Secure Processor Architectures

Research Mentors: Omer Khan and Marten van Dijk

When one outsources computation on one’s private input data, how can one guarantee that the computation environment does not leak any sensitive information? A practical approach to solving this problem for general compute tasks is the development of secure processor architectures, where we assume adversaries not to look inside the working processor and read out individual logical values that are transmitted over the processor wires or stored in its flip-flops: Generally, we assume this to be too costly for an economi- cally motivated adversary or we assume a tamper-sensing and tamper-responding environment that detects such adversaries in which case all sensitive state is cleared. To make this assumption more reasonable, the attack surface of the secure processor should be small: Over the last decade we have seen a development towards secure processors with a smaller and smaller attack surface that can resist more and more powerful adversarial behavior. This trend culminated in our most recent work: Ascend, an architecture that resists an adversary who may run untrusted programs on private input data and who may observe the i/o and power pins. One of its basic tools is an ORAM interface inside the secure processor which guarantees that access patterns to DRAM do not leak any privacy. The ORAM interface randomizes the location of data in DRAM and is inefficient in that many addresses need to be read out in order to obfuscate the reading of a single address. To reduce this potentially huge performance overhead many tricks that regulate data passing between the caches and interface are needed. This leads to a complex design due to the re-architecting of main processor components.

Components for Student Participation

Our idea is to slightly increase the attack surface of secure pro- cessors like Ascend by introducing a trusted interface at the DRAM module itself. We assume an interface that uses randomized encryption (based on AES) to write data in DRAM: on every read, the data is written back using a new random seed. Also, when the secure processor wants to read an address, the processor first uses randomized encryption to encrypt the address before it is transmitted over its I/O pins to the DRAM interface, where the address is decrypted. Adversaries are only allowed to access the DRAM through this in- terface (so, individual cells cannot directly be read out). Randomized encryption of both the data and address is sufficient to obfuscate memory access patterns, so, no ORAM interface is needed. In this project REU students will verify this idea by simulating Ascend’s ORAM interface and simulate the proposed DRAM interface and compare both approaches. As a next step we want to implement both approaches in FPGA logic. Throughout this project REU students learn state-of-the-art secure processor technology.