research-article

Public Access

Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations

Authors:

Dmitry Evtyushkin,

Dmitry PonomarevAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 843 - 857

https://doi.org/10.1145/2976749.2978374

Published: 24 October 2016 Publication History

Abstract

Covert channels present serious security threat because they allow secret communication between two malicious processes even if the system inhibits direct communication. We describe, implement and quantify a new covert channel through shared hardware random number generation (RNG) module that is available on modern processors. We demonstrate that a reliable, high-capacity and low-error covert channel can be created through the RNG module that works across CPU cores and across virtual machines. We quantify the capacity of the RNG channel under different settings and show that transmission rates in the range of 7-200 kbit/s can be achieved depending on a particular system used for transmission, assumptions, and the load level. Finally, we describe challenges in mitigating the RNG channel, and propose several mitigation approaches both in software and hardware.

References

[1]

AMD. AMD64 architecture programmer's manual volume 2: System programming, 2016.

[2]

Bartolini, D. B., Miedl, P., and Thiele, L. On the capacity of thermal covert channels in multicores. In Proceedings of the Eleventh European Conference on Computer Systems (2016), ACM, p. 24.

Digital Library

[3]

Bello, L. DSA-1571--1 OpenSSL Predictable random number generator, 2008. Debian Security Advisory.

[4]

Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., and Srinivasan, D. TVDc: managing security in the trusted virtual datacenter. ACM SIGOPS Operating Systems Review 42, 1 (2008), 40--47.

Digital Library

[5]

Bucci, M., Germani, L., Luzzi, R., Trifiletti, A., and Varanonuovo, M. A high-speed oscillator-based truly random number source for cryptographic applications on a smart card ic. Computers, IEEE Transactions on 52, 4 (2003), 403--409.

Digital Library

[6]

Burdonov, I., Kosachev, A., and Iakovenko, P. Virtualization-based separation of privilege: working with sensitive data in untrusted environment. In Proceedings of the 1st EuroSys Workshop on Virtualization Technology for Dependable Systems (2009), ACM, pp. 1--6.

Digital Library

[7]

Chen, J., and Venkataramani, G. CC-hunter: Uncovering covert timing channels on shared processor hardware. In Intl. Symp. on Microarchitecture (2014), IEEE Computer Society, pp. 216--228.

Digital Library

[8]

Demchik, V. Pseudo-random number generators for monte carlo simulations on ati graphics processing units. Computer Physics Communications 182, 3 (2011), 692--705.

[9]

Dorrendorf, L., Gutterman, Z., and Pinkas, B. Cryptanalysis of the random number generator of the windows operating system. ACM Transactions on Information and System Security (TISSEC) 13, 1 (2009), 10.

Digital Library

[10]

Evtyushkin, D., Elwell, J., Ozsoy, M., Ponomarev, D., Abu-Ghazaleh, N., and Riley, R. Iso-x: A flexible architecture for hardware-managed isolated execution. In Microarchitecture (MICRO), 2014 47th Annual IEEE/ACM International Symposium on (2014), IEEE, pp. 190--202.

Digital Library

[11]

Evtyushkin, D., Elwell, J., Ozsoy, M., Ponomarev, D., Ghazaleh, N. A., and Riley, R. Flexible hardware-managed isolated execution: Architecture, software support and applications. IEEE Transactions on Dependable and Secure Computing (TDSC) (2016).

[12]

Evtyushkin, D., Ponomarev, D., and Abu-Ghazaleh, N. Covert channels through branch predictors: a feasibility study. In Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy (HASP) (2015), ACM, p. 5.

Digital Library

[13]

Evtyushkin, D., Ponomarev, D., and Abu-Ghazaleh, N. Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR. In Microarchitecture (MICRO), 2016 49th International Symposium on (2016).

[14]

Evtyushkin, D., Ponomarev, D., and Abu-Ghazaleh, N. Understanding and mitigating covert channels through branch predictors. ACM Transactions on Architecture and Code Optimization (TACO) 13, 1 (2016), 10.

Digital Library

[15]

Felt, A. P., Chin, E., Hanna, S., Song, D., and Wagner, D. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security (2011), ACM, pp. 627--638.

Digital Library

[16]

Gruss, D., Maurice, C., Fogh, A., Lipp, M., and Mangard, S. Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. In Proceedings of the 23nd ACM Conference on Computer and Communications Security (CCS) (2016), ACM.

Digital Library

[17]

Gruss, D., Maurice, C., and Wagner, K. Flush+Flush: A stealthier last-level cache attack. In Detection of Intrusions and Malware, and Vulnerability Assessment: 13th International Conference, DIMVA 2016, San Sebastián, Spain, July 7--8, 2016, Proceedings (2016), Springer.

Digital Library

[18]

Guri, M., Monitz, M., Mirski, Y., and Elovici, Y. Bitwhisper: Covert signaling channel between air-gapped computers using thermal manipulations. In Computer Security Foundations Symposium (CSF), 2015 IEEE 28th (2015), IEEE, pp. 276--289.

Digital Library

[19]

Gutmann, P. Software generation of practically strong random numbers. In Usenix Security (1998).

Digital Library

[20]

Hamming, R. W. Error detecting and error correcting codes. Bell System technical journal 29, 2 (1950), 147--160.

[21]

Hu, W.-M. Reducing timing channels with fuzzy time. Journal of computer security 1, 3--4 (1992), 233--254.

Digital Library

[22]

Hunger, C., Kazdagli, M., Rawat, A., Dimakis, A., Vishwanath, S., and Tiwari, M. Understanding contention-based channels and using them for defense. In High Performance Computer Architecture (HPCA), 2015 IEEE 21st International Symposium on (2015), IEEE, pp. 639--650.

[23]

Intel. Digital Random Number Digital Random Number Generator Generator (DRNG) Software Implementation Guide.

[24]

Intel. Intel 64 and ia-32 software developer's manual, volume 3c: System programming guide, part 3.

[25]

Jun, B., and Kocher, P. The intel random number generator. Cryptography Research Inc. white paper (1999).

[26]

Junkins, S. The Compute Architecture of Intel Processor Graphics Gen9.

[27]

Kaplan, D., Kedmi, S., Hay, R., and Dayan, A. Attacking the Linux PRNG on android: weaknesses in seeding of entropic pools and low boot-time entropy. In 8th USENIX Workshop on Offensive Technologies (WOOT 14) (2014).

Digital Library

[28]

Kayaalp, M., Abu-Ghazaleh, N., Ponomarev, D., and Jaleel, A. A high-resolution side-channel attack on last-level cache. In Proceedings of the 53rd Annual Design Automation Conference (2016), ACM, p. 72.

Digital Library

[29]

Koetter, R., and Kschischang, F. R. Coding for errors and erasures in random network coding. Information Theory, IEEE Transactions on 54, 8 (2008), 3579--3591.

Digital Library

[30]

Latham, D. C. Department of defense trusted computer system evaluation criteria. Department of Defense (1986).

[31]

Lenstra, A., Hughes, J. P., Augier, M., Bos, J. W., Kleinjung, T., and Wachter, C. Ron was wrong, whit is right. Tech. rep., IACR, 2012.

[32]

Li, C., Ding, C., and Shen, K. Quantifying the cost of context switch. In Proceedings of the 2007 workshop on Experimental computer science (2007), ACM, p. 2.

Digital Library

[33]

Li, K., Kavcić, A., Venkataramani, R., and Erden, M. F. Channels with both random errors and burst erasures: Capacities, ldpc code thresholds, and code performances. In Information Theory Proceedings (ISIT), 2010 IEEE International Symposium on (2010), IEEE, pp. 699--703.

[34]

Liberty, J. S., Barrera, A., Boerstler, D. W., Chadwick, T. B., Cottier, S. R., Hofstee, H. P., Rosser, J. A., and Tsai, M. L. True hardware random number generation implemented in the 32-nm SOI POWER7+ processor. IBM Journal of Research and Development 57, 6 (2013), 4--1.

Digital Library

[35]

Liu, F., Yarom, Y., Ge, Q., Heiser, G., and Lee, R. B. Last-level cache side-channel attacks are practical. In IEEE Symposium on Security and Privacy (2015), pp. 605--622.

Digital Library

[36]

Martin, R., Demme, J., and Sethumadhavan, S. Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. ACM SIGARCH Computer Architecture News 40, 3 (2012), 118--129.

Digital Library

[37]

Masti, R. J., Rai, D., Ranganathan, A., Müller, C., Thiele, L., and Capkun, S. Thermal covert channels on multi-core platforms. In 24th USENIX Security Symposium (USENIX Security 15) (2015), pp. 865--880.

Digital Library

[38]

Maurice, C., Neumann, C., Heen, O., and Francillon, A. C5: cross-cores cache covert channel. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2015, pp. 46--64.

Digital Library

[39]

McKeen, F., Alexandrovich, I., Berenzon, A., C.Rozas, Shafi, H., Shanbhogue, V., and Svagaonkar, U. Innovative instructions and software model for isolated execution. In Wkshp. on Hardware and Architectural Support for Security and Privacy, with ISCA'13 (2013).

Digital Library

[40]

Moser, S. M. Error probability analysis of binary asymmetric channels. Dept. El. & Comp. Eng., Nat. Chiao Tung Univ (2009).

[41]

Mundada, Y., Ramachandran, A., and Feamster, N. Silverline: Data and network isolation for cloud services. In HotCloud (2011).

Digital Library

[42]

Naghibijouybari, H., and Abu-Ghazaleh, N. Covert Channels on GPGPUs. Computer Architecture Letters (2016).

[43]

Pessl, P., Gruss, D., Maurice, C., Schwarz, M., and Mangard, S. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In 25th USENIX Security Symposium (USENIX Security 16) (Austin, TX, 2016), USENIX Association, pp. 565--581.

[44]

Sailer, R., Valdez, E., Jaeger, T., Perez, R., Van Doorn, L., Griffin, J. L., Berger, S., Sailer, R., Valdez, E., Jaeger, T., et al. sHype: Secure hypervisor approach to trusted virtualized systems. Techn. Rep. RC23511 (2005).

[45]

Schneider, F. B. Least privilege and more. In Computer Systems. Springer, 2004, pp. 253--258.

[46]

Sigoure, B. How long does it take to make a context switch, 2010.

[47]

Son, S. H., Mukkamala, R., and David, R. Integrating security and real-time requirements using covert channel capacity. Knowledge and Data Engineering, IEEE Transactions on 12, 6 (2000), 865--879.

Digital Library

[48]

Stone, J. E., Gohara, D., and Shi, G. OpenCL: A parallel programming standard for heterogeneous computing systems. Computing in science & engineering 12, 1--3 (2010), 66--73.

Digital Library

[49]

Sunar, B., Martin, W. J., and Stinson, D. R. A provably secure true random number generator with built-in tolerance to active attacks. Computers, IEEE Transactions on 56, 1 (2007), 109--119.

Digital Library

[50]

Vattikonda, B. C., Das, S., and Shacham, H. Eliminating fine grained timers in xen. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (2011), ACM, pp. 41--46.

Digital Library

[51]

Wang, Y., Ferraiuolo, A., and Suh, G. E. Timing channel protection for a shared memory controller. In High Performance Computer Architecture (HPCA), 2014 IEEE 20th International Symposium on (2014), IEEE, pp. 225--236.

[52]

Wang, Z., and Lee, R. Covert and side channels due to processor architecture. In Annual Computer Security Applications Conference (2006), IEEE.

Digital Library

[53]

Wicker, S. B., and Bhargava, V. K. Reed-Solomon codes and their applications. John Wiley & Sons, 1999.

[54]

Wu, Z., Xu, Z., and Wang, H. Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12) (2012), pp. 159--173.

Digital Library

[55]

Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., and Schlichting, R. An exploration of l2 cache covert channels in virtualized environments. In Proceedings of the 3rd ACM workshop on Cloud computing security workshop (2011), ACM, pp. 29--40.

Digital Library

[56]

Xu, Y., Cui, W., and Peinado, M. Controlled-channel attacks: Deterministic side channels for untrusted operating systems.

[57]

Zhang, Y., Juels, A., Oprea, A., and Reiter, M. K. Homealone: Co-residency detection in the cloud via side-channel analysis. In Proc. 2011 IEEE Symposium on Security and Privacy (S&P) (2011), pp. 313--328.

Digital Library

Cited By

Yuan JZhang JQiu PWei XLiu D(2024)A Survey of of Side-Channel Attacks and Mitigation for Processor InterconnectsApplied Sciences10.3390/app1415669914:15(6699)Online publication date: 31-Jul-2024
https://doi.org/10.3390/app14156699
Zhao ZMorrison AFletcher CTorrellas JTsafrir DMUSUVATHI MGupta RAbu-Ghazaleh N(2024)Everywhere All at Once: Co-Location Attacks on Public Cloud FaaSProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3617232.3624867(133-149)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3617232.3624867
Dinesh SParthasarathy MFletcher C(2024)ConjunCT: Learning Inductive Invariants to Prove Unbounded Instruction Safety Against Microarchitectural Timing Attacks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00180(3735-3753)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00180
Show More Cited By

Index Terms

Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Design of a Random Number Generator from Fingerprint
ICCIS '10: Proceedings of the 2010 International Conference on Computational and Information Sciences

Security of a cryptographic system depends much on the randomness of random number used in the system. In this paper, a true random number generator based on the data of fingerprint (FPTRNG) is designed which extracts the random information from image ...
A Random Number Generator Based on Electronic Noise and the Xorshift Algorithm
ICNCC '18: Proceedings of the 2018 VII International Conference on Network, Communication and Computing

This paper introduces a random number generator (RNG) based on the avalanche noise of two diodes. A true random number generator (TRNG) generates true random numbers with the use of the electronic noise produced by two avalanche diodes. The amplified ...
An Enhanced Hardware-based Hybrid Random Number Generator for Cryptosystem
ICIME '09: Proceedings of the 2009 International Conference on Information Management and Engineering

In this paper, an enhanced and provably secure hybrid random number generator (Hybrid RNG) for generating the cryptographic keys in a cryptosystem is designed. These keys are the most crucial component in this system as the security of the most ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

38
Total Citations
View Citations
1,455
Total Downloads

Downloads (Last 12 months)175
Downloads (Last 6 weeks)19

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yuan JZhang JQiu PWei XLiu D(2024)A Survey of of Side-Channel Attacks and Mitigation for Processor InterconnectsApplied Sciences10.3390/app1415669914:15(6699)Online publication date: 31-Jul-2024
https://doi.org/10.3390/app14156699
Zhao ZMorrison AFletcher CTorrellas JTsafrir DMUSUVATHI MGupta RAbu-Ghazaleh N(2024)Everywhere All at Once: Co-Location Attacks on Public Cloud FaaSProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3617232.3624867(133-149)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3617232.3624867
Dinesh SParthasarathy MFletcher C(2024)ConjunCT: Learning Inductive Invariants to Prove Unbounded Instruction Safety Against Microarchitectural Timing Attacks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00180(3735-3753)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00180
Alam SXiao JEisty N(2024)Exploiting CPU Clock Modulation for Covert Communication Channel2024 IEEE/ACIS 22nd International Conference on Software Engineering Research, Management and Applications (SERA)10.1109/SERA61261.2024.10685636(153-158)Online publication date: 30-May-2024
https://doi.org/10.1109/SERA61261.2024.10685636
Zhang RKim TWeber DSchwarz MCalandrino JTroncoso C(2023)(M)WAIT for itProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620644(7267-7284)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620644
Schwarzl MBorrello PSaileshwar GMüller HSchwarz MGruss D(2023)Practical Timing Side-Channel Attacks on Memory Compression2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179297(1186-1203)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179297
Wang CChen RGu L(2023)Improving Performance of Virtual Machine Covert Timing Channel Through Optimized Run-Length EncodingJournal of Computer Science and Technology10.1007/s11390-021-1189-z38:4(793-806)Online publication date: 31-Jul-2023
https://doi.org/10.1007/s11390-021-1189-z
Zou CGao YXue J(2022)Practical Software-Based Shadow Stacks on x86-64ACM Transactions on Architecture and Code Optimization10.1145/355697719:4(1-26)Online publication date: 7-Oct-2022
https://dl.acm.org/doi/10.1145/3556977
Shen JZhang HGeng YLi JWang JXu MYin HStavrou ACremers CShi E(2022)GringottsProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560629(2627-2641)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560629
Naghibijouybari HKoruyeh EAbu-Ghazaleh N(2022)Microarchitectural Attacks in Heterogeneous Systems: A SurveyACM Computing Surveys10.1145/354410255:7(1-40)Online publication date: 15-Dec-2022
https://dl.acm.org/doi/10.1145/3544102
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents