• No results found

Side Channels: Hardware or Software threat?

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Side Channels: Hardware or Software threat?"

Copied!
29
0
0

Loading.... (view fulltext now)

Download now ( 29 Page )

Full text

(1)

Side Channels: Hardware

or Software threat?

Job de Haas

Riscure

(2)

Who am I …

Job de Haas

• Principal Security Analyst at Riscure

• Testing security on: Set-top-boxes, mobile phones, smart

cards, payment terminals, ADSL routers, VoIP modems, smart meters, airbag controllers, USB tokens, …

• Before: Pentesting network security (since 1991)

Riscure

• Services: Security Test Lab

• Product: Side Channel Testing Tools

• Full range testing: detailed hardware to white-box crypto and obfuscation

Inf os ec ur it y

(3)

 Side Channel Attacks, what are they?

 State of attacks and hardware testing

 Developments in software testing

(4)

Side channel attacks

Slice of Life: Pizza Orders Soar in D.C. January 16, 1991| Associated Press

SPRINGFIELD, Va. — a quick read on the state of world affairs, one need only look at pizza deliveries to the Pentagon, White House and CIA.

"The news media doesn't always know when something big is going to happen because they're in bed, but our deliverers are out there at 2 in the morning," said Frank Meeks, owner of the 43 Domino's outlets in the Washington area.

Since Jan. 7, late-night deliveries to the Pentagon have increased steadily, from

three to 101 Tuesday night, he said. At the White House, 55 pizzas were delivered

from 10 p.m. Tuesday to 2 a.m. today.

Wikipedia: The initial conflict to expel Iraqi troops from Kuwait began with an aerial bombardment

on 17 January 1991 Inf os ec ur it y

(5)

What are side channels?

(Physical) phenomena

related to a process of interest

Time

Power

consumption

Electro-Magnetic

radiation

Light emission

Temperature

Sound

Inf os ec ur it y

(6)

Inf os ec ur it y

Principle of timing analysis

Process 2 Start

End Decision

(7)

Power consumption PIN entry

Signal leakage from busses, registers, ALUs, etc PIN verification attempts

(8)

But is it for real?

Inf os ec ur it y

(9)

Every payment &

HDTV decoder chip is tested

Configure / Retrieve

Commands /

data Signal +

(10)

Open source project

Kickstarter project (331 backers)

ChipWhisperer

res

tric

(11)

What is under attack?

Key

PIN

Unlock code

Program flow

Crypto protocol

Algorithm

(12)

What to test?

Different industries use certification schemes mandating tests Testing for different channels:

• Timing variations

• Power consumption

• EM emanations

• Photon emissions

But what about software products?

Inf os ec ur it y

(13)

 Side Channel Attacks, what are they?

 History of attacks and hardware testing

Developments in software testing

(14)

Software side channels

Most dominant: Timing Sometimes:

Error responses, counting events, etc.

3 example cases

• Remote web database attack

• Remote AES key attack

• RSA attack in the cloud

Inf os ec ur it y

(15)

Case 1: Web Database Attacks

Black Hat 2007: Timing Attacks for Recovering Private

Entries From Database Engines, Core Security

 Explores a timing effect on database inserts

 Is able to determine existing keys in a database

(16)

Database index B-tree

Inf os ec ur it y

(17)
(18)

Alternative web attacks

2013: Pixel Perfect Timing Attacks with HTML5, Paul Stone

On leaking client side information such as cached content

2014: Time Trial Racing Towards Practical Remote Timing

Attacks, Daniel A. Mayer, Joel Sandin

A tool to investigate remote timing leakages

2015: Web Timing Attacks Made Practical, Timothy D. Morgan, Jason W. Morgan

Improving statistical testing of timing differences

Inf os ec ur it y

(19)
(20)

Case 2: AES Cache Timing Attacks

2005: Cache-timing attacks on AES, Daniel J. Bernstein

 Timing execution of a known implementation with a known key

 Comparing to timing of the same with an unknown key

 The key can be broken

Inf os ec ur it y http://developer.amd.com/

(21)

AES

Inf

(22)

AES SBOX

Inf os ec ur it y http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

(23)

CPU & Cache

Inf os ec Process 1 Process 2 AES key Process 3 Type 1 Type 2

(24)

Case 3: Cloud attack

2015: Seriously, get off my cloud! Cross-VM RSA Key

Recovery in a Public Cloud

Mehmet Sinan ˙Inci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar

 Determine ‘co-location’ on a cloud server

 Prime and Probe attack use Last Level Cache (LLC)

 Recover a 2048 bit RSA key in the Amazon Cloud

Inf os ec ur it y

(25)

Running in the cloud

Inf

(26)

RSA key break

Sliding window

• Precomputed coefficients

• Value leaks information on key bits

Cache timing reveals coefficients

• Which entry is cached

 4000 encryptions with same data breaks key

Inf os ec ur it y

(27)

Future of software attacks

 Software security is gaining over hardware security

 More tools to explore side channels will appear

 No awareness with developers at the moment

2015 BlackHat Europe

(28)

Conclusion

 Side channel attacks are often advanced attacks

 Known to be practical for valuable hardware assets

 But,… many software solutions are vulnerable too

 Consider if your solutions might be sensitive to these attacks Inf os ec ur it y

(29)

Riscure North America

550 Kearny St. Suite 330

San Francisco, CA 94108

Riscure B.V.

Frontier Building, Delftechpark 49 2628 XJ Delft

The Netherlands

Contact: Job de Haas

[email protected]

References

Download now ( PDF - 29 Page - 1.65 MB )

Related documents