EC 500 Hardware Security Introduction to cybersecurity Cyber attacks examples Prof. Michel A. Kinsy Department of Electrical & Computer Engineering Course Topics § Classic and Modern encryption algorithms: AES, RSA, Hash, MAC, digital signatures, etc. § Hardware Security Primitives: Physical unclonable functions, Oblivious RAM, Circuit obfuscation, Hardware Trojans § Distributed Trustworthy Systems: Distributed Key Management, Authentication, Confidentiality § Secure Computing: Secure Multiparty Computation, Homomorphic Computation § Secure Architecture Design Concepts: Isolation, Obfuscation, Attestation § Memory Integrity, Cache Side-Channel, Secure Boot, Trusted OS § Software Guard Extensions (SGX) and Trusted Execution Technology (TXT) Department of Electrical & Computer Engineering Course Learning Vehicle § As a 500 Level course, it is primarily a reading, presentation and project driven course § The class project is built around the RISC-V ISA § We will try to build secure architecture features targeting each or some of these course topics Department of Electrical & Computer Engineering Large-Scale System Security Breaches § The Emerging Mobile App “Wild West” • https://securityintelligence.com/how-to-protect-mobile-apps- essentials/ § Apple has now removed over 300 pieces of software from the App Store • http://www.wired.com/2015/09/apple-removes-300-infected- apps-app-store/ § Security researcher obtained physical access to the plane control system through the Seat Electronic Box • http://www.wired.com/2015/05/feds-say-banned-researcher- commandeered-plane/ § Stuxnet computer worm is shown to work on Siemens SIMATIC WinCC SCADA system • http://www.theguardian.com/world/2011/apr/17/iran-siemens- stuxnet-cyberattack Department of Electrical & Computer Engineering Large-Scale System Security Breaches § Home routers § Stealthy, destructive malware infects half a million routers https://www.wired.com/story/vpnfilter-router-malware-outbreak/ § Services sector: databases and data centers § Equifax breach of 145.5 million people's data § Yahoo hack that affected 3 billion accounts § Hospitals § https://www.zdnet.com/article/us-hospital-pays-55000-to-ransomware-operators/ § https://www.healthcareitnews.com/news/when-medical-devices-get-hacked-hospitals- often-dont-know-it § Fitness and wellness § Under Armour § https://www.wired.com/story/under-armour-myfitnesspal-hack-password-hashing/ § Internet of Things § World's largest DDoS attack launched from 152,000 hacked Smart Deviceshttps://thehackernews.com/2016/09/ddos-attack-iot.html § 230 crypto keys are actively being used by more than 4 Million IoT devices § https://thehackernews.com/2015/11/iot-device-crypto-keys.html Department of Electrical & Computer Engineering Large-Scale System Security Breaches § Power grid systems: their control systems § U.S. investigators find proof of cyberattack on Ukraine power grid § https://www.cnn.com/2016/02/03/politics/cyberattack- ukraine-power-grid/index.html Source: U.S. Department of Energy Department of Electrical & Computer Engineering Example: Microgrids An information-centric energy infrastructure: The Berkeley view Source: http://www.energy-daily.com/images/smart-grid-electricity-schematic-bg.jpg. Department of Electrical & Computer Engineering Example: Cybersecurity of Microgrids § Computation requirements § The control systems deal with continuous, computational intensive dynamics, discrete events, and generic commands § Low and high-performance processing units required § The correctness, stability, and efficiency in controlling these system are closely related to the data propagation delay in the control (low-latency, and hard real-time) § Fast and predictable execution units are imperative § Security requirements Department of Electrical & Computer Engineering Example: Cybersecurity of Microgrids § Computation requirements § Security requirements § Local control algorithms change over time, due to changes in the physical plant functions or capacity § Programmable architectures are required § The system wide control is a network of independent or loosely coupled local controls § Robust network security is needed § Firewalls, intrusion detection, deep packet sniffing, logging, unauthorized access monitoring, etc. Department of Electrical & Computer Engineering Evolving Nature of Applications Scientific instruments Social media and networks Mobile devices Sensor technology Data storage has grown significantly, shifting markedly from analog to digital after 2000 Global installed, optimally compressed, storage Overall Detail Exabytes %; exabytes 300 100% = 3 16 54 295 1 Digital 3 250 25 200 150 94 Analog 99 97 75 100 50 6 0 1986 1993 2000 2007 1986 1993 2000 2007 NOTE: Numbers may not sum due to rounding. SOURCE: Hilbert and López, “The world’s technological capacity to store, communicate, and compute information,” Science, 2011 Department of Electrical & Computer Engineering Computer System Components View Applications Operating System Compiler Firmware ISA Processor Memory organization I/O system Datapath & Control Digital Design Circuit Design Layout Department of Electrical & Computer Engineering Computer Architecture Domains § The art of abstraction Application Algorithm Parallel Original Programming Language computing domain of Operating System/Virtual Machine security, … the Instruction Set Architecture (ISA) Domain of computer computer architect Microarchitecture architecture (‘50s-‘80s) Register-Transfer Level (RTL) (90s) Reliability, Circuits power Devices Physics Department of Electrical & Computer Engineering Computer Architecture Components Processing Cores Memory Subsystem On-chip Interconnect § The processing elements or cores do the actual computations, i.e., data manipulations, operations Department of Electrical & Computer Engineering Computer Architecture Components Processing Cores Memory Subsystem On-chip Interconnect § The memory hierarchy is responsible for the on-chip data storage, organization and access scheme Department of Electrical & Computer Engineering Computer Architecture Components Processing Cores Memory Subsystem On-chip Interconnect § On-chip network handles data movements, e.g., cache lines and cache coherence messages, between processor cores and memory modules Department of Electrical & Computer Engineering Why Hardware Level Security? Defense becomes more and more complex, yet still outmatched by offense Unified threat 10,000,000 management 8,000,000 Security software 6,000,000 4,000,000 Lines of code Network flight 2,000,000 recorder Malware: Milky Way DEC seal Stalker Snort 125 lines of code* 0 1985 1990 1995 2000 2005 2010 Source: Defense Advanced Research Projects Agency (DARPA) Brief to Defense Science Board (DSB) Task Force (May 2011). Data through 2010. Department of Electrical & Computer Engineering Computing Systems Security § Hardware Security Network • Circuit Level Applications § Hardware obfuscation • Digital Design OS § IC watermarking • Datapath & Control § Self-repair and regeneration of datapaths Hardware • Component Level § Hardware security primitives (PUF, ORAM, RNG,…) • Architecture Level § Secure computing architectures • Secure heterogeneous system- on-chip (SoC) architectures Department of Electrical & Computer Engineering Architecture Design Challenge § Relatively easy to get two of three, harder to get all three! Programmability Programmability Programmability Performance Performance Performance Energy Efficiency Energy Efficiency Energy Efficiency Uniprocessor ASIC Superscalar Department of Electrical & Computer Engineering Architecture Design Challenge § Relatively easy to get two of three, harder to get all three! Programmability Programmability Programmability Performance Performance Performance Energy Efficiency Energy Efficiency Energy Efficiency Uniprocessor ASIC Superscalar Programmability The general design objectives of the community have been: § If only I could get all three! Performance § Image the future of computing! Energy Efficiency Department of Electrical & Computer Engineering Architecture Design Challenge § Relatively easy to get two of three, harder to get all three! Programmability Programmability Programmability Performance Performance Performance Energy Efficiency Energy Efficiency Energy Efficiency Uniprocessor ASIC Superscalar Programmability What about security? § What about privacy-preserving computing? § Performance What about the integrity of the execution? § On-chip data confidentiality? § Albert! You really know how to kill Energy Efficiency a party!!! Department of Electrical & Computer Engineering Computer Architecture Security § The mainstream wake-up call § Meltdown and Spectre § Meltdown security vulnerability allows a local, unprivileged, userspace process to read data from any memory location mapped to the process, including kernel memory § The key reason why this vulnerability is so terrifying § Spectre security vulnerability allows a local, unprivileged, userspace process to read data from memory locations assigned to other processes Department of Electrical & Computer Engineering Control Flow and Performance § A basic block is a piece of code with no control flow instruction, i.e., no branches or jumps § Profiling results on a small set of common applications using the Intel Pintool BASIC BLOCK DISTRIBUTION Number of BBLs Average Inst/BBLs 20824 8081 5425 4438 4230 4.69 4.66 4.65 4.62 4.59 CLEAR MKDIR LS UNTAR FIND Department of Electrical & Computer Engineering Reducing Control Flow Penalty § Modern processors may have