Some Security Attacks - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Some Security Attacks

Description:

ATM has module containing processor and key to encrypt, ... Chips misbehave when they are clocked too slowly or clocked too fast, or the clock is irregular, ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 26
Provided by: csR3
Category:

less

Transcript and Presenter's Notes

Title: Some Security Attacks


1
Some Security Attacks
  • Tamper-Resistance - A Cautionary Note by
  • Ross Anderson and Markus Kuhn

2
VISA security module for bank ATMs
  • Stripe on your ATM card is encrypted.
  • It contains your PIN and other details.
  • ATM has module containing processor and key to
    encrypt, decrypt and check pin.
  • It is a local operation done at the ATM, even
    when system is offline.
  • Lid switches and pressure sensors to erase its
    keys if the box is opened.

3
Taxonomy of Attackers (IBM)
  • Class I Clever outsiders - insufficient
    knowledge of system, no highly sophisticated
    equipment, look for existing weaknesses.
  • Class II Knowledgeable Insiders - have
    potential access to most parts of systems, and
    highly sophisticated tools.
  • Class III Funded Organizations governments,
    terrorists, Mafia have teams of experts, big
    budgets, most advanced tools.

4
Can you get unsupervised access? To many
devices?
  • Much more vulnerable if we can experiment.
  • Phone cards,
  • Pay-TV, DSTV cards,
  • SIM modules in a phone,
  • Casino smart cards for gambling,
  • smartcards, etc.

5
Pay TV, an early case
  • Smartcards needed high voltage to overwrite
    memory, lower voltage to read memory.
  • Mallet registers for all TV channels for one
    month, then cancels subscription. Signals sent
    to his decoder set all channels as open, which
    is written to the smartcard.
  • He then disables the high voltage pin so that
    when he cancels his subscription, the decoder
    cannot close the channels.

6
Pay TV
  • Newer cards generate high voltage on board from
    oscillators and capacitors and diode circuitry.
  • But you can still see the components under a
    microscope, and destroy them with a laser cutter.

7
Other attacks /defenses on smartcards
  • You can use acid to etch away the coating and
    expose the circuitry,
  • Then insert microprobes and trace the bits on the
    buses, or even pick up signals from inductance.
  • Some glues are opaque and resistant to removal,
    and will destroy underlying circuits.
  • Some coatings are mildly conductive to spread
    electrical noise. Some even have random
    oscillators generating deliberate electrical
    noise to mask probes.

8
Very sophisticated power attack
  • External source supplies power. You can monitor
    chip power usage very accurately.
  • Some circuits had different power demands when
    processing 0 and 1 bits of the secret key in an
    encryption algorithm.
  • By reading off the fluctuations in power, you
    could extract the 0 and 1s of the key.

9
Very sophisticated timing attack
  • In a similar attack, a processor was discovered
    that needed a different number of processor
    cycles when processing a 0 or 1 bit of a secret
    key.
  • By finding something repetitive to measure (e.g.
    power spike, electromagnetic emission), one can
    look at the inter-event timings and extract the
    key bits.

10
Nuclear Missiles have highest security we know
about.
  • Launch codes are secret keys embedded in
    hardware, sited in middle of plutonium mechanism,
    with external protection too.
  • A terrorist group or government who stole some
    missiles would be willing to sacrifice many just
    to get one workable device.
  • Often they will only arm themselves under severe
    expected environmental conditions, e.g. a missile
    experiences many thousand G forces on launch, or
    a bomb experiences zero gravity at high altitude,
    and this may be a necessary precondition for
    arming.

11
Interesting experiment
  • After they exploded the core security mechanism
    to prevent enemy access, they collected fragments
    of memory around 1mm.
  • The 1mm fragments had contiguous bit-strings of
    the secret key!
  • Now they scatter key bits throughout memory so
    that after explosion one cannot find sequences
    by using a crypto mapping table for address
    fetches.

12
The Dallas Crypto Processor
  • Was best-of-breed commercial system at the time
    the paper was written (1997)
  • Had encrypted data bus between processor and
    memory. Each memory address essentially had a
    unique encrypt/decrypt mapping for its 256
    possible data values.
  • So understanding the mapping for data fetched
    from position 1020 didnt help you to understand
    the data anywhere else.

13
The Dallas Crypto Processor
  • Also had separate encryption for 16-bit address
    bus so processor saw a linear memory at byte
    address 0,1,2, but physically they were
    scattered in actual memory.
  • But a processor often executes the same sequence
    of instructions from successive (logical)
    locations, so youd learn a lot by watching the
    patterns of memory accesses.

14
(No Transcript)
15
The Dallas Attack
  • The three-byte instruction MOV 90h xx will send
    byte xx to the parallel port. We can watch the
    port to see when weve found it.
  • We cant tell what ciphercode pair will decode
    into the MOV 90h, but we can try an exhaustive
    search.
  • We cut the link between memory and the bus, and
    insert our own processor which can either pass
    stuff across unchanged, or can substitute
    something else. (man-in-the-middle attack)

16
(No Transcript)
17
The Dallas Attack
  • We repeatedly reset the processor, and substitute
    the first three bytes fetched from memory.
    (Theyre always fetched from the same place, the
    particular address doesnt matter. Call them A0
    A1 A2.).
  • Substitute what it fetches, exhaustively trying
    all 64K bit combinations of the first two bytes,
    and watch the port. When something happens, you
    have discovered the encrypted form of the MOV 90h
    instruction at addresses A0 A1.

18
The Dallas Attack
  • Once you know this, start substituting the next
    data byte. Each encrypted byte you send will
    come out of the port in plaintext.
  • After 256 trials you can build a complete table
    of the encryption mapping for memory position A2.
    - You know what you fed in as the data, and you
    saw what came out of the port.

19
The Dallas Attack
  • Now exhaustively search for any one-byte
    instruction that can go ahead of the MOV 90h xx.
    So look for NOP MOV 90h xx
  • (You already know the encryption table for A2, so
    you know what the encrypted form of the 90h is.
    The orange font means that you dont have to vary
    this data in the search, yellow means try all
    combinations.)
  • When you see output appearing on the port, you
    can find the encryption table for A3.
  • Now it gets easy look for another NOP NOP
    NOP MOV 90h xx

20
The Dallas Attack
  • When you know how the bus encryption works for
    about 10 consecutive bytes, you can write a small
    assembly-code loop to read all of memory and
    output it to the port.
  • Encrypt this little bit of code using your
    tables, and run the program.
  • All of memory contents, including any secret
    keys, will magically appear on the parallel port!

21
The Dallas Attack
  • Was a Class I attacker
  • Cost around 300 for equipment
  • Took a student 3 months.

22
Its just one bit you need to fiddle
  • A chip contains a secret key because some process
    uses that key at some stage.
  • The secret data will be locked with a hardware
    lock bit. When the program authorizes itself,
    the lock is opened and the key can be accessed.
    (e.g. the processor will enter privileged or
    supervisor mode)
  • Resetting the chip will re-lock this bit.
  • An attacker will go after this bit

23
There are many other loopholes
  • Chips misbehave when they are clocked too slowly
    or clocked too fast, or the clock is irregular,
  • They might misbehave under weird power
    conditions voltage too low, or too high, or
    voltage contains spikes.

24
Some lessons and observations
  • Smartcards are not secure against determined
    attacks, certainly not against foreign
    governments and well-funded organizations.
  • Even our Casino in PE stores your customer number
    and balance on the card, but it accesses a
    central computer to confirm the balance. If you
    crack the security and give yourself an extra
    R500 000 on your casino card, men in black suits
    will arrive when you put your card in the slot
    machine.

25
Lessons
  • In spite of claims of great security, at this
    time smartcards are only useful for low-risk
    applications. Store your passwords etc. on the
    card. But dont store value directly, unless it
    is not worth cracking amounts.
  • Telephone cards all have unique ID numbers. In
    principle, Telkom could track repeated use of a
    card whose units are never depleted.
  • Even Clicks loyalty points are stored centrally
    on their computers. All that is on your card is
    your customer number.
Write a Comment
User Comments (0)
About PowerShow.com