hello from the other side: ssh over robust cache covert ... · hello from the other side: ssh over...

Hello from the Other Side:SSH over Robust Cache Covert Channels in the Cloud

Michael Schwarz and Manuel WeberMarch 30th, 2017

1

About this presentation

This talks shows how caches allow to circumvent the isolation of virtualmachines

• It is not about software bugs• The attack vector is due to hardware design• We demonstrate a robust covert channel on the Amazon cloud• And we have a really cool live demo at the end

2

Take aways

Take aways

• Cache-based covert channels are practical and a real threat• Virtual machines are not a perfect isolation mechanism• There is no known countermeasure for what we present

3

Introduction

Whoami

• Manuel Weber• PhD Student, Graz University of Technology• Interested in IoT, networks and security• @WeberOnNetworks

• manuel.weber@tugraz.at

4

Whoami

• Michael Schwarz• PhD Student, Graz University of Technology• Likes to break stuff• @misc0110

• michael.schwarz@iaik.tugraz.at

5

And the team

The research team• Clémentine Maurice• Lukas Giner• Daniel Gruss• Carlo Alberto Boano• Kay Römer• Stefan Mangard

from Graz University of Technology

6

Covert channel

What is a covert channel?

• Two programs would like to communicate

but are not allowed to do so• either because there is no communication channel...• ...or the channels are monitored and programs are stopped on communicationattempts

• Use side channels and stay stealthy

7

Covert channel

What is a covert channel?

• Two programs would like to communicate but are not allowed to do so

• either because there is no communication channel...• ...or the channels are monitored and programs are stopped on communicationattempts

• Use side channels and stay stealthy

7

Covert channel

What is a covert channel?

• Two programs would like to communicate but are not allowed to do so• either because there is no communication channel...

• ...or the channels are monitored and programs are stopped on communicationattempts

• Use side channels and stay stealthy

7

Covert channel

What is a covert channel?

• Two programs would like to communicate but are not allowed to do so• either because there is no communication channel...• ...or the channels are monitored and programs are stopped on communicationattempts

• Use side channels and stay stealthy

7

Covert channel

What is a covert channel?

• Two programs would like to communicate but are not allowed to do so• either because there is no communication channel...• ...or the channels are monitored and programs are stopped on communicationattempts

• Use side channels and stay stealthy

7

Covert channel

8

Covert channel

8

Challenges

Cross-VM side channel

9

Challenges

Cross-VM side channel

Communication channel

9

Challenges

Cross-VM side channel

Communication channel

Synchronization

9

Challenges

Cross-VM side channel

Communication channel

Synchronization

Errorcorrection

9

Challenges

Cross-VM side channel

Communication channel

Synchronization

Errorcorrection

SSH

9

CPU Caches

Motivation

• Main memory is slow compared to the CPU

• Caches buffer frequently used data• Every data access goes through the cache• Caches are transparent to the OS and the software

10

Motivation

• Main memory is slow compared to the CPU• Caches buffer frequently used data

• Every data access goes through the cache• Caches are transparent to the OS and the software

10

Motivation

• Main memory is slow compared to the CPU• Caches buffer frequently used data• Every data access goes through the cache

• Caches are transparent to the OS and the software

10

Motivation

• Main memory is slow compared to the CPU• Caches buffer frequently used data• Every data access goes through the cache• Caches are transparent to the OS and the software

10

Memory access time

11

Memory access time

11

Cache hierarchy

Core 0

L1

L2

Core 1

L1

L2

Core 2

L1

L2

Core 3

L1

L2 ring bus

LLCslice 0

LLCslice 1

LLCslice 2

LLCslice 3

• L1 and L2 are private• Last-level cache is

• divided into slices• shared across cores• inclusive

12

Set-associative Last-level Cache

Memory Address

Cache

6 bits11 bits

2048 cache sets

• Location in cache depends on the physical address of data

13

Set-associative Last-level Cache

Memory Address

Cache

6 bits11 bits

Cache Set

2048 cache sets

• Location in cache depends on the physical address of data

• Bits 6 to 16 determine the cache set

13

Set-associative Last-level Cache

Memory Address

Cache

Way 0 Way 1 ... Way n

6 bits11 bits

Cache Set

2048 cache sets

• Location in cache depends on the physical address of data

• Bits 6 to 16 determine the cache set

• A cache set has multiple ways to store the data

13

Set-associative Last-level Cache

Memory Address

Cache

Way 0 Way 1 ... Way n

6 bits11 bits

Cache Set

2048 cache sets

Cache Line

• Location in cache depends on the physical address of data

• Bits 6 to 16 determine the cache set

• A cache set has multiple ways to store the data

• A way inside a cache set is a cache line, determined by the cache replacement policy

13

Prime+Probe

Prime+Probe

Prime+Probe...

• exploits the timing difference when accessing...• cached data (fast)• uncached data (slow)

• is applied to one cache set• works across CPU cores as the last-level cache is shared

14

Prime+Probe

Prime+Probe...

• exploits the timing difference when accessing...

• cached data (fast)• uncached data (slow)

• is applied to one cache set• works across CPU cores as the last-level cache is shared

14

Prime+Probe

Prime+Probe...

• exploits the timing difference when accessing...• cached data (fast)

• uncached data (slow)• is applied to one cache set• works across CPU cores as the last-level cache is shared

14

Prime+Probe

Prime+Probe...

• exploits the timing difference when accessing...• cached data (fast)• uncached data (slow)

• is applied to one cache set• works across CPU cores as the last-level cache is shared

14

Prime+Probe

Prime+Probe...

• exploits the timing difference when accessing...• cached data (fast)• uncached data (slow)

• is applied to one cache set

• works across CPU cores as the last-level cache is shared

14

Prime+Probe

Prime+Probe...

• exploits the timing difference when accessing...• cached data (fast)• uncached data (slow)

• is applied to one cache set• works across CPU cores as the last-level cache is shared

14

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)Step 1: Sender evicts cache lines by accessing owndata

loads data

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)Step 1: Sender evicts cache lines by accessing owndata

loads data

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)Step 1: Sender evicts cache lines by accessing owndata

loads data

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)Step 1: Sender evicts cache lines by accessing owndata

loads data

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)Step 1: Sender evicts cache lines by accessing owndata

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)Step 1: Sender evicts cache lines by accessing owndataStep 2: Receiver probes data to determine if the set was accessed

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)Step 1: Sender evicts cache lines by accessing owndataStep 2: Receiver probes data to determine if the set was accessed

fast access

15

Prime+Probe

Receiveraddress space Cache Sender

address space

Step0: Receiver fills the cache (prime)Step 1: Sender evicts cache lines by accessing owndataStep 2: Receiver probes data to determine if the set was accessed

slow access

15

Building a robust covert channel

The goal

We want to build a covert channel which...

• works across virtual machines• runs on the Amazon cloud• is fast (i.e., multiple kB/s)• is free of transmission errors• is robust against system noise

16

The goal

We want to build a covert channel which...

• works across virtual machines

• runs on the Amazon cloud• is fast (i.e., multiple kB/s)• is free of transmission errors• is robust against system noise

16

The goal

We want to build a covert channel which...

• works across virtual machines• runs on the Amazon cloud

• is fast (i.e., multiple kB/s)• is free of transmission errors• is robust against system noise

16

The goal

We want to build a covert channel which...

• works across virtual machines• runs on the Amazon cloud• is fast (i.e., multiple kB/s)

• is free of transmission errors• is robust against system noise

16

The goal

We want to build a covert channel which...

• works across virtual machines• runs on the Amazon cloud• is fast (i.e., multiple kB/s)• is free of transmission errors

• is robust against system noise

16

The goal

We want to build a covert channel which...

• works across virtual machines• runs on the Amazon cloud• is fast (i.e., multiple kB/s)• is free of transmission errors• is robust against system noise

16

Challenges

Cross-VM side channel

Communication channel

Synchronization

Errorcorrection

SSH

17

Cross-VM side channel

We require a side channel which works across virtual machines

• We do not want to rely on software bugs, they can be patched• We want to exploit the hardware• Memory is shared between all virtual machines

• DRAM→ covert channel (Schwarz and Fogh 2016, BlackHat Europe)• Cache→ this talk!

18

Cross-VM side channel

We require a side channel which works across virtual machines

• We do not want to rely on software bugs, they can be patched

• We want to exploit the hardware• Memory is shared between all virtual machines

• DRAM→ covert channel (Schwarz and Fogh 2016, BlackHat Europe)• Cache→ this talk!

18

Cross-VM side channel

We require a side channel which works across virtual machines

• We do not want to rely on software bugs, they can be patched• We want to exploit the hardware

• Memory is shared between all virtual machines• DRAM→ covert channel (Schwarz and Fogh 2016, BlackHat Europe)• Cache→ this talk!

18

Cross-VM side channel

We require a side channel which works across virtual machines

• We do not want to rely on software bugs, they can be patched• We want to exploit the hardware• Memory is shared between all virtual machines

• DRAM→ covert channel (Schwarz and Fogh 2016, BlackHat Europe)• Cache→ this talk!

18

Cross-VM side channel

We require a side channel which works across virtual machines

• We do not want to rely on software bugs, they can be patched• We want to exploit the hardware• Memory is shared between all virtual machines

• DRAM

→ covert channel (Schwarz and Fogh 2016, BlackHat Europe)• Cache→ this talk!

18

Cross-VM side channel

We require a side channel which works across virtual machines

• We do not want to rely on software bugs, they can be patched• We want to exploit the hardware• Memory is shared between all virtual machines

• DRAM→ covert channel (Schwarz and Fogh 2016, BlackHat Europe)

• Cache→ this talk!

18

Cross-VM side channel

We require a side channel which works across virtual machines

• We do not want to rely on software bugs, they can be patched• We want to exploit the hardware• Memory is shared between all virtual machines

• DRAM→ covert channel (Schwarz and Fogh 2016, BlackHat Europe)• Cache

→ this talk!

18

Cross-VM side channel

We require a side channel which works across virtual machines

• We do not want to rely on software bugs, they can be patched• We want to exploit the hardware• Memory is shared between all virtual machines

• DRAM→ covert channel (Schwarz and Fogh 2016, BlackHat Europe)• Cache→ this talk!

18

Cross-VM side channel

We can use Prime+Probe for the side channel

• Prime+Probe works with the last-level cache

• The last-level cache is shared among all CPU cores• No requirement for any form of shared memory• We just need to build eviction sets and negotiate the used cache sets

19

Cross-VM side channel

We can use Prime+Probe for the side channel

• Prime+Probe works with the last-level cache• The last-level cache is shared among all CPU cores

• No requirement for any form of shared memory• We just need to build eviction sets and negotiate the used cache sets

19

Cross-VM side channel

We can use Prime+Probe for the side channel

• Prime+Probe works with the last-level cache• The last-level cache is shared among all CPU cores• No requirement for any form of shared memory

• We just need to build eviction sets and negotiate the used cache sets

19

Cross-VM side channel

We can use Prime+Probe for the side channel

• Prime+Probe works with the last-level cache• The last-level cache is shared among all CPU cores• No requirement for any form of shared memory• We just need to build eviction sets and negotiate the used cache sets

19

Cross-VM side channel

• We need a set of addresses in the same cache set and same slice

• Problem: slice number depends on all bits of the physical address

physical address

cache tagcache setindex

cache lineoffset

2MB page offset

xxxx

• We can build a set of addresses in the same cache set and same slice...

• ...without knowing which slice• And then remove the addresses of the wrong slices afterwards

20

Cross-VM side channel

• We need a set of addresses in the same cache set and same slice• Problem: slice number depends on all bits of the physical address

physical address

cache tagcache setindex

cache lineoffset

2MB page offset

xxxx

• We can build a set of addresses in the same cache set and same slice...• ...without knowing which slice

• And then remove the addresses of the wrong slices afterwards

20

Cross-VM side channel

• We need a set of addresses in the same cache set and same slice• Problem: slice number depends on all bits of the physical address

physical address

cache tagcache setindex

cache lineoffset

2MB page offset

xxxx

• We can build a set of addresses in the same cache set and same slice...

• ...without knowing which slice• And then remove the addresses of the wrong slices afterwards

20

Cross-VM side channel

• We need a set of addresses in the same cache set and same slice• Problem: slice number depends on all bits of the physical address

physical address

cache tagcache setindex

cache lineoffset

2MB page offset

xxxx

• We can build a set of addresses in the same cache set and same slice...• ...without knowing which slice

• And then remove the addresses of the wrong slices afterwards

20

Cross-VM side channel

• We need a set of addresses in the same cache set and same slice• Problem: slice number depends on all bits of the physical address

physical address

cache tagcache setindex

cache lineoffset

2MB page offset

xxxx

• We can build a set of addresses in the same cache set and same slice...• ...without knowing which slice• And then remove the addresses of the wrong slices afterwards

20

Cross-VM side channel

• We need a set of addresses in the same cache set and same slice• Problem: slice number depends on all bits of the physical address

physical address

cache tagcache setindex

cache lineoffset

2MB page offset

xxxx

• We can build a set of addresses in the same cache set and same slice...• ...without knowing which slice• And then remove the addresses of the wrong slices afterwards

20

Challenges

Cross-VM side channelPrime+Probe

Communication channel

Synchronization

Errorcorrection

SSH

21

Challenges

Cross-VM side channelPrime+Probe

Communication channel

Synchronization

Errorcorrection

SSH

21

Communication Channel

• For a communication, we have to agree on communication channels

• We have to negotiate them dynamically• There is always noise on all cache sets

(a) Quiet system (b)Watching an 1080p video

22

Communication Channel

• For a communication, we have to agree on communication channels• We have to negotiate them dynamically

• There is always noise on all cache sets

(a) Quiet system (b)Watching an 1080p video

22

Communication Channel

• For a communication, we have to agree on communication channels• We have to negotiate them dynamically• There is always noise on all cache sets

(a) Quiet system (b)Watching an 1080p video22

Communication Channel

Quite similar to a wireless communication channel

-100

-80

-60

-40

-20

0

0 2500 5000 7500

RSS

I [dB

m]

Time [µs]

(a) Bluetooth

-100

-80

-60

-40

-20

0

0 20000 40000 60000

RSS

I [dB

m]

Time [µs]

(b) Microwave

-100

-80

-60

-40

-20

0

0 500 1000 1500 2000

RSS

I [dB

m]

Time [µs]

(c)WiFi

Figure 2: Noise in wireless channels (Boano et al. 2012)

23

Jamming Agreement

• Idea: »He who shouts loudest will be heard«

• One party generates a lot of “noise” on the channel• The other party monitors the channels• Correct channel if the noise level never falls below a certain value

24

Jamming Agreement

• Idea: »He who shouts loudest will be heard«• One party generates a lot of “noise” on the channel

• The other party monitors the channels• Correct channel if the noise level never falls below a certain value

24

Jamming Agreement

• Idea: »He who shouts loudest will be heard«• One party generates a lot of “noise” on the channel• The other party monitors the channels

• Correct channel if the noise level never falls below a certain value

24

Jamming Agreement

• Idea: »He who shouts loudest will be heard«• One party generates a lot of “noise” on the channel• The other party monitors the channels• Correct channel if the noise level never falls below a certain value

24

Jamming Agreement

-100

-80

-60

-40

-20

0

0 5000 10000 15000

RSS

I [dB

m]

Time [µs]

Jamming sequence of 13 ms(absence of interference)

(a) No interference

-100

-80

-60

-40

-20

0

0 5000 10000 15000

RSS

I [dB

m]

Time [µs]

Jamming sequence of 13 ms(presence of Wi-Fi interference)

(b)WiFi interference

Figure 3: Jamming agreement in wireless channels (Boano et al. 2012) 25

Jamming Agreement

SenderEviction Sets

#1

#2

#3

#4

Cache Sets

ReceiverEviction Sets

26

Jamming Agreement

SenderEviction Sets

#1

prime

#2

#3

#4

Cache Sets

S S S S S S S S

ReceiverEviction Sets

26

Jamming Agreement

SenderEviction Sets

#1

#2

#3

#4

Cache Sets

S S S S S S S S

R R R R R R R R

ReceiverEviction Sets

prime

26

Jamming Agreement

SenderEviction Sets

#1

probe

#2

#3

#4

Cache Sets

S S S S S S S S

R R R R R R R R

ReceiverEviction Sets

26

Jamming Agreement

SenderEviction Sets

#1

#2

#3

#4

Cache Sets

S S S S S S S S

R R R R R R R R

ReceiverEviction Sets

probe

26

Jamming Agreement

SenderEviction Sets

#1

prime

#2

#3

#4

Cache Sets

S S S S S S S S

ReceiverEviction Sets

26

Jamming Agreement

SenderEviction Sets

#1

#2

#3

#4

Cache Sets

S S S S S S S S

R R R R R R R R

ReceiverEviction Sets

prime

26

Jamming Agreement

SenderEviction Sets

#1

probe

#2

#3

#4

Cache Sets

S S S S S S S S

R R R R R R R R

ReceiverEviction Sets

26

Jamming Agreement

SenderEviction Sets

#1

#2

#3

#4

Cache Sets

S S S S S S S S

R R R R R R R R

ReceiverEviction Sets

probe

26

Jamming Agreement

SenderEviction Sets

#1

prime

#2

#3

#4

Cache Sets

S S S S S S S S

ReceiverEviction Sets

26

Jamming Agreement

SenderEviction Sets

#1

#2

#3

#4

Cache Sets

R R R R R R R R

S S S S S S S S

ReceiverEviction Sets

prime

26

Jamming Agreement

SenderEviction Sets

#1

probe

#2

#3

#4

Cache Sets

R R R R R R R R

S S S S S S S S

ReceiverEviction Sets

26

Jamming Agreement

SenderEviction Sets

#1

#2

#3

#4

Cache Sets

R R R R R R R R

S S S S S S S S

ReceiverEviction Sets

probe

26

Jamming Agreement

SenderEviction Sets

#1

prime

#2

#3

#4

Cache Sets

S S S S S S S S

ReceiverEviction Sets

26

Jamming Agreement

SenderEviction Sets

#1

#2

#3

#4

Cache Sets

R R R R R R R R

ReceiverEviction Sets

prime

26

Jamming Agreement

SenderEviction Sets

#1

probe

#2

#3

#4

Cache Sets

S S S S S S S S

ReceiverEviction Sets

26

Jamming Agreement

SenderEviction Sets

#1

#2

#3

#4

Cache Sets

R R R R R R R R

ReceiverEviction Sets

#1probe

26

Jamming Agreement

SenderEviction Sets

#1 X

#2

#3

#4

Cache Sets

ReceiverEviction Sets

#1

26

Jamming Agreement

SenderEviction Sets

#1 X

#2

#3

#4

Cache Sets

ReceiverEviction Sets

#1

Achievement unlockedFinding each other in the cloud

26

Jamming Agreement

SenderEviction Sets

#1 X

#2

#3

#4

repeat!

ReceiverEviction Sets

#1

26

Jamming Agreement

SenderEviction Sets

#1 X

#2 X

#3

#4

repeat!

ReceiverEviction Sets

#2

#1

26

Jamming Agreement

SenderEviction Sets

#1 X

#2 X

#3 X

#4

repeat!

ReceiverEviction Sets

#3

#2

#1

26

Jamming Agreement

SenderEviction Sets

#1 X

#2 X

#3 X

#4 X

repeat!

ReceiverEviction Sets

#4

#3

#2

#1

26

Jamming Agreement

SenderEviction Sets

#1 X

#2 X

#3 X

#4 X

repeat!

ReceiverEviction Sets

#4

#3

#2

#1

Achievement unlockedAgreed on common channels

26

Sending Data

Last-level cache

Cache Set #1

Cache Set #2

Cache Set #3

Cache Set #4

Cache Set #5

Cache Set #6

Cache Set #7

Cache Set #8

Sender Receiver

27

Sending Data

Last-level cache

Cache Set #1

Cache Set #2

Cache Set #3

Cache Set #4

Cache Set #5

Cache Set #6

Cache Set #7

Cache Set #8

Sender Receiver

evict

evict

evict

evict

evict

evict

evict

evict

27

Sending Data

Last-level cache

Cache Set #1

Cache Set #2

Cache Set #3

Cache Set #4

Cache Set #5

Cache Set #6

Cache Set #7

Cache Set #8

Sender Receiver

01001000

27

Sending Data

Last-level cache

Cache Set #1

Cache Set #2

Cache Set #3

Cache Set #4

Cache Set #5

Cache Set #6

Cache Set #7

Cache Set #8

Sender Receiver

01001000

evict

evict

27

Sending Data

Last-level cache

Cache Set #1

Cache Set #2

Cache Set #3

Cache Set #4

Cache Set #5

Cache Set #6

Cache Set #7

Cache Set #8

Sender Receiver

01001000

measure

measure

measure

measure

measure

measure

measure

measure

01001000

27

Sending Data

Last-level cache

Cache Set #1

Cache Set #2

Cache Set #3

Cache Set #4

Cache Set #5

Cache Set #6

Cache Set #7

Cache Set #8

Sender Receiver

00101001

27

Sending Data

Last-level cache

Cache Set #1

Cache Set #2

Cache Set #3

Cache Set #4

Cache Set #5

Cache Set #6

Cache Set #7

Cache Set #8

Sender Receiver

00101001

evict

evict

evict

27

Sending Data

Last-level cache

Cache Set #1

Cache Set #2

Cache Set #3

Cache Set #4

Cache Set #5

Cache Set #6

Cache Set #7

Cache Set #8

Sender Receiver

00101001

measure

measure

measure

measure

measure

measure

measure

measure

00101001

27

Why don’t we just take the file...

28

...and put it into the channel?

29

Sending the first image

Achievement unlockedFirst transmission

30

Sending the first image

Achievement unlockedFirst transmission

30

Sending the first image

31

Sending the first image

32

Challenges

Cross-VM side channelPrime+Probe

Communication channel

JammingAgreement

Synchronization

Errorcorrection

SSH

33

Challenges

Cross-VM side channelPrime+Probe

Communication channel

JammingAgreement

Synchronization

Errorcorrection

SSH

33

Synchronization

What we see are mostly synchronization errors

1 0 0 1 1 0Sender

1 0 0 1 1 0Receiver

Normal transmission

34

Synchronization

What we see are mostly synchronization errors

1 0 0 1 1 0Sender

1 0 0Receiver

Deletion errors due to receiver not scheduled

34

Synchronization

What we see are mostly synchronization errors

1 0 0 1 1 0Sender

1 0 0 0 0 0 1 1 0Receiver

Insertion errors due to sender not scheduled

34

Synchronization

Only sometimes substitution errors which can be corrected

1 0 0 1 1 0Sender

1 1 0 1 1 0Receiver

Substitution errors due to unrelated noise

34

Synchronization

To cope with deletion errors, we use a request-to-send scheme.

• Transmission uses packets

DataPhysical layer word

12 bits

SQN

3 bits

• Receiver acknowledges by requesting the next sequence number

35

Synchronization

To cope with deletion errors, we use a request-to-send scheme.

• Transmission uses packets

DataPhysical layer word

12 bits

SQN

3 bits

• Receiver acknowledges by requesting the next sequence number

35

Synchronization

To cope with deletion errors, we use a request-to-send scheme.

• Transmission uses packets with 3-bit sequence numbers

DataPhysical layer word

12 bits

SQN

3 bits

• Receiver acknowledges by requesting the next sequence number

35

Synchronization

To cope with deletion errors, we use a request-to-send scheme.

• Transmission uses packets with 3-bit sequence numbers

DataPhysical layer word

12 bits

SQN

3 bits

• Receiver acknowledges by requesting the next sequence number

35

Synchronization

Important observation: insertion errors are almost always ‘0’s.

• Detecting additional ‘0’s detects (many) insertion errors• We need an error detection code

DataPhysical layer word

12 bits

SQN

3 bits

EDC

4 bits

• Count the number of ‘0’s in a word• Side effect: there is no ‘0’-word anymore

Achievement unlockedDetect Interrupts

36

Synchronization

Important observation: insertion errors are almost always ‘0’s.

• Detecting additional ‘0’s detects (many) insertion errors

• We need an error detection code

DataPhysical layer word

12 bits

SQN

3 bits

EDC

4 bits

• Count the number of ‘0’s in a word

• Side effect: there is no ‘0’-word anymore

Achievement unlockedDetect Interrupts

36

Synchronization

Important observation: insertion errors are almost always ‘0’s.

• Detecting additional ‘0’s detects (many) insertion errors• We need an error detection code

DataPhysical layer word

12 bits

SQN

3 bits

EDC

4 bits

• Count the number of ‘0’s in a word• Side effect: there is no ‘0’-word anymore

Achievement unlockedDetect Interrupts

36

Synchronization

Important observation: insertion errors are almost always ‘0’s.

• Detecting additional ‘0’s detects (many) insertion errors• We need an error detection code → Berger codes

DataPhysical layer word

12 bits

SQN

3 bits

EDC

4 bits

• Count the number of ‘0’s in a word• Side effect: there is no ‘0’-word anymore

Achievement unlockedDetect Interrupts

36

Synchronization

Important observation: insertion errors are almost always ‘0’s.

• Detecting additional ‘0’s detects (many) insertion errors• We need an error detection code → Berger codes

DataPhysical layer word

12 bits

SQN

3 bits

EDC

4 bits

• Count the number of ‘0’s in a word

• Side effect: there is no ‘0’-word anymore

Achievement unlockedDetect Interrupts

36

Synchronization

Important observation: insertion errors are almost always ‘0’s.

• Detecting additional ‘0’s detects (many) insertion errors• We need an error detection code → Berger codes

DataPhysical layer word

12 bits

SQN

3 bits

EDC

4 bits

• Count the number of ‘0’s in a word• Side effect: there is no ‘0’-word anymore

Achievement unlockedDetect Interrupts

36

Synchronization

Important observation: insertion errors are almost always ‘0’s.

• Detecting additional ‘0’s detects (many) insertion errors• We need an error detection code → Berger codes

DataPhysical layer word

12 bits

SQN

3 bits

EDC

4 bits

• Count the number of ‘0’s in a word• Side effect: there is no ‘0’-word anymore

Achievement unlockedDetect Interrupts

36

Synchronization

Sender ReceiverSEQ = 1 Initiate

transmission

Senderdescheduled

Receiverdescheduled

37

Synchronization

Sender ReceiverSEQ = 1 Initiate

transmission[DATA] SEQ = 1

Senderdescheduled

Receiverdescheduled

37

Synchronization

Sender ReceiverSEQ = 1 Initiate

transmission[DATA] SEQ = 1

SEQ = 2

Senderdescheduled

Receiverdescheduled

37

Synchronization

Sender ReceiverSEQ = 1 Initiate

transmission[DATA] SEQ = 1

SEQ = 2

[DATA] SEQ = 2

Senderdescheduled

Receiverdescheduled

37

Synchronization

Sender ReceiverSEQ = 1 Initiate

transmission[DATA] SEQ = 1

SEQ = 2

[DATA] SEQ = 2

[DATA] SEQ = 2

Senderdescheduled

Receiverdescheduled

37

Synchronization

Sender ReceiverSEQ = 1 Initiate

transmission[DATA] SEQ = 1

SEQ = 2

[DATA] SEQ = 2

[DATA] SEQ = 2

SEQ = 3Senderdescheduled

Receiverdescheduled

37

Synchronization

Sender ReceiverSEQ = 1 Initiate

transmission[DATA] SEQ = 1

SEQ = 2

[DATA] SEQ = 2

[DATA] SEQ = 2

SEQ = 3

SEQ = 3

Senderdescheduled

Receiverdescheduled

37

Synchronization

Sender ReceiverSEQ = 1 Initiate

transmission[DATA] SEQ = 1

SEQ = 2

[DATA] SEQ = 2

[DATA] SEQ = 2

SEQ = 3

SEQ = 3

[DATA] SEQ = 3...

Senderdescheduled

Receiverdescheduled

37

Synchronization

Sender ReceiverSEQ = 1 Initiate

transmission[DATA] SEQ = 1

SEQ = 2

[DATA] SEQ = 2

[DATA] SEQ = 2

SEQ = 3

SEQ = 3

[DATA] SEQ = 3...

Senderdescheduled

Receiverdescheduled

Achievement unlockedSynchronized parties

37

Without synchronization

38

Synchronization

39

Synchronization

39

Synchronization

39

Synchronization

39

Synchronization

C S I : C a c h eCovertly Sending Information

39

Challenges

Cross-VM side channelPrime+Probe

Communication channel

JammingAgreement

SynchronizationEDC

Errorcorrection

SSH

40

Challenges

Cross-VM side channelPrime+Probe

Communication channel

JammingAgreement

SynchronizationEDC

Errorcorrection

SSH

40

Error correction

• Substitution errors can be corrected using forward error correction

• We use wide-spread Reed-Solomon codes• Packets made of symbols

• Symbol size: 12 bits (“RS-word”)• Packet size: 4095 symbols (= 2symbol − 1)

• Packet consists of actual message and error correction symbols

41

Error correction

• Substitution errors can be corrected using forward error correction• We use wide-spread Reed-Solomon codes

• Packets made of symbols• Symbol size: 12 bits (“RS-word”)• Packet size: 4095 symbols (= 2symbol − 1)

• Packet consists of actual message and error correction symbols

41

Error correction

• Substitution errors can be corrected using forward error correction• We use wide-spread Reed-Solomon codes• Packets made of symbols

• Symbol size: 12 bits (“RS-word”)• Packet size: 4095 symbols (= 2symbol − 1)

• Packet consists of actual message and error correction symbols

41

Error correction

• Substitution errors can be corrected using forward error correction• We use wide-spread Reed-Solomon codes• Packets made of symbols

• Symbol size: 12 bits (“RS-word”)

• Packet size: 4095 symbols (= 2symbol − 1)

• Packet consists of actual message and error correction symbols

41

Error correction

• Substitution errors can be corrected using forward error correction• We use wide-spread Reed-Solomon codes• Packets made of symbols

• Symbol size: 12 bits (“RS-word”)• Packet size: 4095 symbols (= 2symbol − 1)

• Packet consists of actual message and error correction symbols

41

Error correction

• Substitution errors can be corrected using forward error correction• We use wide-spread Reed-Solomon codes• Packets made of symbols

• Symbol size: 12 bits (“RS-word”)• Packet size: 4095 symbols (= 2symbol − 1)

• Packet consists of actual message and error correction symbols

41

Error correction

RS codes are a simple matrix multiplication

1 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

x00 x01 x02 x03

x10 x11 x12 x13

×

d0

d1

d2

d3

=

d0

d1

d2

d3

c0

c1

42

Error correction

RS codes are a simple matrix multiplication

1 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

x00 x01 x02 x03

x10 x11 x12 x13

×

d0

d1

d2

d3

=

d0

d1

d2

d3

c0

c1

42

Error correction

RS codes are a simple matrix multiplication

1 0 0 0

0 1 0 0

0 0 1 0

0 0 0 1

x00 x01 x02 x03

x10 x11 x12 x13

×

d0

d1

d2

d3

=

d0

d1

d2

d3

c0

c1

42

Error correction

43

Error correction

43

Error correction

43

Error correction

• Better safe than sorry: 10% error-correcting code

• 3686 data symbols and 409 error correction symbols

Data Parity

3686 RS-words 409 RS-words

Data SQN EDC

12 bits 3 bits 4 bits

Data-link layer packet

Physical layer word

Achievement unlockedGetting rid of noise

44

Error correction

• Better safe than sorry: 10% error-correcting code• 3686 data symbols and 409 error correction symbols

Data Parity

3686 RS-words 409 RS-words

Data SQN EDC

12 bits 3 bits 4 bits

Data-link layer packet

Physical layer word

Achievement unlockedGetting rid of noise

44

Error correction

• Better safe than sorry: 10% error-correcting code• 3686 data symbols and 409 error correction symbols

Data Parity

3686 RS-words 409 RS-words

Data SQN EDC

12 bits 3 bits 4 bits

Data-link layer packet

Physical layer word

Achievement unlockedGetting rid of noise

44

Error correction

Comparison of transmission speeds (in kbit/s)

Dial Up

ISDN

GPRS

Amazon EC2 covert channel

EDGE

Native covert channel

3G

56

128

144

362

384

600

1,433

56

45

Error correction

Comparison of transmission speeds (in kbit/s)

Dial Up

ISDN

GPRS

Amazon EC2 covert channel

EDGE

Native covert channel

3G

56

128

144

362

384

600

1,433

56

128

45

Error correction

Comparison of transmission speeds (in kbit/s)

Dial Up

ISDN

GPRS

Amazon EC2 covert channel

EDGE

Native covert channel

3G

56

128

144

362

384

600

1,433

56

128

144

45

Error correction

Comparison of transmission speeds (in kbit/s)

Dial Up

ISDN

GPRS

Amazon EC2 covert channel

EDGE

Native covert channel

3G

56

128

144

362

384

600

1,433

56

128

144

362

45

Error correction

Comparison of transmission speeds (in kbit/s)

Dial Up

ISDN

GPRS

Amazon EC2 covert channel

EDGE

Native covert channel

3G

56

128

144

362

384

600

1,433

56

128

144

362

384

45

Error correction

Comparison of transmission speeds (in kbit/s)

Dial Up

ISDN

GPRS

Amazon EC2 covert channel

EDGE

Native covert channel

3G

56

128

144

362

384

600

1,433

56

128

144

362

384

600

45

Error correction

Comparison of transmission speeds (in kbit/s)

Dial Up

ISDN

GPRS

Amazon EC2 covert channel

EDGE

Native covert channel

3G

56

128

144

362

384

600

1,433

56

128

144

362

384

600

1,433

45

Challenges

Cross-VM side channelPrime+Probe

Communication channel

JammingAgreement

SynchronizationEDC

Errorcorrection

RS-Codes

SSH

46

Challenges

Cross-VM side channelPrime+Probe

Communication channel

JammingAgreement

SynchronizationEDC

Errorcorrection

RS-Codes

SSH

46

SSH

• The covert channel is fast and error free

• We want it to be useful• A remote shell without network access would be really nice...

• Prerequisites: just TCP

47

SSH

• The covert channel is fast and error free• We want it to be useful

• A remote shell without network access would be really nice...

• Prerequisites: just TCP

47

SSH

• The covert channel is fast and error free• We want it to be useful• A remote shell without network access would be really nice...

• Prerequisites: just TCP

47

SSH

• The covert channel is fast and error free• We want it to be useful• A remote shell without network access would be really nice...

• Prerequisites: just TCP

47

SSH

• The covert channel is fast and error free• We want it to be useful• A remote shell without network access would be really nice...

• Prerequisites: just TCP

47

SSH

TCP-over-Cache

Hypervisor

Last Level Cache (LLC)

VM 1 VM 2

Achievement unlockedTCP over anything

48

SSH

TCP-over-Cache

Hypervisor

Last Level Cache (LLC)

VM 1

Covert Channel

Prime+Probe

VM 2

Covert Channel

Prime+Probe

Achievement unlockedTCP over anything

48

SSH

TCP-over-Cache

Hypervisor

Last Level Cache (LLC)

VM 1

Covert Channel

Prime+Probe

File System

VM 2

Covert Channel

Prime+Probe

File System

Achievement unlockedTCP over anything

48

SSH

TCP-over-Cache

Hypervisor

Last Level Cache (LLC)

VM 1

Covert Channel

Prime+Probe

TCP↔File

File System

VM 2

Covert Channel

Prime+Probe

TCP↔File

File System

Achievement unlockedTCP over anything

48

SSH

TCP-over-Cache

Hypervisor

Last Level Cache (LLC)

VM 1

Covert Channel

Prime+Probe

TCP↔File

File System

Socket

VM 2

Covert Channel

Prime+Probe

TCP↔File

File System

Socket

Achievement unlockedTCP over anything

48

SSH

TCP-over-Cache

Hypervisor

Last Level Cache (LLC)

VM 1

Covert Channel

Prime+Probe

TCP↔File

File System

TCP Client(e.g. ssh)

Socket

VM 2

Covert Channel

Prime+Probe

TCP↔File

File System

TCP Server(e.g. sshd)

Socket

Achievement unlockedTCP over anything

48

SSH

TCP-over-Cache

Hypervisor

Last Level Cache (LLC)

VM 1

Covert Channel

Prime+Probe

TCP↔File

File System

TCP Client(e.g. ssh)

Socket

VM 2

Covert Channel

Prime+Probe

TCP↔File

File System

TCP Server(e.g. sshd)

Socket

Achievement unlockedTCP over anything

48

SSH

TCP-over-Cache

Hypervisor

Last Level Cache (LLC)

VM 1

Covert Channel

Prime+Probe

TCP↔File

File System

TCP Client(e.g. ssh)

Socket

VM 2

Covert Channel

Prime+Probe

TCP↔File

File System

TCP Server(e.g. sshd)

SocketAchievement unlockedTCP over anything

48

SSH

SSH between two instances on Amazon EC2

Noise Connection

No noise 3

stress -m 8 on third VM 3

Web server on third VM 3

Web server on all VMs 3

stress -m 1 on server side unstable

Telnet also works with occasional corrupted bytes with stress -m 1

49

SSH

SSH between two instances on Amazon EC2

Noise Connection

No noise 3

stress -m 8 on third VM 3

Web server on third VM 3

Web server on all VMs 3

stress -m 1 on server side unstable

Telnet also works with occasional corrupted bytes with stress -m 1

49

SSH

SSH between two instances on Amazon EC2

Noise Connection

No noise 3

stress -m 8 on third VM 3

Web server on third VM 3

Web server on all VMs 3

stress -m 1 on server side unstable

Telnet also works with occasional corrupted bytes with stress -m 1

49

SSH

SSH between two instances on Amazon EC2

Noise Connection

No noise 3

stress -m 8 on third VM 3

Web server on third VM 3

Web server on all VMs 3

stress -m 1 on server side unstable

Telnet also works with occasional corrupted bytes with stress -m 1

49

SSH

SSH between two instances on Amazon EC2

Noise Connection

No noise 3

stress -m 8 on third VM 3

Web server on third VM 3

Web server on all VMs 3

stress -m 1 on server side unstable

Telnet also works with occasional corrupted bytes with stress -m 1

49

SSH

SSH between two instances on Amazon EC2

Noise Connection

No noise 3

stress -m 8 on third VM 3

Web server on third VM 3

Web server on all VMs 3

stress -m 1 on server side unstable

Telnet also works with occasional corrupted bytes with stress -m 1

49

Challenges

Cross-VM side channelPrime+Probe

Communication channel

JammingAgreement

SynchronizationEDC

Errorcorrection

RS-Codes

SSHTCP Proxy

50

Challenges

Cross-VM side channelPrime+Probe

Communication channel

JammingAgreement

SynchronizationEDC

Errorcorrection

RS-Codes

SSHTCP ProxyAchievement unlocked

Error-free covert channel

50

Conclusion

Black Hat Sound Bytes

Black Hat Sound Bytes.

• Cache covert channels are practical• We can get a noise-free and fast channel, even in the cloud• Noise does not protect against covert channels

51

Try it!

Is my cloud (provider) vulnerable?

https://github.com/IAIK/CJAG 52

Demo

LiveDEMO

53

What you just saw

We extended Amazon’s product portfolio

54

What you just saw

We extended Amazon’s product portfolio

54

What you just saw

We extended Amazon’s product portfolio

54

Hello from the Other Side:SSH over Robust Cache Covert Channels in the Cloud

Michael Schwarz and Manuel WeberMarch 30th, 2017

https://github.com/IAIK/CJAG

55

Bibliography I

References

Boano, Carlo Alberto et al. (2012). “Jag: Reliable and predictable wireless agreement underexternal radio interference”. In: IEEE 33rd Real-Time Systems Symposium (RTSS).

Schwarz, Michael and Anders Fogh (2016). “DRAMA: How your DRAM becomes a security problem”.In: Black Hat Europe 2016.

56