diff options
Diffstat (limited to 'slides/2019-side-channels')
37 files changed, 896 insertions, 0 deletions
diff --git a/slides/2019-side-channels/README b/slides/2019-side-channels/README new file mode 100644 index 0000000..c1ef746 --- /dev/null +++ b/slides/2019-side-channels/README @@ -0,0 +1 @@ +Guest lecture on side channels / timing attacks. diff --git a/slides/2019-side-channels/beamercolorthemergd.sty b/slides/2019-side-channels/beamercolorthemergd.sty new file mode 100644 index 0000000..74ced1c --- /dev/null +++ b/slides/2019-side-channels/beamercolorthemergd.sty @@ -0,0 +1,24 @@ +\mode<presentation> + +%%% +% Color definitions +%%% +\RequirePackage{xcolor} +\definecolor{rgdGreen}{RGB}{33,114,106} +\definecolor{rgdYellow}{RGB}{255,210,4} +\definecolor{rgdOrange}{RGB}{232,114,12} +\colorlet{rgdGray}{gray!33} +\colorlet{rgdBlack}{black} + +%%% +% Beamer colors +%%% +\setbeamercolor*{titlepage}{fg=rgdBlack} +\setbeamercolor*{author}{fg=rgdGreen} +\setbeamercolor*{date}{fg=black} +\setbeamercolor*{header}{bg=rgdYellow,fg=black} +\setbeamercolor*{trailer}{bg=rgdGray,fg=black} +\setbeamercolor*{item}{fg=rgdGreen} +\setbeamercolor*{alerted text}{fg=rgdGreen} + +\mode<all> diff --git a/slides/2019-side-channels/beamerfontthemergd.sty b/slides/2019-side-channels/beamerfontthemergd.sty new file mode 100644 index 0000000..a6d212c --- /dev/null +++ b/slides/2019-side-channels/beamerfontthemergd.sty @@ -0,0 +1,9 @@ +\mode<presentation> + +\setbeamerfont{title}{size=\large,shape=\bfseries} +\setbeamerfont{subtitle}{size=\normalsize,shape=\bfseries} +\setbeamerfont{frametitle}{size=\large,shape=\bfseries} +\setbeamerfont{institute}{size=\small} +\setbeamerfont{date}{size=\small} + +\mode<all> diff --git a/slides/2019-side-channels/beamerinnerthemergd.sty b/slides/2019-side-channels/beamerinnerthemergd.sty new file mode 100644 index 0000000..4dfd6cf --- /dev/null +++ b/slides/2019-side-channels/beamerinnerthemergd.sty @@ -0,0 +1,49 @@ +\mode<presentation> + +%%% +% Title page +%%% +\defbeamertemplate*{title page}{rgd}[1][]{ + \begin{tikzpicture}[remember picture, overlay] + \usebeamercolor{titlepage} + % Add top-left triangle with university logo + \filldraw[draw=rgdGray,fill=rgdGray] + (current page.north west) -- + (current page.north) -- + node[draw=none,pos=0.5](Logo){\includegraphics[width=3cm]{img/logo}} + (current page.west) -- + (current page.north west); + % Add title + \node[ + text=fg, + text width=0.75\paperwidth, + ] (Title) at ([shift={(0,-0.5cm)}]current page){% + \centering\usebeamerfont{title}\inserttitle\\% + }; + % Add subtitle + \node[ + text=fg, + text width=0.75\paperwidth, + below=0pt of Title, + ] (Subtitle) {% + \centering\usebeamerfont{subtitle}\insertsubtitle\\% + }; + % Add authors + \usebeamercolor{author} + \node[ + text=fg, + text width=0.75\paperwidth, + below=12pt of Subtitle, + ] (Author) {% + \centering\usebeamerfont{author}\insertauthor\\% + }; + % Add date + \node[ + text=fg, + text width=0.75\paperwidth, + below right= 0.25cm and 4.5cm of current page.north, + ](Date) {\today}; + \end{tikzpicture} +} + +\mode<all> diff --git a/slides/2019-side-channels/beamerouterthemergd.sty b/slides/2019-side-channels/beamerouterthemergd.sty new file mode 100644 index 0000000..15501a8 --- /dev/null +++ b/slides/2019-side-channels/beamerouterthemergd.sty @@ -0,0 +1,65 @@ +\mode<presentation> + +%%% +% Frame header +%%% +\defbeamertemplate*{frametitle}{corporate}[1][]{% + \nointerlineskip + % Add frame title + \begin{beamercolorbox}[ + wd=\paperwidth, + ht=3ex, + dp=1.5ex, + left, + leftskip=2ex + ]{header} + \insertframetitle + \end{beamercolorbox} + % Add line after header + \nointerlineskip + \begin{beamercolorbox}[ + wd=\paperwidth, + ht=0.25ex + ]{trailer} + \end{beamercolorbox}% +} + +%%% +% Frame trailer +%%% +\defbeamertemplate*{footline}{corporate}{% + \hbox{% + % Add mail + \begin{beamercolorbox}[ + wd=0.22\paperwidth, + ht=2ex, + dp=0.5ex, + left, + leftskip=2ex + ]{trailer} + \texttt{rasmus.dahlberg@kau.se} + \end{beamercolorbox}% + % Add author + \begin{beamercolorbox}[ + wd=0.73\paperwidth, + ht=2ex, + dp=0.5ex, + left, + leftskip=2ex + ]{header} + \inserttitle--- \insertsubtitle + \end{beamercolorbox}% + % Add page counter + \begin{beamercolorbox}[ + wd=0.05\paperwidth, + ht=2ex, + dp=0.5ex, + right, + rightskip=1ex + ]{header} + \insertframenumber/\inserttotalframenumber + \end{beamercolorbox}% + } +} + +\mode<all> diff --git a/slides/2019-side-channels/beamerthemergd.sty b/slides/2019-side-channels/beamerthemergd.sty new file mode 100644 index 0000000..022ef2c --- /dev/null +++ b/slides/2019-side-channels/beamerthemergd.sty @@ -0,0 +1,23 @@ +\mode<presentation> + +%%% +% Load beamer settings +%%% +\usecolortheme{rgd} +\usefonttheme{rgd} +\useinnertheme{rgd} +\useoutertheme{rgd} + +%%% +% Disable navigation tools on slides +%%% +\setbeamertemplate{navigation symbols}{} + +%%% +% Object styles +%%% +\setbeamertemplate{itemize item}[square] +\setbeamertemplate{itemize subitem}[default] +\setbeamertemplate{sections/subsections in toc}[square] + +\mode<all> diff --git a/slides/2019-side-channels/img/attacker.jpg b/slides/2019-side-channels/img/attacker.jpg Binary files differnew file mode 100644 index 0000000..3a0adec --- /dev/null +++ b/slides/2019-side-channels/img/attacker.jpg diff --git a/slides/2019-side-channels/img/client.png b/slides/2019-side-channels/img/client.png Binary files differnew file mode 100644 index 0000000..f1ad88d --- /dev/null +++ b/slides/2019-side-channels/img/client.png diff --git a/slides/2019-side-channels/img/countermeasure.py b/slides/2019-side-channels/img/countermeasure.py new file mode 100755 index 0000000..dda0868 --- /dev/null +++ b/slides/2019-side-channels/img/countermeasure.py @@ -0,0 +1,18 @@ +#!/usr/bin/python + +def is_equal(s1, s2): + ''' + Returns true if the strings s1 and s2 encode the same information. + ''' + if len(s1) != len(s2): + return False + + result = 0 + for (x,y) in zip(s1,s2): + result |= ord(x) ^ ord(y) + + return result == 0 + +target, strs = "abc", [ "ab", "abc", "abcd", "bbc", "abe" ] +for s in strs: + print("{} == {} ? {}".format(target,s,is_equal(target,s))) diff --git a/slides/2019-side-channels/img/demo.png b/slides/2019-side-channels/img/demo.png Binary files differnew file mode 100644 index 0000000..509c9ad --- /dev/null +++ b/slides/2019-side-channels/img/demo.png diff --git a/slides/2019-side-channels/img/grandpa.png b/slides/2019-side-channels/img/grandpa.png Binary files differnew file mode 100644 index 0000000..1953027 --- /dev/null +++ b/slides/2019-side-channels/img/grandpa.png diff --git a/slides/2019-side-channels/img/isn b/slides/2019-side-channels/img/isn new file mode 100644 index 0000000..4e536b5 --- /dev/null +++ b/slides/2019-side-channels/img/isn @@ -0,0 +1,7 @@ +read(MEM[5]); +read(MEM[5]); +... +raise_exception(); +data = read(MEM[7]); +read(MEM[data]) +... diff --git a/slides/2019-side-channels/img/logo.png b/slides/2019-side-channels/img/logo.png Binary files differnew file mode 100755 index 0000000..0c7c885 --- /dev/null +++ b/slides/2019-side-channels/img/logo.png diff --git a/slides/2019-side-channels/img/meltdown-dump.png b/slides/2019-side-channels/img/meltdown-dump.png Binary files differnew file mode 100644 index 0000000..6ecf2cf --- /dev/null +++ b/slides/2019-side-channels/img/meltdown-dump.png diff --git a/slides/2019-side-channels/img/meltdown-ff.png b/slides/2019-side-channels/img/meltdown-ff.png Binary files differnew file mode 100644 index 0000000..f097f49 --- /dev/null +++ b/slides/2019-side-channels/img/meltdown-ff.png diff --git a/slides/2019-side-channels/img/meltdown-insn.png b/slides/2019-side-channels/img/meltdown-insn.png Binary files differnew file mode 100644 index 0000000..6b3b686 --- /dev/null +++ b/slides/2019-side-channels/img/meltdown-insn.png diff --git a/slides/2019-side-channels/img/meltdown-isn b/slides/2019-side-channels/img/meltdown-isn new file mode 100644 index 0000000..19e9bd5 --- /dev/null +++ b/slides/2019-side-channels/img/meltdown-isn @@ -0,0 +1,3 @@ +data = read(MEM[addr]) +raise_exception(); +read(probe_array[data * 4096]) diff --git a/slides/2019-side-channels/img/meltdown-out-of-order.png b/slides/2019-side-channels/img/meltdown-out-of-order.png Binary files differnew file mode 100644 index 0000000..b941373 --- /dev/null +++ b/slides/2019-side-channels/img/meltdown-out-of-order.png diff --git a/slides/2019-side-channels/img/meltdown-pageload.png b/slides/2019-side-channels/img/meltdown-pageload.png Binary files differnew file mode 100644 index 0000000..1304f32 --- /dev/null +++ b/slides/2019-side-channels/img/meltdown-pageload.png diff --git a/slides/2019-side-channels/img/meltdown.png b/slides/2019-side-channels/img/meltdown.png Binary files differnew file mode 100644 index 0000000..476eada --- /dev/null +++ b/slides/2019-side-channels/img/meltdown.png diff --git a/slides/2019-side-channels/img/memlayout.png b/slides/2019-side-channels/img/memlayout.png Binary files differnew file mode 100644 index 0000000..779f137 --- /dev/null +++ b/slides/2019-side-channels/img/memlayout.png diff --git a/slides/2019-side-channels/img/pandora.jpg b/slides/2019-side-channels/img/pandora.jpg Binary files differnew file mode 100644 index 0000000..b8763ea --- /dev/null +++ b/slides/2019-side-channels/img/pandora.jpg diff --git a/slides/2019-side-channels/img/printersound.png b/slides/2019-side-channels/img/printersound.png Binary files differnew file mode 100644 index 0000000..99e253d --- /dev/null +++ b/slides/2019-side-channels/img/printersound.png diff --git a/slides/2019-side-channels/img/security-door-zoomin.png b/slides/2019-side-channels/img/security-door-zoomin.png Binary files differnew file mode 100644 index 0000000..200de7f --- /dev/null +++ b/slides/2019-side-channels/img/security-door-zoomin.png diff --git a/slides/2019-side-channels/img/security-door-zoomout.png b/slides/2019-side-channels/img/security-door-zoomout.png Binary files differnew file mode 100644 index 0000000..934e998 --- /dev/null +++ b/slides/2019-side-channels/img/security-door-zoomout.png diff --git a/slides/2019-side-channels/img/security-door.png b/slides/2019-side-channels/img/security-door.png Binary files differnew file mode 100644 index 0000000..0a38cec --- /dev/null +++ b/slides/2019-side-channels/img/security-door.png diff --git a/slides/2019-side-channels/img/server.png b/slides/2019-side-channels/img/server.png Binary files differnew file mode 100644 index 0000000..8ca8af3 --- /dev/null +++ b/slides/2019-side-channels/img/server.png diff --git a/slides/2019-side-channels/img/smartcard.png b/slides/2019-side-channels/img/smartcard.png Binary files differnew file mode 100644 index 0000000..d8306cd --- /dev/null +++ b/slides/2019-side-channels/img/smartcard.png diff --git a/slides/2019-side-channels/img/strcmp.py b/slides/2019-side-channels/img/strcmp.py new file mode 100755 index 0000000..89688fc --- /dev/null +++ b/slides/2019-side-channels/img/strcmp.py @@ -0,0 +1,18 @@ +#!/usr/bin/python + +def is_equal(s1, s2): + ''' + Returns true if the strings s1 and s2 encode the same information. + ''' + if len(s1) != len(s2): + return False + + for (x,y) in zip(s1,s2): + if x != y: + return False + + return True + +target, strs = "abc", [ "ab", "abc", "abcd", "bbc", "abe" ] +for s in strs: + print("{} == {} ? {}".format(target,s,is_equal(target,s))) diff --git a/slides/2019-side-channels/img/timeit.png b/slides/2019-side-channels/img/timeit.png Binary files differnew file mode 100644 index 0000000..0ee3c11 --- /dev/null +++ b/slides/2019-side-channels/img/timeit.png diff --git a/slides/2019-side-channels/img/ultrasound.png b/slides/2019-side-channels/img/ultrasound.png Binary files differnew file mode 100644 index 0000000..b0de69e --- /dev/null +++ b/slides/2019-side-channels/img/ultrasound.png diff --git a/slides/2019-side-channels/img/voip.png b/slides/2019-side-channels/img/voip.png Binary files differnew file mode 100644 index 0000000..1c0a912 --- /dev/null +++ b/slides/2019-side-channels/img/voip.png diff --git a/slides/2019-side-channels/main.tex b/slides/2019-side-channels/main.tex new file mode 100644 index 0000000..89521c9 --- /dev/null +++ b/slides/2019-side-channels/main.tex @@ -0,0 +1,26 @@ +\pdfminorversion=4 +%\documentclass[handout,aspectratio=169]{beamer} +\documentclass[aspectratio=169]{beamer} +\usetheme{rgd} + +\input{src/preamble} + +\title{% + Side-channels that break security in practise +} +\subtitle{% +} +\author{% + Rasmus Dahlberg +} +\institute{% + Karlstad University +} +\date{% + \today +} + +\begin{document} + \input{src/titlepage} + \input{src/body} +\end{document} diff --git a/slides/2019-side-channels/slides.pdf b/slides/2019-side-channels/slides.pdf Binary files differnew file mode 100644 index 0000000..6009645 --- /dev/null +++ b/slides/2019-side-channels/slides.pdf diff --git a/slides/2019-side-channels/src/body.tex b/slides/2019-side-channels/src/body.tex new file mode 100644 index 0000000..a2ede47 --- /dev/null +++ b/slides/2019-side-channels/src/body.tex @@ -0,0 +1,536 @@ +\begin{frame} + \mktitle{Learning outcomes} + \begin{columns} + \begin{column}{0.75\textwidth} + \begin{itemize} + \item Understand the threat of side-channels + \item Get an intuition of timing attacks + \end{itemize} + \end{column} + \begin{column}{0.25\textwidth} + \centering + \includegraphics[width=.8\textwidth]{img/meltdown} + \end{column} + \end{columns} + \vfill + \alert{No in-depth programming and cryptographic details} +\end{frame} + +\begin{frame} + \mktitle{Setting and security} + \begin{tikzpicture} + \node[draw=none](server){ + \includegraphics[width=60pt]{img/server} + }; + \node[draw=none,left=100pt of server](client){ + \includegraphics[width=40pt]{img/client} + }; + \path[draw, latex-latex] (client) -- (server); + \end{tikzpicture} +\end{frame} + +\begin{frame} + \mktitle{Security on paper} + \includegraphics[height=.67\textheight]{img/security-door-zoomin} +\end{frame} + +\begin{frame} + \mktitle{Reality --- not a black box} + \includegraphics[height=.67\textheight]{img/security-door-zoomout} +\end{frame} + +\begin{frame} + \mktitle{Side channels --- Pandora's box} + \begin{columns} + \begin{column}{.5\textwidth} + \hfill + \includegraphics[height=.67\textheight]{img/pandora} + \end{column} + \begin{column}{.5\textwidth} + \begin{itemize} + \item Power consumption + \item EM radiation + \item Heat + \item Sound + \item Cache + \item Faults + \item Timing + \item Size + \item ... + % REMINDER@Pandora: ... -> e.g., disk access patterns + \end{itemize} + \end{column} + \end{columns} + % REMINDER@Pandora: sky is the limit, there are lots of things to measure +\end{frame} + +\begin{frame} + \mktitle{Printer sounds --- document content leaked} + \includegraphics[height=.67\textheight]{img/printersound} + \vfill\scriptsize{ + Backes \emph{et~al.}: + Acoustic Side-Channel Attacks on Printers, + In: USENIX Security + (2010) + } +\end{frame} + +\begin{frame} + \mktitle{Laptop sounds --- secret key leaked} + \includegraphics[width=.67\textwidth]{img/ultrasound} + \vfill\scriptsize{ + Genkin \emph{et~al.}: + RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis, + In: Crypto + (2014) + } +\end{frame} + +\begin{frame} + \mktitle{Energy consumption --- secret key leaked} + \includegraphics[width=.67\textwidth]{img/smartcard} + \vfill\scriptsize{ + Messerges \emph{et~al.}: + Power Analysis Attacks of Modular Exponentiation in Smartcards, + In: CHES (1999) + } +\end{frame} + +\begin{frame} + \mktitle{Packet size --- encrypted content leaked} + \includegraphics[height=.67\textheight]{img/voip} + \vfill\scriptsize{ + White \emph{et~al.}: + Phonotactic Reconstruction of Encrypted VoIP Conversations: + Hookt on Fon-iks, + In: IEEE SP + (2011) + } +\end{frame} + +\begin{frame} + \mktitle{Response timing --- message forgery} + \begin{tikzpicture} + \node[draw=none](server){ + \includegraphics[width=60pt]{img/server} + }; + \node[draw=none,left=100pt of server](client){ + \includegraphics[width=40pt]{img/attacker} + }; + \path[draw, -latex] + (client.34) |- + node[draw=none,above,pos=.75]{\texttt{msg, tag}} + (server.155); + \path[draw, -latex] + (server.199) |- + node[draw=none,above,pos=.75]{\texttt{yes/no}} + (client.335); + \end{tikzpicture} + \vfill\scriptsize{ + Crosby \emph{et al.}: + Opportunities and Limits of Remote Timing Attacks, + In: TISSEC + (2009) + }\\ + \scriptsize{ + Hale: + A lesson in timing attacks, + URL: \url{https://codahale.com/a-lesson-in-timing-attacks/} + (2009) + } +\end{frame} + +\begin{frame} + \mktitle{Scope} + \begin{tikzpicture} + \node[draw,rectangle, + minimum width=.6\textwidth, + minimum height=.4\textheight, + fill=gray!33, + ](sc){}; + \node[draw=none,below=0pt of sc.150]{side-channels}; + \node[draw,circle, + minimum width=.15\textwidth, + fill=rgdGreen, + text=white, + ](t){\textbf{timing}}; + \end{tikzpicture} +\end{frame} + +\begin{frame} + \mktitle{Effort to crack this password?} + \begin{tikzpicture}[ + rgddBox/.style = { + draw = black, + minimum width = 20pt, + minimum height = 20pt, + fill = gray!33, + font = \bfseries, + } + ] + \def\rgddBoxData{{z},{f},{T},{B},{s},{v},{g},{O},{e},{t}} + \foreach[count=\i] \x in \rgddBoxData{ + \ifnum\i=1\relax + \node[rgddBox](p\i){\x}; + \else + \pgfmathparse{int(\i-1)} + \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x}; + \fi + \node[draw=none,text=darkRed,above=0pt of p\i]{\i}; + } + %\pause + \foreach[count=\i] \x in \rgddBoxData{ + \node[draw=none,text=darkGreen,below=0pt of p\i]{52}; + } + \end{tikzpicture} + \pause + \vfill + 144555105949057024 + \pause + \vfill + $52^{10}$ combinations and 100M queries/s $\rightarrow$ 46 years + %REMINDER@Password: exponential increase for each character + \pause + \\\includegraphics[height=.2\textheight]{img/grandpa} +\end{frame} + +\begin{frame} + \mktitle{Experiment --- are these strings equal?} + \pause + \texttt{0000000000000000} \floatright{\texttt{9389349108837912}}\\ + \pause + \texttt{0000439513027213} \floatright{\texttt{0000431513027213}}\\ + \pause + \texttt{7485820126271479} \floatright{\texttt{7485820126371479}}\\ +\end{frame} + +\begin{frame} + \mktitle{Comparing strings like a programmer} + \begin{tikzpicture}[ + rgddBox/.style = { + draw = black, + minimum width = 20pt, + minimum height = 20pt, + fill = gray!33, + font = \bfseries, + }, + rgddPopup/.style = { + draw=rgdGreen, + thick, + rectangle, + fill=rgdYellow, + minimum width = \textwidth, + minimum height = 40pt, + }, + ] + \def\rgddBoxData{{7},{4},{8},{5}} + \foreach[count=\i] \x in \rgddBoxData{ + \ifnum\i=1\relax + \node[rgddBox](p\i){\x}; + \else + \pgfmathparse{int(\i-1)} + \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x}; + \fi + } + + \def\rgddBoxData{{7},{4},{0},{2}} + \foreach[count=\i] \x in \rgddBoxData{ + \ifnum\i=1\relax + \node[rgddBox,right=60pt of p4](q\i){\x}; + \else + \pgfmathparse{int(\i-1)} + \node[rgddBox,right=6pt of q\pgfmathresult](q\i){\x}; + \fi + } + + \foreach \i in {1,...,3}{ + \only<\i>{\node[draw=none,below=6pt of p\i]{\lding};} + \only<\i>{\node[draw=none,below=6pt of q\i]{\lding};} + } + + \only<4>{ + \node[rgddPopup] at ($ (p4) !.5! (q4) $) {\Huge no need to continue}; + } + \end{tikzpicture} +\end{frame} + +%\begin{frame} +% \mktitle{Programming 101 --- string comparison} +% \lstinputlisting[style=CStyle,firstline=3,lastline=14]{img/strcmp.py} +%\end{frame} + +\begin{frame} + \mktitle{Timing --- an inutitive note} + \includegraphics[width=\textwidth]{img/timeit} +\end{frame} + +\begin{frame} + \mktitle{Effort to crack this password?} + \begin{tikzpicture}[ + rgddBox/.style = { + draw = black, + minimum width = 20pt, + minimum height = 20pt, + fill = gray!33, + font = \bfseries, + } + ] + \def\rgddBoxData{{z},{f},{T},{B},{s},{v},{g},{O},{e},{t}} + \foreach[count=\i] \x in \rgddBoxData{ + \ifnum\i=1\relax + \node[rgddBox](p\i){\x}; + \else + \pgfmathparse{int(\i-1)} + \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x}; + \fi + \node[draw=none,text=darkRed,above=0pt of p\i]{\i}; + } + \foreach[count=\i] \x in \rgddBoxData{ + \node[draw=none,text=darkGreen,below=0pt of p\i]{52}; + } + \end{tikzpicture} + \vfill + + \pause + \begin{tikzpicture}[ + rgddBox/.style = { + draw = black, + minimum width = 20pt, + minimum height = 20pt, + fill = gray!33, + font = \bfseries, + } + ] + \def\rgddBoxData{{a},{a},{a},{a},{a},{a},{a},{a},{a},{a}} + \foreach[count=\i] \x in \rgddBoxData{ + \ifnum\i=1\relax + \node[rgddBox](q\i){\x}; + \else + \pgfmathparse{int(\i-1)} + \node[rgddBox,right=6pt of q\pgfmathresult](q\i){\x}; + \fi + + } + + \def\rgddBoxData{{z},{f},{T},{B},{s},{v},{g},{O},{e},{t}} + \foreach[count=\i] \x in \rgddBoxData{ + \ifnum\i<5\pause\fi + \ifnum\i=1\relax + \node[rgddBox, text=darkOrange](q\i){\x}; + \else + \pgfmathparse{int(\i-1)} + \node[rgddBox, text=darkOrange, right=6pt of q\pgfmathresult](q\i){\x}; + \fi + } + \end{tikzpicture} + %$52*10$ tries $\rightarrow$ ``negl'' time + %REMINDER@Password: linear increase for each character +\end{frame} + +\begin{frame} + \mktitle{Demo --- Experimental setup} + + \begin{tikzpicture} + \node[draw=none](server){ + \includegraphics[width=60pt]{img/server} + }; + \node[draw=none,left=100pt of server](client){ + \includegraphics[width=40pt]{img/attacker} + }; + \path[draw, -latex] + (client.34) |- + node[draw=none,above,pos=.75]{\texttt{msg, tag}} + (server.155); + \path[draw, -latex] + (server.199) |- + node[draw=none,above,pos=.75]{\texttt{yes/no}} + (client.335); + \path[draw,-latex] + (server) edge[loop right] + node[draw=none,pos=.7,below]{ + \begin{tabular}{c} + byte-by-byte cmp\\ + with $\approx$ms sleep + \end{tabular} + } + (); + + \end{tikzpicture} + \vfill\url{https://github.com/rgdd/timing-server} +\end{frame} + +\begin{frame} + \mktitle{Can you recommend another demo? Asking for a friend} + \includegraphics[height=.67\textheight]{img/demo} + \url{https://www.youtube.com/watch?v=2-zQp26nbY8} +\end{frame} + +\begin{frame} + \mktitle{Countermeasure -- constant time compare} + \begin{tikzpicture}[ + rgddBox/.style = { + draw = black, + minimum width = 20pt, + minimum height = 20pt, + fill = gray!33, + font = \bfseries, + }, + rgddPopup/.style = { + draw=rgdGreen, + thick, + rectangle, + fill=rgdYellow, + minimum width = \textwidth, + minimum height = 40pt, + }, + ] + \def\rgddBoxData{{7},{4},{8},{5}} + \foreach[count=\i] \x in \rgddBoxData{ + \ifnum\i=1\relax + \node[rgddBox](p\i){\x}; + \else + \pgfmathparse{int(\i-1)} + \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x}; + \fi + } + + \def\rgddBoxData{{7},{4},{0},{2}} + \foreach[count=\i] \x in \rgddBoxData{ + \ifnum\i=1\relax + \node[rgddBox,right=60pt of p4](q\i){\x}; + \else + \pgfmathparse{int(\i-1)} + \node[rgddBox,right=6pt of q\pgfmathresult](q\i){\x}; + \fi + } + + \foreach \i in {1,...,4}{ + \only<\i>{\node[draw=none,below=6pt of p\i]{\lding};} + \only<\i>{\node[draw=none,below=6pt of q\i]{\lding};} + } + \end{tikzpicture} +\end{frame} + +%\begin{frame} +% \mktitle{Countermeasure --- constant time compare} +% \lstinputlisting[style=CStyle,firstline=3,lastline=14]{img/countermeasure.py} +%\end{frame} + +\begin{frame} + \mktitle{Lessons learned} + \centering + + \textbf{Adversarial input?} + Think twice before using standard equality operators + + \vfill + \textbf{Cryptography in code?} Stick to cryptographic libraries, hope for + the best +\end{frame} + +\begin{frame} + \mktitle{Meltdown} + \includegraphics[height=.67\textheight]{img/meltdown} + \vfill\scriptsize{ + Lipp \emph{et~al.}: + Meltdown, + In: CoRR abs/1801.01207 + (2018) + } +\end{frame} + +\begin{frame} + \mktitle{Preliminaries --- per-process virtual memory layout} + \includegraphics[width=.67\textwidth]{img/memlayout} + \vfill + \begin{tikzpicture} + \Tree [ + .{page table} [ + .{\textcolor{darkBlue}{address translation}} + ] [ + .{\textcolor{darkGreen}{privelege checks}} + ] + ] + \end{tikzpicture} +\end{frame} + +\begin{frame} + \mktitle{Preliminaries --- caching and out-of-order execution} + \begin{tikzpicture}[ + rgddBox/.style = { + draw = black, + minimum width = 20pt, + minimum height = 20pt, + fill = gray!33, + font = \bfseries, + } + ] + \def\rgddBoxData{{},{},{},{},{},{},{},{},{}} + \foreach[count=\i] \x in \rgddBoxData{ + \ifnum\i=1\relax + \node[rgddBox](p\i){\x}; + \else + \pgfmathparse{int(\i-1)} + \node[rgddBox,right=6pt of p\pgfmathresult](p\i){\x}; + \fi + \node[draw=none,text=darkRed,above=0pt of p\i]{\i}; + + } + + % First access + \node[draw=none,below=of p3,font=\rmfamily](call1){% + \texttt{access}($\mathsf{MEM}[5]$) + }; + \path[draw, -latex] + (call1) -- + node[draw=none,sloped,above,font=\scriptsize]{slow} + (p5.248); + + % Second access + \node[draw=none,below=of p7,font=\rmfamily](call2){% + \texttt{access}($\mathsf{MEM}[5]$) + }; + \path[draw, -latex] + (call2) -- + node[draw=none,sloped,above,font=\scriptsize]{fast} + (p5.292); + \end{tikzpicture} + + \pause + \begin{columns} + \begin{column}{.29\textwidth} + \lstinputlisting[style=CStyle]{img/isn} + \end{column} + + \begin{column}{.49\textwidth} + \includegraphics[width=\textwidth]{img/meltdown-out-of-order} + \end{column} + \end{columns} +\end{frame} + +\begin{frame} + \mktitle{Ooops --- leaked privileged memory?} + \begin{columns} + \begin{column}{.45\textwidth} + \lstinputlisting[style=CStyle]{img/meltdown-isn} + \end{column} + \end{columns} + \pause + \vfill + \includegraphics[width=.67\textwidth]{img/meltdown-pageload} +\end{frame} + +\begin{frame} + \mktitle{Proof of concept} + \hfill + \includegraphics[height=.5\textheight]{img/meltdown-dump} + \hfill + \includegraphics[height=.5\textheight]{img/meltdown-ff} + \hfill +\end{frame} + +\begin{frame} + \vfill\centering\Large\textbf{ + That's it --- questions? + }\vfill +\end{frame} diff --git a/slides/2019-side-channels/src/preamble.tex b/slides/2019-side-channels/src/preamble.tex new file mode 100644 index 0000000..56ed3df --- /dev/null +++ b/slides/2019-side-channels/src/preamble.tex @@ -0,0 +1,114 @@ +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Packages % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\usepackage[utf8]{inputenc} +\usepackage[swedish]{babel} + +\usepackage[ + lambda, advantage, operators, sets, adversary, landau, probability, notions, + logic, ff, mm, primitives, events, complexity, asymptotics, keys +]{cryptocode} + +\usepackage{rotate} +\usepackage{graphicx} +\usepackage{mathtools} +\usepackage{amsmath} +\usepackage{amssymb} +\usepackage{flowchart} +\usepackage{smartdiagram} +\usepackage{pifont} +\usepackage{wasysym} +\usepackage{graphicx} +\usepackage{color} +\usepackage{drawstack} +\usepackage{tikz} +\usepackage{tikz-qtree} +\usetikzlibrary{ + arrows,% + decorations.markings,% + backgrounds,% + calc,% + fit,% + positioning,% + shapes.misc,% + shadows,% + shapes.arrows,% + shapes,% + snakes,% +} +\usepackage{booktabs} +\usepackage{smartdiagram} +%\usepackage{floatrow}% this one causes error on arch for some reason +\usepackage[position=bottom]{subfig} % environment for nested figures + +\usepackage{xcolor} +\definecolor{darkGreen}{HTML}{008000} +\definecolor{darkBlue}{HTML}{2809B2} +\definecolor{darkRed}{HTML}{CC0000} +\definecolor{darkGray}{HTML}{808080} +\definecolor{darkOrange}{HTML}{D77D00} +\definecolor{darkPurple}{HTML}{800080} +\colorlet{lightGray}{gray!33} +\colorlet{lightYellow}{yellow!50} +\definecolor{darkGreen}{HTML}{008000} +\definecolor{darkBlue}{HTML}{2809B2} +\definecolor{darkRed}{HTML}{CC0000} + +\usepackage{hyperref} +\hypersetup{ + colorlinks = true, % Color links instead of boxes + urlcolor = darkBlue, % Color external hyper links + linkcolor = darkBlue, % Color internal links + citecolor = darkBlue, % Color citations +} + +% Figures, tables and code +\usepackage{booktabs} +\usepackage{colortbl} +\usepackage{flowchart} +\usepackage{adjustbox} +\usepackage{listings} + +\lstdefinestyle{CStyle}{ + backgroundcolor=\color{lightGray!25}, + commentstyle=\color{darkGreen}, + keywordstyle=\color{darkBlue}, + numberstyle=\tiny\color{darkRed}, + stringstyle=\color{darkPurple}, + basicstyle=\footnotesize, + breakatwhitespace=false, + breaklines=false, + captionpos=b, + keepspaces=true, + numbers=left, + numbersep=5pt, + showspaces=false, + showstringspaces=false, + showtabs=false, + tabsize=2, + language=C, + morekeywords={size_t,def,in,zip,True,False,ord}, +} + +\setbeamertemplate{itemize item}[circle] +\setbeamertemplate{itemize subitem}[default] +\setbeamertemplate{caption}[numbered] + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Defines % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\makeatletter +\let\@@magyar@captionfix\relax %needed for \titlefloatright +\makeatother + +\newcommand{\tyes}{\textcolor{darkGreen}{\ding{51}}} +\newcommand{\tno}{\textcolor{darkRed}{\ding{55}}} +\newcommand{\burl}[1]{\tiny{\url{#1}}} +\newcommand{\TODO}[1]{\textcolor{red}{TODO}: #1} +\newcommand{\floatright}[1]{\hspace{0pt plus 1 filll}#1$\;$} + +\def\rding{\rotatebox[origin=c]{-91}{\ding{224}}} +\def\lding{\rotatebox[origin=c]{91}{\ding{224}}} + +% TODO: fix this properly... +\newcommand{\mktitle}[1]{\centering\textbf{\large#1}\vfill\normalsize} diff --git a/slides/2019-side-channels/src/titlepage.tex b/slides/2019-side-channels/src/titlepage.tex new file mode 100644 index 0000000..9b18039 --- /dev/null +++ b/slides/2019-side-channels/src/titlepage.tex @@ -0,0 +1,3 @@ +\begin{frame} + \titlepage +\end{frame} |