Each quarter, Red Hat Research Quarterly highlights new and ongoing research collaborations from around the world. This quarter we highlight collaborative projects from Graz University of Technology (Austria), Masaryk University (Czech Republic), and Karlstad University (Sweden)
PROJECT: Researching and mitigating the exposure of modern and efficient technology to side-channel attacks
ACADEMIC INVESTIGATORS: Prof. Daniel Gruss, Dr. Martin Schwarzl, Jonas Juffinger (Graz University of Technology)
Red Hat investigators: Wade Mealing, Andrea Arcangeli
Modern systems implement numerous optimizations related to data structure and content directly. This yields an increase in performance and efficiency. In this project, we investigate how modern and efficient technology introduces side-channel vulnerabilities and how to mitigate these vulnerabilities, with a focus on remote attack scenarios. Recent results include discovering a novel side channel on AMD processors, exploiting scheduler queue contention. The root cause is the design of the scheduler queue in AMD processors, which is optimized for a higher degree of parallelism with schedulers per execution unit. An attacker can exploit the contention on the scheduler queues to infer the contention level per execution unit and, thus, what other workloads on the system are doing (published at IEEE Symposium on Security and Privacy 2023).
We also collaborated with the University of Virginia and Cornell University to find side channels in modern persistent memory technology (published at USENIX Security 2023). At the overlap area between hardware and software, we developed a novel templating technique to localize side-channel leakage in software. Our technique, layered binary templating, can scan even large binaries in a reasonable time. We identified previously unknown leakage in Chrome and Chrome-based apps that enable leaking any keystroke performed in Chrome or Chrome-based apps with a hardware-based side channel such as Flush+Reload or a software-based side channel such as page cache attacks. The specific leakage has been patched, and the concrete attack is now mitigated. However, layered binary templating can still find new leakage in other software binaries (published at ESORICS 2023).
On the pure software level, following up on our earlier work on remote page deduplication attacks, we analyzed the exposure of compression algorithms to remote timing attacks. Our attacks specifically exploit timing differences in compression and decompression but do not exploit the compression ratio or other metrics previous works identified as security-critical. Our work sheds light on the necessity of shielding compression algorithms against side-channel attacks or avoiding compression of sensitive data altogether (published at IEEE S&P 2023).
Another outcome of this research was Martin Schwarzl’s successful, and excellent, defense of his PhD thesis. Martin will now move into industry, and his role in the project will transition to Jonas Juffinger, who has collaborated with Martin and will continue the research in this project, potentially with a higher focus on security and side channels caused by efficiency-related optimizations.
PROJECT: Side-channel attacks on embedded devices and smartcards
ACADEMIC INVESTIGATORS: Tomáš Jusko, Ján Jančár (Masaryk University)
Elliptic curve cryptography (ECC) is difficult to implement securely, especially regarding various side-channel attacks in which an attacker observes side channels such as power consumption or timing of an ECC implementation while it computes. These attacks often require the attacker to have precise knowledge of the implementation choices made by the target, which they might not have in practice. To better understand these attacks, we built an open source toolkit, pyecsca, for side-channel attacks on ECC, focusing on reverse-engineering ECC implementations. Pyecsca is available on GitHub.
There are two notable ongoing efforts on the toolkit. The first is adding support for CPU emulation to the toolkit, enabling it to produce simulated side-channel traces for target ECC implementations and allowing easier attack prototyping and implementation evaluation. The second is to implement selected trace processing algorithms using GPGPU methods (e.g., CUDA) to speed up lengthy trace processing when operating on very large datasets of traces.
PROJECT: Verifying constant-time cryptographic algorithm implementations
ACADEMIC INVESTIGATORS: Ján Jančár, Vashek Matyas (Masaryk University)
Timing attacks are among the most devastating side-channel attacks, allowing remote attackers to retrieve secret material, including cryptographic keys, with relative ease. In principle, avoiding these
attacks is not hard, as it means developing constant-time code or using tools to verify constant-timeness. Yet, these attacks still plague popular cryptographic libraries 25 years after their discovery, reflecting a dangerous gap between academic research and cryptographic engineering. To understand the causes of this gap, we surveyed 44 developers of 27 prominent open source cryptographic libraries. The survey aimed to analyze if and how the developers ensure that their code executes in constant time.
To follow up on the survey, we conducted a user study into the usability of constant-timeness verification tools to better understand where their usability issues lie. We are currently in the process of analyzing the results of this user study.
PROJECT: Building the next generation of programmable networking—powered by Linux
ACADEMIC INVESTIGATORS: Prof. Anna Brunstrom, Dr. Per Hurtig, Frey Alfredsson, and Simon Sundberg (Karlstad University)
Red Hat investigators: Toke Høiland-Jørgensen, Jesper Dangaard Brouer, and Simone Ferlin-Reiter
Developing continuous passive network monitoring using BPF is progressing well. A tool for inferring TCP (and ICMP) RTTs directly from application traffic named evolved Passive Ping (ePPing) has been developed, and an initial version is available at the XDP project repository on GitHub. Using BPF to monitor the packets directly in kernel space, ePPing avoids the packet capture overhead of similar solutions, such as Wireshark and PPing. The paper “Efficient continuous latency monitoring with eBPF” (presented at the Passive and Active Measurements Conference [PAM] 2023) evaluates ePPing and shows that it has much lower overhead than the PPing tool it was inspired by, allowing it to scale to high-speed network links.
Additional work on aggregating the numerous RTT measurements from ePPing in an efficient and informative way is ongoing. We are also looking to evaluate ePPing from an ISP vantage point. Feedback on the tool or suggestions for other use cases are welcome.