Online citations, reference lists, and bibliographies.
← Back to Search

STACCO: Differentially Analyzing Side-Channel Traces For Detecting SSL/TLS Vulnerabilities In Secure Enclaves

Y. Xiao, Mengyuan Li, Sanchuan Chen, Yinqian Zhang
Published 2017 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Intel Software Guard Extension (SGX) offers software applications a shielded execution environment, dubbed enclave, to protect their confidentiality and integrity from malicious operating systems. As processors with this extended feature become commercially available, many new software applications are developed to enrich to the SGX-enabled ecosystem. One important primitive for these applications is a secure communication channel between the enclave and a remote trusted party. The SSL/TLS protocol, which is the de facto standard for protecting transport-layer network communications, has been broadly regarded a natural choice for such purposes. However, in this paper, we show that the marriage between SGX and SSL may not be smooth sailing. Particularly, we consider a category of side-channel attacks against SSL/TLS implementations in secure enclaves, which we call the control-flow inference attacks. In these attacks, the malicious operating system kernel may perform a powerful man-in-the-kernel attack to collect execution traces of the enclave programs at the page level, the cacheline level, or the branch level, while positioning itself in the middle of the two communicating parties. At the center of our work is a differential analysis framework, dubbed Stacco, to dynamically analyze the SSL/TLS implementations and detect vulnerabilities-discernible execution traces-that can be exploited as decryption oracles. Surprisingly, in spite of the prevailing constant-time programming paradigm adopted by many cryptographic libraries, we found exploitable vulnerabilities in the latest versions of all the SSL/TLS libraries we have examined. To validate the detected vulnerabilities, we developed a man-in-the-kernel adversary to demonstrate Bleichenbacher attacks against the latest OpenSSL library running in the SGX enclave (with the help of Graphene) and completely broke the PreMasterSecret encrypted by a 4096-bit RSA public key with only 57286 queries. We also conducted CBC padding oracle attacks against the latest GnuTLS running in Graphene-SGX and an open-source SGX implementation of mbedTLS (i.e., mbedTLS-SGX) that runs directly inside the enclave, and showed that it only needs 48388 and 25717 queries, respectively, to break one block of AES ciphertext. Empirical evaluation suggests these man-in-the-kernel attacks can be completed within 1 or 2 hours. Our results reveal the insufficient understanding of side-channel security in SGX settings, and our study will provoke discussions on the secure implementation and adoption of SSL/TLS in secure enclaves.
This paper references
DROWN: Breaking TLS Using SSLv2
Nimrod Aviram (2016)
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations
C. Brubaker (2014)
PinPlay: a framework for deterministic replay and reproducible analysis of parallel programs
Harish Patil (2010)
Towards Application Security on Untrusted Operating Systems
Dan R. K. Ports (2008)
A Messy State of the Union: Taming the Composite State Machines of TLS
Benjamin Beurdouche (2015)
MiniBox: A Two-Way Sandbox for x86 Native Code
Y. Li (2014)
InkTag: secure applications on an untrusted operating system
O. Hofmann (2013)
The Transport Layer Security (TLS) Protocol Version 1.2
T. Dierks (2008)
A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0
J. Manger (2001)
Cross-Tenant Side-Channel Attacks in PaaS Clouds
Yinqian Zhang (2014)
Control flow analysis
Frances E. Allen (1970)
Tamper-Resistant Execution in an Untrusted Operating System Using A Virtual Machine Monitor
Haibo Chen (2007)
Cooperation and security isolation of library OSes for multi-process applications
Chia-che Tsai (2014)
Innovative Technology for CPU Based Attestation and Sealing
Ittai Anati (2013)
Flicker: an execution infrastructure for tcb minimization
J. McCune (2008)
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs
Ming-Wei Shih (2017)
The Transport Layer Security (TLS) Protocol Version 1.1
T. Dierks (2006)
Intel Software Guard Extensions Programming Reference
Virtual ghost: protecting applications from hostile operating systems
J. Criswell (2014)
SGX-Shield: Enabling Address Space Layout Randomization for SGX Programs
Jaebaek Seo (2017)
Innovative instructions and software model for isolated execution
Frank McKeen (2013)
Verifying Constant-Time Implementations
J. Almeida (2016)
This POODLE Bites: Exploiting The SSL 3.0 Fallback
B. Möller (2014)
Splitting interfaces: making trust between applications and operating systems configurable
Richard Ta-Min (2006)
Using hypervisor to provide data secrecy for user applications on a per-page basis
Jisoo Yang (2008)
Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems
Yuanzhong Xu (2015)
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
C. Meyer (2014)
Efficient Padding Oracle Attacks on Cryptographic Hardware
Romain Bardou (2012)
Valgrind: a framework for heavyweight dynamic binary instrumentation
N. Nethercote (2007)
Raccoon: Closing Digital Side-Channels through Obfuscated Execution
A. Rane (2015)
Panoply: Low-TCB Linux Applications With SGX Enclaves
Shweta Shinde (2017)
Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu
Sanchuan Chen (2017)
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
N. AlFardan (2013)
Protocol State Fuzzing of TLS Implementations
J. D. Ruiter (2015)
The Transport Layer Security (TLS) Protocol Version 1.3
E. Rescorla (2018)
Pin: building customized program analysis tools with dynamic instrumentation
Chi-Keung Luk (2005)
Thousands of popular sites' at risk of DROWN hack attacks
Leo Kelion (2016)
SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements
J. Clark (2013)
Thousands of popular sites
Leo Kelion (2016)
Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge
Florian Tramèr (2017)
CloudVisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization
F. Zhang (2011)
Oblivious Multi-Party Machine Learning on Trusted Processors
O. Ohrimenko (2016)
A design and verification methodology for secure isolated regions
R. Sinha (2016)
Lucky 13 Strikes Back
Gorka Irazoqui Apecechea (2015)
Attacking RSA-Based Sessions in SSL/TLS
Vlastimil Klíma (2003)
Memento: Learning Secrets from Process Footprints
Suman Jana (2012)
Using innovative instructions to create trustworthy software solutions
M. Hoekstra (2013)
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing
S. Lee (2017)
Software Grand Exposure: SGX Cache Attacks Are Practical
F. Brasser (2017)
Guided differential testing of certificate validation in SSL/TLS implementations
Y. Chen (2015)
Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS
Martin R. Albrecht (2016)
Malware Guard Extension: Using SGX to Conceal Cache Attacks
M. Schwarz (2017)
Intel 64 and IA-32 Architectures Software Developer's Manual, Combined Volumes:1
3c 2a
Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
Xiaokuan Zhang (2016)
Sanctum: Minimal Hardware Extensions for Strong Software Isolation
V. Costan (2016)
Password Interception in a SSL/TLS Channel
Brice Canvel (2003)
Overshadow: a virtualization-based approach to retrofitting protection in commodity operating systems
X. Chen (2008)
Systematic Fuzzing and Testing of TLS Libraries
Juraj Somorovsky (2016)
Bleichenbacher's Attack Strikes again: Breaking PKCS#1 v1.5 in XML Encryption
T. Jager (2012)
Preventing Page Faults from Telling Your Secrets
Shweta Shinde (2016)
ROTE: Rollback Protection for Trusted Execution
Sinisa Matetic (2017)
Shielding Applications from an Untrusted Cloud with Haven
A. Baumann (2015)
Implementing an untrusted operating system on trusted hardware
D. Lie (2003)
Graph-matching-based simulation-region selection for multiple binaries
Charles Yount (2015)
Verifiable side-channel security of cryptographic implementations: constant-time MEE-CBC
J. Almeida (2015)
Town Crier: An Authenticated Data Feed for Smart Contracts
F. Zhang (2016)
Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS
S. Vaudenay (2002)
A Tool Suite for Simulation Based Analysis of Memory Access Behavior
Josef Weidendorfer (2004)
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
Daniel Bleichenbacher (1998)
AppShield: Protecting Applications Against Untrusted Operating System
Yueqiang Cheng (2013)
Intel Software Guard Extensions, Enclave Writer's Guide, revision: 1.02
VC3: Trustworthy Data Analytics in the Cloud Using SGX
Felix Schuster (2015)

This paper is referenced by
CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation
R. Brotzman (2018)
Attainable Hacks on Keystore Files in Ethereum Wallets - A Systematic Analysis
Purathani Praitheeshan (2019)
SENG, the SGX-Enforcing Network Gateway: Authorizing Communication from Shielded Clients
Fabian Schwarz (2020)
SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red Handed)
Daniele Cono D'Elia (2019)
Trust Anchors in Software Defined Networks
Nicolae Paladi (2018)
SecDATAVIEW: a secure big data workflow management system for heterogeneous computing environments
Saeid Mofrad (2019)
D IF F UZZ : Differential Fuzzing for Side-Channel Analysis
Shirin Nilizadeh (2019)
When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA
Alejandro Cabrera Aldaya (2020)
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations
E. Ronen (2019)
Cryptanalysis and Security Enhancement of Three Authentication Schemes in Wireless Sensor Networks
Wenting Li (2018)
Pseudorandom Black Swans: Cache Attacks on CTR_DRBG
Shaanan N. Cohney (2020)
CCF: A Framework for Building Confidential Verifiable Replicated Services
Alex Shamis (2019)
DR.SGX: automated and adjustable side-channel protection for SGX using data location randomization
F. Brasser (2019)
Addressing Polymorphic Advanced Threats in Internet of Things Networks by Cross‐Layer Profiling
Hisham Alasmary (2020)
Thwarting Cache Attacks via Cache Set Randomization
M. Werner (2019)
CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks
Fergus Dall (2018)
Meet the Sherlock Holmes’ of Side Channel Leakage: A Survey of Cache SCA Detection Techniques
Ayaz Akram (2020)
DifFuzz: Differential Fuzzing for Side-Channel Analysis
Shirin Nilizadeh (2019)
Raziel: Private and Verifiable Smart Contracts on Blockchains
David Cerezo Sánchez (2017)
ScatterCache: Thwarting Cache Attacks via Cache Set Randomization
M. Werner (2019)
Another Flip in the Row : Bypassing Rowhammer Defenses and Making Remote-Rowhammer Attacks Practical
D. Gruss (2018)
MAGE: Mutual Attestation for a Group of Enclaves without Trusted Third Parties
Guoxing Chen (2020)
Single Trace Attack Against RSA Key Generation in Intel SGX SSL
S. Weiser (2018)
MicroWalk: A Framework for Finding Side Channels in Binaries
Jan Wichelmann (2018)
Time and Order: Towards Automatically Identifying Side-Channel Vulnerabilities in Enclave Binaries
Wubing Wang (2019)
Future Network Systems and Security: 5th International Conference, FNSS 2019, Melbourne, VIC, Australia, November 27–29, 2019, Proceedings
P. Chen (2019)
Two-factor authentication in industrial Internet-of-Things: Attacks, evaluation and new construction
W. Li (2019)
DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries
S. Weiser (2018)
DR.SGX: Hardening SGX Enclaves against Cache Attacks with Data Location Randomization
F. Brasser (2017)
Pseudo Constant Time Implementations of TLS Are Only Pseudo Secure
E. Ronen (2018)
JVM fuzzing for JIT-induced side-channel detection
T. Brennan (2020)
See more
Semantic Scholar Logo Some data provided by SemanticScholar