CryptoGraphics (eBook)

An invited speaker at the 2005 RSA Conference, Cryptographers’ Track, Debra Cook is a Ph.D. student in computer science at Columbia University in New York. Her research interests are focused in applied cryptography. She has a B.S. and M.S.E. in mathematical sciences from the Johns Hopkins University and an M.S. in computer science from Columbia. After graduating from Johns Hopkins, she was a senior technical staff member at Bell Labs and AT&T Labs before pursuing her Ph.D. Angelos Keromytis is an Assistant Professor of Computer Science at Columbia University. His research interests include design and analysis of network and cryptographic protocols, software security and reliability, and operating system design. He received his Ph.D. in Computer Science from the University of Pennsylvania, and his B.S. in Computer Science from the University of Crete in Greece.

Contents 6
List of Figures 9
List of Tables 10
Preface 11
Acknowledgments 13
Chapter 1 INTRODUCTION 14
1.2 GPUs 16
1.3 Motivation 16
1.4 Encryption in GPUs 17
1.5 Remotely Keyed CryptoGraphics 18
1.6 Related Issues 18
Chapter 2 GRAPHICAL PROCESSING UNITS 21
2.1 Overview 21
2.2 GPU Architecture 22
2.3 GPUs and General Purpose Programming 27
2.4 APIs 29
2.5 OpenGL and Pixel Processing 30
2.6 Representing Data with Vertices 33
Chapter 3 MOTIVATION 36
3.1 Overview 36
3.2 Accelerating Cryptographic Processing 36
3.2.1 Issue 36
3.2.2 Previous Approaches 37
3.2.3 Summary of the GPU-Based Approach 38
3.3 Malware and Spyware 39
3.3.1 Issue 39
3.3.2 Motivating Applications 39
3.3.3 Other Related Work 41
3.3.4 Summary of the GPU- Based Approach 44
3.4 Side Channel and Differential Fault Analysis 44
Chapter 4 ENCRYPTION IN GPUS 47
4.1 Overview 47
4.2 Feasibility of Asymmetric Key Ciphers 48
4.3 Feasibility of Symmetric Key Ciphers 50
4.4 Modes of Encryption 55
4.5 Example: AES 58
4.5.1 AES Background 58
4.5.2 AES in OpenGL 63
4.5.3 AES Experiments 68
4.5.4 Use of Parallel Processing in Attacks 74
4.6 GPUs and Stream Ciphers 74
4.6.1 Overview 74
4.6.2 Experiments 75
4.7 Conclusions 77
Chapter 5 REMOTELY KEYED CRYPTOGRAPHICS 78
5.1 Overview 78
5.2 Keying of GPUs 78
5.3 Prototype 81
5.3.1 Purpose 81
5.3.2 Architecture 81
5.3.3 Implementation 83
5.4 Design Decisions 87
5.4.1 Remote Keying 88
5.4.2 Decryption of Data in the GPU 89
5.6 Conclusions 96
Chapter 6 RELATED ISSUES 97
6.1 Overview 97
6.2 Protecting User Input 97
6.3 Keying the GPU 98
6.5 Trusted Platform Module 103
6.6 Data Compression 105
Chapter 7 EXTENSIONS 106
7.1 Overview 106
7.2 Graphics-based Cipher 106
7.3 Encryption within DSPs 108
Chapter 8 CONCLUSIONS 110
8.1 Summary 110
8.2 Suggested Projects 112
Appendix A AES OpenGL Code for Encryption 114
A.1 Overview 114
A.2 Version Using the Red Pixel Component and the Back Buffer 114
A.3 Version Using the RGB Pixel Components and the Front Buffer 123
References 137
About the Authors 143
Index 144

Chapter 6
RELATED ISSUES (p. 88-89)

6.1 Overview

In this chapter, topics related to the architecture and prototype presented in Chapter 5 are discussed. The architecture described in Chapter 5 focuses on securing images sent to an untrusted chent. A complete system must also address the protection of user input on the client that is sent to the server and the protection of audio sent to the client. In addition, an alternative method for keying the GPU is provided. The architecture's susceptibility to man-in-the-middle attacks and phishing attacks is evaluated. The concept of executing cryptographic operations within a GPU can be used in conjunction with the trusted platform module (TPM) defined by the Trusted Computing Group (TCG). An overview of the TPM is provided and how the prototype can utilize the TPM is described. Another issue is where data compression is performed. Compression is unrelated to attacks against the client, but is impacted by moving encryption and decryption into the GPU.

6.2 Protecting User Input

The user responses on the untrusted client pose an interesting problem in that they require preventing input from the keyboard and mouse from being available to the untrusted operating system. One potential solution is to encrypt the keyboard inputs inside the keyboard itself (e.g., on the keyboard's USB controller). This requires a trusted keyboard, which is possible by using a portable folding keyboard that connects to USB port, such as those available for several PDA devices. The mouse may be directly connected to the keyboard (e.g., a TrackPoint device, as is common with laptops), or input may only be taken from the keyboard. A pin can be used as the key to the cipher used for encrypting the inputs. The pin can be of sufficient length to thwart a brute force attack. The server may either choose a pin for the user, displaying it securely to the user via GPU-based decryption, or have the user select a pin from a keypad displayed on the GPU.

If the server selects the pin for use in the keyboard, the server merely sends the pin as an encrypted image to the client's GPU where it is decrypted and presented to the user who then enters it into the keyboard. The pin can be a relatively small, unpredictable area of the image. An attacker or malware attempting to modify the pin will at best have access to the encrypted image. Other possibilities include the use of graphical passwords [20,83] and shouldersurfing- resistant PIN-entry methods [69]. Another option for conveying user input to an application on an untrusted client is the method described in [48] in which a trusted channel between a PDA (a cell phone) and the application requiring the input is used. The user's PDA provides a trusted device by which the user enters input.

Graphically displayed keypads are used on some websites to allow a user to enter a pin to access his or her account by selecting values via mouse clicks. In some implementations the ordering of the values on the keypad change after each mouse click. Variations of such displays can be used to set the pin for the keyboard and to provide a secret key to the GPU for use in a symmetric key cipher.

The user can select a pin if the server displays a keypad to the user via the client's GPU. The keypad is sent encrypted from the server to the GPU where it is decrypted and displayed to the user. Then the user selects characters from the keypad by clicking on or entering a series of squares from the keypad, with the coordinates of the selections sent to the server. Even though the client's operating system can see the coordinates of the user's selections (since the keyboard and mouse inputs are not yet encrypted), it does not have access to the unencrypted keypad, making this information useless to an attacker. To avoid guessing attacks based on the relative locations of the mouse pointer, the keypad configuration is changed every time a digit is selected as shown in Figure 6.1. The keypad can be spread across the display with each digit displayed in an arbitrary location determined by the server as shown on the right side of Figure 6.1 instead of in the traditional rectangle form. If an attacker or malware on the client attempts to alter the coordinates sent to the server, the altered values may not correspond to valid positions on the keypad. Minimizing the area of the display corresponding to digits will decrease the probability that malware can select coordinates that correspond to digits.