: Activating all circuits in the chip / instruction is a large

overhead (e.g., DRAM latency for every instruction)

Decode Register

File

Exe 1 Exe 2 Exe N Load/ Store mux Instruction Memory (MB) Data Memory (GB) PC

(46)

Implementing Ascend

Incredibly inefficient.

1.  Scanning all of memory is as bad as FHE’s data ambiguity

2.  Activating all circuits in the chip for each instruction is very energy-inefficient

Decode Register

File

Exe 1 Exe 2 Exe N Load/ Store mux Encrypted Instruction Memory (MB) Encrypted Data Memory (GB) PC Ascend Chip M, P, T Encrypted results

Scan

(47)

Adding support for “Path-ORAM” in Ascend

Each (leaf L, addr, data) 3-tuple is encrypted; lives on path from root to X

To access a block with program address A

1. Lookup position map determine that A à leaf X

2. Read path to leaf X into the ORAM interface’s local $

3. Write back as many blocks in local $ (re-)mapped to the path with leaf X as possible

Decode Register

File

Exe 1 Exe 2 Exe N Load/ Store mux

Memory

(16 GB)

PC

Ascend Chip ORAM interface Local $ (27 KB) AES Position map (416 MB) Path to leaf X Level L = 3 Level 2 Level 1 Level 0

Leaf 1 Leaf X = 5 Leaf 2 = 8L

4 blocks per bucket 128 Bytes Bucket data tag a X Total Bytes per path = (L + 1) * 4 * (128+32)

= 16.9 KB (for a 16 GB ORAM)

Trusted Untrusted (under server’s control)

(48)

Reducing On-Chip ORAM Storage

Problem: 416 MB position map is too big to store in Ascend

Solution: store the position map in another ORAM

At the end of the day…

•  Dedicate hardware storage: 209.4 KB

•  Data moved per access: ~86 KB à 5880 cycle delay (54X

overhead)

Decode Register

File

Memory PC

Ascend Chip

ORAM Interface

Position map for ORAM 3

(~136.5 KB) D ec ry pt En cry pt key Local Cache 1 (~27.1 KB) Local Cache 2 (~24.3 KB) Local Cache 3 (~21.5 KB) ORAM 1 (16 GB) ORAM 2 (416 MB) ORAM 3 (8.5 MB) To access addr A:

1.) lookup position map(A)

yields leaf L₃ 2.) read/write ORAM₃(L₃) yields leaf L₂ 3.) read/write ORAM₂(L₂) yields leaf L₁ 4.) read/write ORAM₁(L₁)

yields (A, data)

(49)

Making Ascend efficient

Where we are:

Decode Register

File

Memory PC

Ascend Chip

ORAM Interface

Position map for ORAM 3

(136 KB) D ec ry pt En cry pt key Local Cache 1 (27 KB) Local Cache 2 (24 KB) Local Cache 3 (21 KB) ORAM 1 (16 GB) ORAM 2 (416 MB) ORAM 3 (8.5 MB)

On each instruction fetch

1.) Read instruction ORAM

2.) Fire all execution units (with real/dummy work)

3.) Read/write data ORAM

(with real/dummy work)

~ 5880 x 2 = ~ 11,760 cycles per instruction

Security level is independent of the rate that the

processor accesses memory as long as this rate

(50)

Exploiting common case behavior

Merge instruction ORAM and data ORAM Say “average application” has:

• 25% memory instructions

• 1% L1 I$ miss rate, 10% L1 D$ miss rate, 5% L2 $ miss

rate

Decode Register

File

Memory

PC

Ascend Chip ORAM Interface ORAM 1 (16 GB) ORAM 2 (416 MB) ORAM 3 (8.5 MB) L1 ICache L1 DCache L2 Cache Access 1 / instr Access 1 / 4 instrs

Access 1 / 100 L1I accesses

Access 1 / 10 L1D accesses

(51)

Security Observations

All external requests are periodic

Obfuscation of pin traffic is handled by ORAM

Overall power signature is periodic and data-independent

• Ascend guarantees periodic firing of execution units, cache

memories, control units and interfaces

• We assume that each of these units (e.g., AES, cache) has been

built using techniques to guarantee power draw that is data-independent

(52)

Performance Results

Slowdown relative to running programs “in the clear” (in the clear = no encryption/intervals/ORAM)

lower bound (not secure): w/o intervals, w/ ORAM latency of 5880 cycles rather than 108 cycle DRAM latency

ascend: w/ intervals+ORAM 1

6 11 16

bzip2 mcf gobmk sjeng hmmer libq h264 omnet astar perlb gcc Avg

Sl o w d o w n fa cto r X

(53)

Impossible to describe all the challenges associated with cybersecurity in a single talk

Focused on a “subfield” of encrypted computation

•  Cryptography-based techniques (FHE)

•  Protocols + cryptography (CryptDB)

•  Hardware mechanisms + cryptography (Ascend)

Meeting cybsercurity challenges will require interdisciplinary efforts in security protocols, cryptography and architecture

(54)