Research Highlights

 

Foreshadow: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution

Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.

In the press:

https://foreshadowattack.eu/

https://www.theregister.co.uk/2018/08/14/intel_l1_terminal_fault_bugs/

https://www.wired.com/story/foreshadow-intel-secure-enclave-vulnerability/

 

Breaking the Bluetooth Pairing: Fixed Coordinate Invalid Curve Attack

The Fixed Coordinate Invalid Curve Attack is a new attack, which could be applied to all current Bluetooth pairing protocols.The pairing protocol is the process of connection establishment in Bluetooth. This process supplies the ground for all of the security and privacy features provided by Bluetooth. Failing to secure this process compromises the entire Bluetooth session.

Our new attack provides a new technique for attacking the Bluetooth pairing protocol by manipulating specific messages, without being detected by the victim devices. Our attack relies on a newly discovered protocol design flaws.

Using our attack, one can exploit this vulnerability in order to reveal the encryption key of the victim devices and use it in order to decrypt and forge data without user awareness.

  • The Academic paper is here.
  • The technion’s press release is here (and here in Hebrew)
  • you can read more about it here

In the press:
In Hebrew:
Ynet
Israel Hayom

 

 

Security vulnerability in Microsoft Cortana (2018)
Undergraduate Technion CS Students identified a security vulnerability in Microsoft Cortana that allows anyone to run any code they wish on any Windows computer running Cortana.

Cortana = Microsoft voice-activated virtual personal assistant. Microsoft was notified and is currently working on a solution. The results will be presented in Black Hat USA conference in August.

Silence (2018)
The cost of communication is a substantial factor affecting the scalability of many distributed applications. Every message sent can incur a cost in storage, computation, energy and bandwidth. Consequently, reducing the communication costs of distributed applications is highly desirable. The best way to reduce message costs is by communicating without sending any messages whatsoever.       This paper initiates a rigorous investigation into the use of silence in synchronous settings, in which processes can fail. We formalize sufficient conditions for information transfer using silence, as well as necessary conditions for particular cases of interest. This allows us to identify message patterns that enable communication through silence. In particular, a pattern called a silent choir is identified, and shown to be central to information transfer via silence in failure-prone systems. The power of the new framework is demonstrated on the atomic commitment problem (AC). A complete characterization of the tradeoff between message complexity and round complexity in the synchronous model with crash failures is provided, in terms of lower bounds and matching protocols. In particular, a new message-optimal AC protocol is designed using silence, in which processes decide in 3 rounds in the common case. This significantly improves on the best previously known message-optimal AC protocol, in which decisions were performed in  rounds.

The Silence paper received the best student paper award at the prestigious PODC 2018 conference. by Guy Goren and Prof. Yoram Moses

Towards a Memristive Hardware Secure HashFunction (MemHash) (2017)
Hardware based hash functions might provide a low cost and low power alternative to the classic solutions, which are based on implementations of mathematical cryptographic algorithms. In this paper, we propose MemHash, a hardware secure hash function built using memristive technology that exploits the unique properties of memristors. The MemHash operation is based on intrinsic device characteristics. Furthermore, it exploits process variations for implicit key embedding, thus creating a keyed-hash message authentication code (HMAC) that does not involve a separate key generation and management process. MemHash comprises a memristive crossbar with a differential read mechanism and a scrambler unit. The scrambler unit receives the input message as a bit stream and digitally mixes it with data read from the array. For every bit of the message, the scrambler generates a write address and a value to perform a single-cell write cycle to the crossbar. Because the crossbar is designed to be extremely sensitive to the write disturb phenomenon, every single-cell write alters additional cells in the design, thus increasing the entropy. The differential read mechanism provides sensitivity to process variations and robustness in operating conditions, yielding a PUF-like effect. MemHash is evaluated with a 16×16 memristive crossbar structure. Our simulation results demonstrate the statistical characteristics of the proposed design, showing close-to-optimal uniqueness and diffuseness.  See paper here
Using Scan Side Channel to Detect IP Theft (2017)
In the growing heterogeneous Internet of Things market, which embraces a plurality of vendors and service providers, IP protection plays a central role. This paper proposes a process for the detection of IP theft in VLSI devices that exploits the internal test scan chains, designed for production test automation. The scan chains supply direct access to the internal registers in the device, enabling combinational analysis of the device logic. By using Boolean function learning methods, the learner creates a partial dependence graph of the internal flipflops. The graph is further partitioned using the shared nearest neighbors graph clustering method, and individual blocks of combinational logic are isolated. These blocks can be matched with known building blocks that compose the original function. This enables reconstruction of the function implementation to the level of pipeline structure. The IP owner can compare the resulting structure with his own implementation to confirm whether an IP violation has occurred. We demonstrate the power of the presented approach with a test case of an open source Bitcoin SHA-256 accelerator, containing more than 80 000 registers. With the presented method, we discover themicroarchitecture of the module, locate all the main components of the SHA-256 algorithm, and learn the module’s flow control. In addition to the direct recognition of the IP content, we also demonstrate a combination of reverse engineering and watermark methods. We define a new watermark structure—pipelineassociated watermark (PAW), combined with pipeline stages that can be detected with the scan-based reverse engineering method. see paper here
WatchIT: WhoWatches Your IT Guy? (2017)
System administrators have unlimited access to system resources  As the Snowden case highlighted, these permissions can be exploited to steal valuable personal, classified, or commercial data. This problem is exacerbated when a third party administers the system. For example, a bank outsourcing its IT would not want to allow administrators access to the actual data. We propose WatchIT: a strategy that constrains IT personnel’s view of the system and monitors their actions. To this end, we introduce the abstraction of perforated containers – while regular Linux containers are too restrictive to be used by system administrators, by “punching holes” in them, we strike a balance between information security and required administrative needs. Following the principle of least privilege, our system predicts which system resources should be accessible for handling each IT issue, creates a perforated container with the corresponding isolation, and deploys it as needed for fixing the problem. Under this approach, the system administrator retains superuser privileges, however only within the perforated container limits.We further provide means for the administrator to bypass the isolation, but such operations are monitored and logged for later analysis and anomaly detection. We provide a proof-of-concept implementation of our strategy, which includes software for deploying perforated containers, monitoring mechanisms, and changes to the Linux kernel. Finally, we present a case study conducted on the IT database of IBM Research in Israel,showing that our approach is feasible.Read More
Formal Black-Box Analysis of Routing Protocol Implementations (2017)
The Internet infrastructure relies entirely on open standards for its routing protocols. However, the overwhelming majority of routers on the Internet are proprietary and closed-source. Hence, there is no straightforward way to analyze them. Specifically, one cannot easily and systematically identify deviations of a router’s routing functionality from the routing protocol’s standard. Such deviations (either deliberate or inadvertent) are particularly important to identify since they present non-standard functionalities which have not been openly and rigorously analyzed by the security community. Therefore, these deviations may degrade the security or resiliency of the network. A model-based testing procedure is a technique that allows to systematically generate tests based on a model of the system to be tested; thereby finding deviations in the system compared to the model. However, applying such an approach to a complex multi-party routing protocol requires a prohibitively high number of tests to cover the desired functionality. We propose efficient and practical optimizations to the model-based testing procedure that are tailored to the analysis of routing protocols. These optimizations mitigate the scalability issues and allow to devise a formal black-box method to unearth deviations in closed-source routing protocols’ implementations. The method relies only on the ability to test the targeted protocol implementation and observe its output. Identification of the deviations is fully automatic. We evaluate our method against one of the complex and widely used routing protocols on the Internet – OSPF. We search for deviations in the OSPF implementation of Cisco. Our evaluation identified numerous significant deviations that can be abused to compromise the security of a network. The deviations were confirmed by Cisco. We further employed our method to analyze the OSPF implementation of the Quagga Routing Suite – a popular open source routing software. The analysis revealed one significant deviation. Subsequent to the disclosure of the deviations some of them were also identified by IBM, Lenovo and Huawei in their own products. See paper here
Understanding The Security of Discrete GPUs (2017)
GPUs have become an integral part of modern systems, but their implications for system security are not yet clear. This paper demonstrates both that discrete GPUs cannot be used as secure co-processors and that GPUs provide a stealthy platform for malware. First, we examine a recent proposal to use discrete GPUs as secure co-processors and show that the security guarantees of the proposed system do not hold on the GPUs we investigate. Second, we demonstrate that (under certain circumstances) it is possible to bypass IOMMU protections and create stealthy, long-lived GPU-based malware. We demonstrate a novel attack that compromises the in-kernel GPU driver and one that compromises GPU microcode to gain full access to CPU physical memory. In general,we find that the highly sophisticated, but poorly documented GPU hardware architecture, hidden behind obscure close-source device drivers and vendor-specific APIs, not only make GPUs a poor choice for applications requiring strong security, but also make GPUs into a security threat.Read More
Eleos: ExitLess OS Services for SGX Enclaves (2017)
Intel Software Guard eXtensions (SGX) enable secure and trusted execution of user code in an isolated enclave to protect against a powerful adversary. Unfortunately, running I/O-intensive, memory-demanding server applications in enclaves leads to significant performance degradation. Such applications put a substantial load on the in-enclave system call and secure paging mechanisms, which turn out to be the main reason for the application slowdown. In addition to the high direct cost of thousands-of-cycles long SGX management instructions, these mechanisms incur the high indirect cost of enclave exits due to associated TLB flushes and processor state pollution. We tackle these performance issues in Eleos by enabling exit-less system calls and exit-less paging in enclaves. Eleos introduces a novel Secure User-managed Virtual Memory (SUVM) abstraction that implements application-level paging inside the enclave. SUVM eliminates the overheads of enclave exits due to paging, and enables new optimizations such as sub-page granularity of accesses. We thoroughly evaluate Eleos on a range of microbenchmarks and two real server applications, achieving notable system performance gains. memcached and a face verification server running in-enclave with Eleos, achieves up to 2:2 and 2:3 higher throughput respectively while working on datasets up to 5 larger than the enclave’s secure physical memory. See paper .here
Vulnerabilities in modern computers leak passwords and sensitive data (2018)
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers. The discovery received significant attention in the Israeli media including an item in the TV news, and items in all major newspapers including Calcalist, The Guardian, New York Magazine, The Register
Preserving hidden data with an ever-changing disk (2017)
This paper presents a storage system that can hide the presence of hidden data alongside a larger volume of public data. Encryption allows a user to hide the contents of data, but not the fact that sensitive data is present. Under duress, the owner of high-value data can be coerced by a powerful adversary to disclose decryption keys. Thus, private users and corporations have an interest in hiding the very presence of some sensitive data, alongside a larger body of less sensitive data (e.g., the operating system and other benign files); this property is called
plausible deniability. Existing plausible deniability systems do not fulfill all of the following requirements: (1) resistance to multiple snapshot attacks where an attacker compares the state of the device over time; (2) ensuring that hidden data won’t be destroyed when the public volume is modified by a user unaware of the hidden data; and (3) disguising writes to secretdata as normal system operations on public data. We explain why existing solutions do not meet all these requirements and present the Ever-Changing Disk (ECD), a generic scheme for plausible deniability storage systems that meets all of these requirements. An ECD stores hidden data inside a large volume of pseudorandom data. Portions of this volume are periodically migrated in a log-structured manner. Hidden writes can then be interchanged with normal firmware operations. The expected access patterns and time until hidden data is overwritten are completely predictable, and insensitive to whether data is hidden. Users control the rate of internal data migration (R), trading write bandwidth to hidden data for longevity of the hidden data. For a typical 2TB disk and setting of R, a user preserves hidden data by entering her secret key every few days or weeks. See Paper here
DAMN: overhead-free IOMMU protection for networking (2015)
Alex Markuze, Igor Smolyar, Adam Morrison, Dan Tsafrir
ASPLOS ’18: ACM International Conference on Architectural Support for Languages and Operating Systems
March, 2018, Williamsburg, VA, to appear
BibTeX Read More
Securing Self-Virtualizing Ethernet Devices (2015)
Single root I/O virtualization (SRIOV) is a hardware/software interface that allows devices to “self virtualize” and thereby remove the host from the critical I/O path. SRIOV thus brings near bare-metal performance to untrusted guest virtual machines (VMs) in public clouds  enterprise data centers, and high-performance computing setups. We identify a design flaw in current Ethernet SRIOV NIC deployments that enables untrusted VMs to completely control the throughput and latency of other, unrelated VMs. The attack exploits Ethernet ”pause” frames, which enable network flow control functionality. We experimentally launch the attack across several NIC models and find that it is effective and highly accurate, with substantial consequences if left unmitigated: (1) to be safe, NIC vendors will have to modify their NICs so as to filter pause frames originating from SRIOV instances; (2) in the meantime, administrators will have to either trust their VMs, or configure their switches to ignore pause frames, thus relinquishing flow control, which might severely degrade networking performance. We present the Virtualization-Aware Network Flow Controller (VANFC), a software-based SRIOV NIC prototype that overcomes the attack. VANFC filters pause frames from malicious virtual machines without any loss of performance, while keeping SRIOV and Ethernet flow control hardware/software interfaces intact. See paper here
Cryptanalysis of GSM cellular encryption (2003)
Prof. Eli Biham, doctoral student Elad Barkan and Nathan Keller, have succeeded in cracking the popular GSM cellular phone network encryption code. They found various vulnerabilities in the GSM protocol, and in the A5 ciphers, that enable attackers to listen in to any second-generation GSM phone conversation, and even forge outgoing calls as if they are originated from that number. The discovery received significant attention in the Israeli media including an item in the TV news, and items in all major newspapers including Ynet, Haaretz, Maariv, Globes, Reuters and NY Times Online. The paper was published in Crypto 2003, with followups in additional conferences.  See the paper in here.