Online citations, reference lists, and bibliographies.
← Back to Search

STACCO: Differentially Analyzing Side-Channel Traces For Detecting SSL/TLS Vulnerabilities In Secure Enclaves

Y. Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
Published 2017 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Share
Intel Software Guard Extension (SGX) offers software applications a shielded execution environment, dubbed enclave, to protect their confidentiality and integrity from malicious operating systems. As processors with this extended feature become commercially available, many new software applications are developed to enrich to the SGX-enabled ecosystem. One important primitive for these applications is a secure communication channel between the enclave and a remote trusted party. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly regarded a natural choice for such purposes. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at the page level, the cacheline level, or the branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities-discernible execution traces-that can be exploited as decryption oracles. Surprisingly, in spite of the prevailing constant-time programming paradigm adopted by many cryptographic libraries, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours. Our results reveal the insufficient understanding of side-channel security in SGX settings, and our study will provoke discussions on the secure implementation and adoption of SSL/TLS in secure enclaves.
This paper references
DROWN: Breaking TLS Using SSLv2
Nimrod Aviram (2016)
10.1109/SP.2014.15
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations
C. Brubaker (2014)
10.1145/1772954.1772958
PinPlay: a framework for deterministic replay and reproducible analysis of parallel programs
Harish Patil (2010)
Towards Application Security on Untrusted Operating Systems
Dan R. K. Ports (2008)
10.1145/3023357
A Messy State of the Union: Taming the Composite State Machines of TLS
Benjamin Beurdouche (2015)
MiniBox: A Two-Way Sandbox for x86 Native Code
Y. Li (2014)
10.1145/2451116.2451146
InkTag: secure applications on an untrusted operating system
O. Hofmann (2013)
10.17487/rfc8446
The Transport Layer Security (TLS) Protocol Version 1.2
T. Dierks (2008)
10.1007/3-540-44647-8_14
A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0
J. Manger (2001)
10.1145/2660267.2660356
Cross-Tenant Side-Channel Attacks in PaaS Clouds
Yinqian Zhang (2014)
10.1145/390013.808479
Control flow analysis
Frances E. Allen (1970)
Tamper-Resistant Execution in an Untrusted Operating System Using A Virtual Machine Monitor
Haibo Chen (2007)
10.1145/2592798.2592812
Cooperation and security isolation of library OSes for multi-process applications
Chia-che Tsai (2014)
Innovative Technology for CPU Based Attestation and Sealing
Ittai Anati (2013)
10.1145/1352592.1352625
Flicker: an execution infrastructure for tcb minimization
J. McCune (2008)
10.14722/NDSS.2017.23193
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs
Ming-Wei Shih (2017)
10.17487/RFC4346
The Transport Layer Security (TLS) Protocol Version 1.1
T. Dierks (2006)
Intel Software Guard Extensions Programming Reference
10.1145/2541940.2541986
Virtual ghost: protecting applications from hostile operating systems
J. Criswell (2014)
10.14722/NDSS.2017.23037
SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs
Jaebaek Seo (2017)
10.1145/2487726.2488368
Innovative instructions and software model for isolated execution
Frank McKeen (2013)
Verifying Constant-Time Implementations
J. Almeida (2016)
This POODLE Bites: Exploiting The SSL 3.0 Fallback
B. Möller (2014)
Splitting interfaces: making trust between applications and operating systems configurable
Richard Ta-Min (2006)
10.1145/1346256.1346267
Using hypervisor to provide data secrecy for user applications on a per-page basis
Jisoo Yang (2008)
10.1109/SP.2015.45
Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
Yuanzhong Xu (2015)
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
C. Meyer (2014)
10.1007/978-3-642-32009-5_36
Efficient Padding Oracle Attacks on Cryptographic Hardware
Romain Bardou (2012)
10.1145/1250734.1250746
Valgrind: a framework for heavyweight dynamic binary instrumentation
N. Nethercote (2007)
Raccoon: Closing Digital Side-Channels through Obfuscated Execution
A. Rane (2015)
10.14722/NDSS.2017.23500
Panoply: Low-TCB Linux Applications With SGX Enclaves
Shweta Shinde (2017)
10.1145/3052973.3053007
Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu
Sanchuan Chen (2017)
10.1109/SP.2013.42
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
N. AlFardan (2013)
Protocol State Fuzzing of TLS Implementations
J. D. Ruiter (2015)
10.17487/RFC8446
The Transport Layer Security (TLS) Protocol Version 1.3
E. Rescorla (2018)
10.1145/1065010.1065034
Pin: building customized program analysis tools with dynamic instrumentation
Chi-Keung Luk (2005)
Thousands of popular sites' at risk of DROWN hack attacks
Leo Kelion (2016)
10.1109/SP.2013.41
SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements
J. Clark (2013)
Thousands of popular sites
Leo Kelion (2016)
10.1109/EuroSP.2017.28
Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge
Florian Tramèr (2017)
10.1145/2043556.2043576
CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
F. Zhang (2011)
Oblivious Multi-Party Machine Learning on Trusted Processors
O. Ohrimenko (2016)
10.1145/2908080.2908113
A design and verification methodology for secure isolated regions
R. Sinha (2016)
10.1145/2714576.2714625
Lucky 13 Strikes Back
Gorka Irazoqui Apecechea (2015)
10.1007/978-3-540-45238-6_33
Attacking RSA-Based Sessions in SSL/TLS
Vlastimil Klíma (2003)
10.1109/SP.2012.19
Memento: Learning Secrets from Process Footprints
Suman Jana (2012)
10.1145/2487726.2488370
Using innovative instructions to create trustworthy software solutions
M. Hoekstra (2013)
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing
S. Lee (2017)
Software Grand Exposure: SGX Cache Attacks Are Practical
F. Brasser (2017)
10.1145/2786805.2786835
Guided differential testing of certificate validation in SSL/TLS implementations
Y. Chen (2015)
10.1007/978-3-662-49890-3_24
Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS
Martin R. Albrecht (2016)
10.1007/978-3-319-60876-1_1
Malware Guard Extension: Using SGX to Conceal Cache Attacks
M. Schwarz (2017)
Intel 64 and IA-32 Architectures Software Developer's Manual, Combined Volumes:1
3c 2a
10.1145/2976749.2978360
Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
Xiaokuan Zhang (2016)
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
V. Costan (2016)
10.1007/978-3-540-45146-4_34
Password Interception in a SSL/TLS Channel
Brice Canvel (2003)
10.1145/1346281.1346284
Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems
X. Chen (2008)
10.1145/2976749.2978411
Systematic Fuzzing and Testing of TLS Libraries
Juraj Somorovsky (2016)
10.1007/978-3-642-33167-1_43
Bleichenbacher's Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption
T. Jager (2012)
10.1145/2897845.2897885
Preventing Page Faults from Telling Your Secrets
Shweta Shinde (2016)
ROTE: Rollback Protection for Trusted Execution
Sinisa Matetic (2017)
10.1145/2799647
Shielding Applications from an Untrusted Cloud with Haven
A. Baumann (2015)
10.1145/945445.945463
Implementing an untrusted operating system on trusted hardware
D. Lie (2003)
10.1109/ISPASS.2015.7095784
Graph-matching-based simulation-region selection for multiple binaries
Charles Yount (2015)
10.1007/978-3-662-52993-5_9
Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC
J. Almeida (2015)
10.1145/2976749.2978326
Town Crier: An Authenticated Data Feed for Smart Contracts
F. Zhang (2016)
10.1007/3-540-46035-7_35
Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS
S. Vaudenay (2002)
10.1007/978-3-540-24688-6_58
A Tool Suite for Simulation Based Analysis of Memory Access Behavior
Josef Weidendorfer (2004)
10.1007/BFb0055716
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
Daniel Bleichenbacher (1998)
AppShield: Protecting Applications Against Untrusted Operating System
Yueqiang Cheng (2013)
Intel Software Guard Extensions, Enclave Writer's Guide, revision: 1.02
(2017)
10.1109/SP.2015.10
VC3: Trustworthy Data Analytics in the Cloud Using SGX
Felix Schuster (2015)



This paper is referenced by
10.1109/SP.2019.00022
CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation
R. Brotzman (2018)
10.1007/978-3-030-34353-8_7
Attainable Hacks on Keystore Files in Ethereum Wallets - A Systematic Analysis
Purathani Praitheeshan (2019)
SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients
Fabian Schwarz (2020)
10.1145/3321705.3329819
SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red Handed)
Daniele Cono D'Elia (2019)
10.1007/978-3-319-98989-1_24
Trust Anchors in Software Defined Networks
Nicolae Paladi (2018)
10.1145/3359789.3359845
SecDATAVIEW: a secure big data workflow management system for heterogeneous computing environments
Saeid Mofrad (2019)
D IF F UZZ : Differential Fuzzing for Side-Channel Analysis
Shirin Nilizadeh (2019)
10.13154/tches.v2020.i2.196-221
When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA
Alejandro Cabrera Aldaya (2020)
10.1109/SP.2019.00062
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
E. Ronen (2019)
10.1155/2018/8539674
Cryptanalysis and Security Enhancement of Three Authentication Schemes in Wireless Sensor Networks
Wenting Li (2018)
10.1109/SP40000.2020.00046
Pseudorandom Black Swans: Cache Attacks on CTR_DRBG
Shaanan N. Cohney (2020)
CCF: A Framework for Building Confidential Verifiable Replicated Services
Alex Shamis (2019)
10.1145/3359789.3359809
DR.SGX: automated and adjustable side-channel protection for SGX using data location randomization
F. Brasser (2019)
10.1002/9781119593386.ch11
Addressing Polymorphic Advanced Threats in Internet of Things Networks by Cross‐Layer Profiling
Hisham Alasmary (2020)
Thwarting Cache Attacks via Cache Set Randomization
M. Werner (2019)
10.13154/tches.v2018.i2.171-191
CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks
Fergus Dall (2018)
10.1109/ACCESS.2020.2980522
Meet the Sherlock Holmes’ of Side Channel Leakage: A Survey of Cache SCA Detection Techniques
Ayaz Akram (2020)
10.1109/ICSE.2019.00034
DifFuzz: Differential Fuzzing for Side-Channel Analysis
Shirin Nilizadeh (2019)
Raziel: Private and Verifiable Smart Contracts on Blockchains
David Cerezo Sánchez (2017)
ScatterCache: Thwarting Cache Attacks via Cache Set Randomization
M. Werner (2019)
Another Flip in the Row : Bypassing Rowhammer Defenses and Making Remote-Rowhammer Attacks Practical
D. Gruss (2018)
SGX - TURVALISUSE JA JÕUDLUSE HINNANG
(2019)
MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties
Guoxing Chen (2020)
10.1145/3196494.3196524
Single Trace Attack Against RSA Key Generation in Intel SGX SSL
S. Weiser (2018)
10.1145/3274694.3274741
MicroWalk: A Framework for Finding Side Channels in Binaries
Jan Wichelmann (2018)
Time and Order: Towards Automatically Identifying Side-Channel Vulnerabilities in Enclave Binaries
Wubing Wang (2019)
10.1007/978-3-030-34353-8
Future Network Systems and Security: 5th International Conference, FNSS 2019, Melbourne, VIC, Australia, November 27–29, 2019, Proceedings
P. Chen (2019)
10.1016/J.FUTURE.2019.06.020
Two-factor authentication in industrial Internet-of-Things: Attacks, evaluation and new construction
W. Li (2019)
DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries
S. Weiser (2018)
10.1145/3359789.3359809
DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization
F. Brasser (2017)
10.1145/3243734.3243775
Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure
E. Ronen (2018)
10.1145/3377811.3380432
JVM fuzzing for JIT-induced side-channel detection
T. Brennan (2020)
See more
Semantic Scholar Logo Some data provided by SemanticScholar