Secrets Security hardware CS2107 Introduction to Information and System Security (Slide set 8) Hugh Anderson National University of Singapore School of Computing October, 2016 Hugh Anderson CS2107 Introduction to Information and System Security (Slid
43
Embed
CS2107 Introduction to Information and System Security ...hugh/presentations/cs2107/lect8/foils8a.pdf · Secrets Security hardware Outline 1 Secrets NSA and PRNGs and large primes
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SecretsSecurity hardware
CS2107 Introduction to Information andSystem Security
(Slide set 8)
Hugh Anderson
National University of SingaporeSchool of Computing
October, 2016
Hugh Anderson CS2107 Introduction to Information and System Security (Slide set 8)
Hardware...
1959
2009
SecretsSecurity hardware
Outline
1 SecretsNSA and PRNGs and large primesData and AlgorithmsHiding secrets
Hugh Anderson CS2107 Introduction to Information and System Security (Slide set 8)
It seems we cannot trust the gummint
Who knew?In 2013, newly released US documents described a US $250 million/yearprogram designed to “make [systems] exploitable” by inserting vulnerabilities,collecting target network data, and influencing policies, standards andspecifications for commercial public key technologies. The targets includedprotocols for “TLS/SSL, https (e.g. webmail), SSH, encrypted chat, VPNs andencrypted VOIP.”
This explained the background behind well known weaknesses invarious NIST and ISO standards used for TLS.
What was NSA’s role?Through an association with RSA, NSA engineered at least one backdoor insecurity standards. In particular a pseudo random number generator(PRNG).The exploit allowed someone (presumably NSA) to predict the future streamof bits from a PRNG, given some of the past bits.
Pseudo Random Number Generators
Three main applications:There are three main applications of a PRNG in cryptography.
1 Generate an IV (An initial vector). We saw the use of IVs in foils4, wherean initial vector is used in CBC and CFB modes for encryption engines.
2 Generating a large random number, for finding a large prime number(i.e. an algorithm might be generate the number and then check if it isprime). Why would we want large prime numbers? Answer: They areused in asymmetric schemes - see next slides.
3 Generating an apparently random stream of bits for use in a streamcipher.
Why large primes? DH key agreement
The discrete logarithm problem (one-way function):easy to calculate n = gk mod p given g, k and p, (p is a prime)
hard to calculate k in the same equation, given g, n and p.
Two separated users create and share a secret key. A thirdparty is not realistically able to calculate the shared key.
g mod pa
g mod pb
g mod pg mod p
p,g,a
a
b
p,g
g mod pb
g mod pa
p,g,b
Alice Bob
Ted
After exchange, knowledge is different
Only Alice knows $a$, only Bob knows $b$...
Ted
Bob
a
g,pag mod p, g mod pb
g mod p, g mod p
g mod p, g mod p
g,p
g,p
a
a
b
b
bAlice
Diffie-Hellman key agreement
So what does each party do?Both Alice and Bob can now calculate the value gab mod p.
1 Alice calculates (gb mod p)a mod p = (gb)a mod p.2 Bob calculates (ga mod p)b mod p = (ga)b mod p.
Shared key is (gb)a mod p = (ga)b mod p = gab mod p.
Ted has a much more difficult problem.It is difficult to calculate gab mod p without knowing either a or b. Thealgorithmic run-time of the (so-far best) algorithm is exponential.
SecretsSecurity hardware
NSA and PRNGs and large primesData and AlgorithmsHiding secrets
Outline
1 SecretsNSA and PRNGs and large primesData and AlgorithmsHiding secrets
Hugh Anderson CS2107 Introduction to Information and System Security (Slide set 8)
Secrets come in lots of flavours
Not just secret keys...We have seen how secrets can be useful, particularly for keeping keysfor cryptography.
Secrets may also be algorithmic...
An encryption algorithmA particular protocol (sequence of communications).A hashing algorithm.
These secrets are programs, not data. How do we keep these sorts ofsecrets?
Applications running on PCs, phones, ...
Consider the compilation process...
Source Code Executable codeCompile...
Often, the executable is distributed, not the source. RMS points outmany reasons why this is most likely a bad idea.
But, in a security scenario, you may think that by only distributing yourexecutable code, you can hide your source code secrets.
This is a silly idea. You should keep no secrets in source code.
You should not have source code secrets (remember the notion ofopen design), andyou cannot hide things by using compilation.
Why?
Decompilation is reverse of compilation...
Note that really good decompilation may take user input, but itis possible.
Java...
Java decompilation is particularly easy...
Applications...
...are, essentially, an open book...If the platform is sufficiently complex (e.g, Windows, GNU+Linux,Android, Symbian), then it is likely that sources for any application couldbe generated easily, so if you intend to distribute your application toother users, and it relied on some secret in the code, that secret isunsafe.
Of course - you can still have secrets. They must be kept separately.(Do I detect an example of Least common mechanism: Minimize theamount of mechanism common to more than one user and dependedon by all users?)
SecretsSecurity hardware
NSA and PRNGs and large primesData and AlgorithmsHiding secrets
Outline
1 SecretsNSA and PRNGs and large primesData and AlgorithmsHiding secrets
Hugh Anderson CS2107 Introduction to Information and System Security (Slide set 8)
Possible locations for secrets
Disk (file), program, OS, brain...
program
OS
DiskSecret locations
Possible locations for secrets
Disk (file), program, OS, brain...Disk: Data secrets can be kept on disk, but algorithmic secrets needsome sort of processing.
An example of secrets kept on disk: .ssh permissionsNote that when a data secret is kept on disk, then the diskbecomes a target for attack. A non-encrypted disk can beduplicated. An encrypted disk can be duplicated and attackedlater. A hacked OS could be used to steal the secret.
Program: As we just saw, programs are vulnerable if they are shared.
OS: The OS itself could be used to keep an algorithmic or data secret,but since the OS is also shared, such secrets would not last long.
Brain: Unfortunately we are not too good at remembering lots of data,or complex algorithms.
Other locations for secrets
Dongles, smart cards, 2-factor devices...
program
OS
Contact/contactless reader
Secret locations
Even more locations for secrets
Think other smart devices...There are plenty of other systems that contain computers, and havesecurity issues.
Consider the following examples, where the systems are complex(contain computers), the systems are mass produced, and there is adesire for algorithmic and data secrets:
The card in a set-top box.Satellite decoder cards (well - maybe not in Singapore).The SIM card in a phone.
Summary...
There is no such thing as a safe PC...Secrets may be data, or algorithmic.
Complex platforms are unsuitable for hiding secrets - they are open toattacks:
physical (someone breaks open a box and steals a disk containingsecrets), orsoftware based (someone manages to install or otherwise hackeither an application or a whole OS).
A strategy for getting around this is to somehow install the secret on aportable computer system that is harder to attack (more resistant totampering), and possibly, resistant to theft.
Examples of this approach are found everywhere (smart cards,SIM cards...).Such external devices typically contain small computers with smallamounts of memory.
Classes of attackers for security hardware
For tamper-resistant portable devices...Anderson outlines this classification:
Class 1 attackers: Clever outsiders, who may not have detailedknowledge of the inner workings of the systemClass 2 attackers: Insiders, with detailed system knowledge.Class 3 attackers: Governments, the Mafia - who may havemoney and time to burn. May also have strong motivation.
Anderson points out that persistence and cunning are some of thehallmarks of an effective attacker, and that sometimes the class 1attacker can do things that the class 3 attacker failed to do.
We have both invasive and non-invasive attacks:
Invasive: the semiconductor chip is decapsulated, and directattacks made on the circuitry. Some of these attacks requireexpensive equipment.Non-invasive: we manipulate the device without decapsulation.May need only inexpensive equipment.
Types of attacks on security hardware
Subject to change ...Types of attacks:
Side-channel: Use some other property of the device (currentconsumption, time, radiation).Microprobing: Access the chip surface directly, to manipulate thedevice.Software: Use the normal device IO to exploit (software)vulnerabilities in the device.Fault generation: Generate errors to get access.Reverse engineering: Deduce, or re-create the electronic circuit ofthe device.
SecretsSecurity hardware
Smart/SIM cardsMore attack vectors
Outline
1 SecretsNSA and PRNGs and large primesData and AlgorithmsHiding secrets
Hugh Anderson CS2107 Introduction to Information and System Security (Slide set 8)
Typical hardware on a Smart/SIM card
A high-security Smart/SIM card controller
0
PWR (+3V)
CLK
Data IN
GND
1 01 0 1 1
Data OUT
RAM
ROM
IO
BUSSES
CPU
CPU, memory and IO are under the (gold) connector. They are all inone chip, and the components are connected by (internal) busses.
Reader must supply power and a clock to operate the CPU.
Only external signaling is a single line IN and a single line OUT.
Data bits are serialized. 1010011 above might correspond to the byte(hex) 0x53, perhaps corresponding to the ASCII letter S.
Typical hardware on a Smart/SIM card
A high-security Smart/SIM card controllerProcessor is something like an 8/16 bit Hitachi H8 CPU.
Connector has only Power, a clock, and serial I/O dataMemory: 32 kbytes EEPROM, 512 bytes Extra EEPROM, 48kbytes ROM and 3 kbytes RAM.Operates at a maximum of 1-10MHz external clock rate.
Note the important properties of this sort of processor:
Opening the container (card) for the device normally destroys it.Very limited access to the device (normally via a serial port)Slow (Typically run at 1-10 MHz, do instructions at about 100,000per second)Limited RAM (3KB... compared with 4GB on my PC). Memory andvariables not protected in any way.Limited program size (Typically 48KB - A minimum OS normallytakes 10MB)
Fuses: a peculiar security-specific feature
For devices like these...
Blown fuse
The chips come from the factory all the same, and need to beprogrammed. To help do this:
When the devices are manufactured, the memory (PROM) can beread and written from outside using the serial port.Once the device has been uniquely programmed, a fuse is blown.This fuse is just a thinner part of track in the IC, and is blown byproviding too much current.
A blown fuse means no more ( external) reading and writing.
Fuses: Class 3 attacker hack 1: Imaging
Assuming you happen to have some fancy equipmentRecipe: Take a common household IR microscope. And then...
Expose chip using chemical and/or laser cutting (decapsulation).Use chemical etch to expose the ROM mask layout ... and henceinfer the bits stored in the ROM.
Decapsulation Chemical etch, and then just view bits.
Note that as chips get smaller, light gets less useful, leading to electronmicroscopes.
Fuses: Class 3 attacker hack 2: rewiring
Assuming you happen to have some fancy equipmentRecipe: Take a common household electron microscope, a focused ionbeam tool, and various other items. And then...
Expose chip using chemical and/or laser cutting (decapsulation).Re-connect the fuse using deposition or tiny probes.Read the memory using the serial port.
Decapsulation
(Nitric acid...)Discover blown fuse
(May need FIB to
expose layer)
Deposit new material over fuse
Fuses: Class 3 attacker hack 3: probing
If you have microprobes...Recipe: Take a common household electron microscope, a focused ionbeam tool, and various other items. And then...
Expose chip using chemical and/or laser cutting (decapsulation).Expose internal wiring (FIB), and construct landing pads forprobes.Observe internal busses and hence anything about the system.
Decapsulation Expose critical circuitry Connect probes(Use FIB to do surgery on chip,constructing landing pads for probes)
Fuses: Class 1 attacker (the outsider) hack 1
Only a little equipment needed...The outsider does not have electron microscopes or FIB units, or evenNitric acid! Life is tough sometimes.
The outsider notices that when power is first applied, the smart cardoutputs an identification string on the serial OUT line:
Vsn 0.97
The outsider knows that the software is very small, and probably storesstrings like “Vsn 0.97” in 9 bytes of memory, the 8 bytes of the string,terminated by a null (a byte with all zeroes in it’s bits).
The outsider surmises that the code is probably like this:
The instructions executed by the CPU are predictable. After transmittingthe serial character for buf[1]:
The i variable is incremented (inc i)The CPU branches to the beginning of the while loop (bra loop)The value in buf[i] is loaded (ld buf[i])If it is equal to 0, then branch to the end of the loop (beq end)Otherwise transmit the next character...
There is a constant delay between the character and these instructions.
Fuses: Class 1 attacker hack 1: glitch
A "glitch" attack...
Data OUT
PWR (+3V)
CLK
Data IN
GND
Impulse/Glitch
Generator
BUSSES
CPU ROM
RAMIO
By timing a pulse/glitch to occur exactly when the software checks thetest at the beginning of the while loop, (it is always a fixed time after theprevious character), attacker can make the test always succeed.
i.e. buf[i]!=0 will always be TRUE.
A glitch may be a spark, a variation of the power supply, or some otheractivity. Hardware to do this is cheaply available (e.g. in most EE labs).
Fuses: Class 1 attacker hack 1: glitch
A "glitch" attack...If buf[i]!=0 is always TRUE...