SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

Similar documents
HOST Differential Power Attacks ECE 525

Side channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut

A physical level perspective

Side-Channel Attacks on RSA with CRT. Weakness of RSA Alexander Kozak Jared Vanderbeck

ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.

Security against Timing Analysis Attack

Part VI. Public-key cryptography

Breaking Korea Transit Card with Side-Channel Attack

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

18-642: Cryptography 11/15/ Philip Koopman

Computer Security 3/23/18

Fault-Based Attack of RSA Authentication

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Technological foundation

Public Key Cryptography and RSA

SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation

Crypto tidbits: misuse, side channels. Slides from Dave Levin 414-spring2016

Security. Communication security. System Security

0x1A Great Papers in Computer Security

CPSC 467b: Cryptography and Computer Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

RSA. Public Key CryptoSystem

Cryptography and Network Security

Power Analysis Attacks

The embedded security challenge: Protecting bits at rest

Tuesday, January 17, 17. Crypto - mini lecture 1

Introduction to Software Countermeasures For Embedded Cryptography

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

18-642: Cryptography

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

CPSC 467: Cryptography and Computer Security

Encryption. INST 346, Section 0201 April 3, 2018

Connecting Securely to the Cloud

Practical Electromagnetic Template Attack on HMAC

Breaking the Bitstream Decryption of FPGAs

RSA (material drawn from Avi Kak Lecture 12, Lecture Notes on "Computer and Network Security" Used in asymmetric crypto.

Chapter 9 Public Key Cryptography. WANG YANG

Cryptographic Systems

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

EEC-484/584 Computer Networks

Micro-Architectural Attacks and Countermeasures

Practical Aspects of Modern Cryptography

Cryptographic Concepts

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Uses of Cryptography

Public-Key Cryptography

Public Key Cryptography

Side-Channel Cryptanalysis. Joseph Bonneau Security Group

Applying TVLA to Public Key Cryptographic Algorithms. Michael Tunstall Gilbert Goodwill

2.1 Basic Cryptography Concepts

Key Establishment and Authentication Protocols EECE 412

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

EEC-682/782 Computer Networks I

WAP Security. Helsinki University of Technology S Security of Communication Protocols

Winter 2011 Josh Benaloh Brian LaMacchia

CIS 4360 Secure Computer Systems Applied Cryptography

Study Guide to Mideterm Exam

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

PASSWORDS & ENCRYPTION

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Overview. Public Key Algorithms I

CSC 474/574 Information Systems Security

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Side-Channel Attack on Substitution Blocks

Crypto CS 485/ECE 440/CS 585 Fall 2017

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Some Stuff About Crypto

D eepa.g.m 3 G.S.Raghavendra 4

Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline

A New Attack with Side Channel Leakage during Exponent Recoding Computations

Refresher: Applied Cryptography

Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

A Key Management Scheme for DPA-Protected Authenticated Encryption

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Session key establishment protocols

Public Key Encryption

Cryptography MIS

CSE484 Final Study Guide

A PRACTICAL APPROACH TO POWER TRACE MEASUREMENT FOR DIFFERENTIAL POWER ANALYSIS BASED ATTACKS

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Session key establishment protocols

Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

David Wetherall, with some slides from Radia Perlman s security lectures.

CPSC 467b: Cryptography and Computer Security

Cryptography Research, Inc. http:

Lecture IV : Cryptography, Fundamentals

HOW CRYPTOSYSTEMS ARE REALLY BROKEN. Adi Shamir Computer Science The Weizmann Institute Israel

Parallelizing Cryptography. Gordon Werner Samantha Kenyon

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

Cryptography and Network Security. Sixth Edition by William Stallings

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Cryptography Introduction

PROTECTING CONVERSATIONS

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Transcription:

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and Cryptographic Implementations Key Management and Trusted Platforms Research Operating Systems Security Research Frameworks for Secure Communication and Practical Encryption Our aim Secure and Authenticated Communication Channels Data at Rest and Data in Transit Security Operating Systems and Software Stack Security Hardware Security

SECURE PROTOCOLS ARE NEEDED X Public Key Crypto X Private Key Crypto X Hashing Most Secure Algorithms 4 Hash messages and generate digests 3 Encrypt messages with AES Keys and send over TLS 2 Key Exchange Using Diffie Hellman Hardened Cryptographic Library/ EMM/ RNG Authentication Server USER 1 USER 2 6 7 Verify message digests Decrypt messages Robust Authentication and Localized PKI Perfect Forward and Future Secrecy 1 Authentication 5 Authentication Anonymity vs. Non- Repudiation

SO IS KERNEL AND HARDWARE LEVEL SECURITY Authentication Server Data at Rest Encryption User 1 User 2 Real-time Integrity Monitor Hardened Cryptographic Library Secure Boot Loader Hardware-Based Root of Trust Hardware-Rooted Key Management Hardened OS and Kernel

CRYPTO POSES CHALLENGES FOR COMMUNICATION SOLUTIONS Encryption should be intractable by theoretical (Crypt)-analysis E.g., Intractable properties of factoring large numbers Systems can be broken by inadequate bit-level security and crypto parameters Inadequate Root of Trust for the Cryptographic System Systems can be weakened by inappropriate implementations E.g., side-channel attacks; memory attacks By Attacking a Crypto Device, the adversary hopes to subvert its security correctness properties by extracting some secret

SIDE CHANNEL ANALYSIS Keystream PlainText Crypto Algorithm CipherText Computations Timing Power Consumption EM Radiation Temperature Variations

PRACTICAL EXAMPLES Most Common Side Channel Attacks Point Adding Point Doubling Power consumption depends on computation performed Point multiplication (K*Q) occur during key and signature generation (Double-and-add algorithm) double and add are very different ops (key bit ==1) Simple Power Analysis (SPA): Leakage during point multiplication leaks information about secret (K) Power analysis this type of side channel attacks has been demonstrated in many cryptosystems; emanate from circuits which typically consume differing amounts of power based on operations and data EM Electromagnetic emissions and signals (e.g., through near-field inductive and capacitive coupling, or far field antennas) Timing Data-dependent differences in process time and delay in cryptographic operations based on data input and relevant operation. Power Analysis on Smart Cards Retrieval of smart card PINs Smart Phones Leakage of keys used to secure communications, financial transactions, SSL traffic, data stored on phones

TYPICAL TARGETS Most Common Targets: Smart Cards / FPGAs - Microcontrollers/ Custom Processors Other Common Targets: Smart Phones / Embedded Devices / CPU Boards USBs / Consoles / Modern Targets Charging patterns of devices Interfaces of software / hardware co-design interactions Servers When interception is feasible (active / passive), simple or differential side channel attacks will aim at breaking modern crypto

EXPERIMENTAL SET-UP Signal Acquisition Signal Acquisition Card, triggered automatically For FPGA-based implementations Smart Card Reader based on an FPGA controller Reader output antenna amplified and feeding into input channel of Signal Acquisition Card For Mobile Applications Near Field Probe set * Equipment shown is part of CRI DPAWS toolkit

EXPERIMENT 1: RSA SIGNATURE USING CRT ATTACK DESCRIPTION Signature = s = m d mod n d = private exponent, p and q are primes, m is the message to sign A CRT implementation of Signature is as follows: Pre-computation d p = d mod (p-1) d q = d mod (q-1) k = p -1 mod q Reduction m p = m mod p m q = m mod q Exponentiation S p = m p dp mod p S q = m q dq mod q Recombination s = ( ( (S q S p )*K ) mod q ) * p + S p

EXPERIMENT 1: ACQUIRING SIGNALS FROM THE SMART CARD Signal Acquisition at a Frequency of 1.5MHZ (0.6 sec trace size) We capture signal in the time domain Calculate Fast Fourier Transform FFT Frequency bin at which frequency peaks is our crypto signal We apply a band pass filter to isolate crypto traces (bandpass center frequency = F = 0.625Mhz and bandwidth = 2F) * Software used is part of CRI DPAWS toolkit

EXPERIMENT 1: SIMPLE POWER ATTACK AGAINST RSA USING CRT S p = m p dp mod p Initial Reduction m p = m mod p m q = m mod q S q = m q dq mod q - P and Q half the size of n (2048 / 2) - CRT (RSA) operation, the exponentiation with dp uses the binary algorithm (SPA by timing differences between multiplication and squaring) Simple Power analysis enables us to recover all RSA 2048 bits 2 days to capture signal on one card. Automated scripting for remaining cards

EXPERIMENT 1: FINDING THE SIGN. SIGNAL RSA SIGNATURE (IOS) USING OPENSSL - SPA is not effective anymore - Lots of signal processing to reduce noise and noncrypto signals - We resort to differential Power Analysis on modular reduction to recover prime p m p = m mod p m q = m mod q We can discover the bits of p sequentially (1024); fix p to 1 or 0, calculate intermediate traces and confirm bit guessing if curves average is not NULL * Special Software used (custom home grown to capture signals at CPU frequencies)

EXPERIMENT 1: SPA AND DPA FAILURE - RSA SIGNATURE (IOS) USING IOS APIS - Uses ios Unit Test using Apple APIs - SPA and DPA are not effective is capturing CRT or non-crt RSA operations - Next Steps include Locating the CPU by setting the CPU to a constant clock frequency and De-capsulating the back cover chip

EXPERIMENT 2: AES ENCRYPTION ATTACK DESCRIPTION Round_F Round_F Power Consumption PlainText Initial Transformation S-Box Shift Rows Mix Columns AddRound Key S-Box Shift Rows xxx AddRound Key CipherText Actual Key Round_i Key Final Round Key No diffusion in Last Round C = XOR(Round Key, Value) If final round key is extracted, intermediate Keys can be recovered by reversing Key schedule (and S-Box -1 ) Attack one byte at a time: {2^8} * 32 For each 2^8 combination, guess of Round Key is correct when output traces are correlated to guessed data

EXPERIMENT 2: FINDING THE AES ENCRYPTION SIGNAL 14 Round; We start Here

EXPERIMENT 2: DIFFERENTIAL POWER ATTACK AGAINST AES LAST ROUND RX - No difference of power consumption across rounds - However, the following is to be observed: Last round does not have a Mix Column operation Byte Substitution (S-box) operated on each byte separately - Given storage structure, an intermediate bit will be chosen for analysis and keys bits will be guessed one byte at a time - Number of equations to solve: In one round: 2^8 * 32 = 8,192 Total Traces: 114,688,000 R14

EXPERIMENT 2: DPA AES ENCRYPTION (IOS) USING OPENSSL RX - Same attack apply - Same linear shift registers structure is used to store intermediate values - Except ios makes it harder to capture signals and isolate crypto frequencies R14

WHAT MADE IT POSSIBLE For RSA implementation on Smart card, Simple Power Analysis was possible due to: No hardening or countermeasures in FPGA-based implementation Non constant time operations when exponent bit is 0 vs. exponent bit is 1 For RSA implementation on ios application using custom OpenSSL implementation Simple Power Analysis was not possible given OpenSSL hardening of CRT ios does not make it easy to capture signals from the phone Differential Power Analysis was rendered possible because Application Master Key was constantly used instead of using ephemeral keys for One time signatures (OTS) that are derived from Master Key using a KDF For AES implementation [Card + ios] No countermeasures against differential power analysis Differential Power analysis rendered possible because of Lack of Key Agility

COUNTERMEASURES Algorithm-level Countermeasures Randomness (masking / blinding) Constant Time implementations Pre-computations and Leak Reduction Noise based countermeasures Increase dependencies on Boolean ops (e.g. keccak) Randomize in-algorithm structures between rounds

PROTOCOL LEVEL COUNTERMEASURES Protocol-level Countermeasures: Reduce the amount of leakage to less than the minimum required for key(s) recovery using SPA / DPA / EM-based leakage Reduce interim states that could lead to leakage Key Agility (per session / per call / per message) Layered Security Increased Overall bit level security Redundant crypto operations to reduce leakage and temp values Smart choice of the cryptosystem

NEXT STEPS WORK WITH CRYPTO THAT USES NATIVE IOS APIS Locate the CPU by setting the CPU to a constant clock frequency De-capsulate the back cover chip Set-up 1: Use the Probing Set-up to scan surface of the phone Try to capture relevant signals to recover keys and understand practicality of such an attack Set-up 2: Use the Probing Set-up to intercept interfaces to secure enclave through dedicated hardware buses

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback