Академический Документы
Профессиональный Документы
Культура Документы
Overview
Threat model
Attackers Goals Types of attacks
Attack techniques
Cryptographic processors Smart cards
Further reading
Threat model
Attacker types
Class I: Clever outsiders
Intelligent, but lack information, exploit known attack
Threat model
Attacker goals
To get the crypto keys stored in RAM or ROM To learn the secret crypto algorithm used To obtain other information stored into the chip (e.g. PINs) To modify information on the card (e.g. calling card balance)
Types of attacks
Non-invasive attack
Dont modify processor, probe via other means
Invasive attacks
Break open processor by acids, ionization
Reverse engineering
Learn how the device works
Moore, Anderson, Kuhn, Improving Smartcard Security Using Self-timed Circuit Technology
Overview
Threat model
Attackers Goals Types of attacks
Attack techniques
Cryptographic processors Smart cards
Further reading
Preventive measures
Wire the power supply through lid switches Zeroize the chip memory whenever lid is opened
Attack (1)
Theft of keys
Early chips kept keys in removable PROMs or key was listed in paper Attacker removes the PROM or steals the paper
Solution
Shared control, by using two or more PROMs with master keys, and use them to derive actual key Keep keys in smart cards
8
Attack (2)
Cutting through casing Disabling lid switches
Solutions
Add more sensors, photocells Separate the security components, and make them potted using epoxy resin
10
Attack (3)
Attacker scrapes potting with a knife, and uses a logic probe on the bus
RSA, DES vulnerable if attacker can see protocol in action
Solution:
Use a wire mesh embedded in the epoxy
Crude scraping can be handled, but not slow erosion using sandblasting
Attack (4)
Memory remanence
Memory gets burned into the RAM after long time, on power up, 90% RAM bits initialized to key Attacker goes dumpster diving to find old chips
Solution
Use RAM savers, just like screen savers
Move data around chip to prevent burn-in
Gutman, Secure deletion of data from magnetic and solid state memory, Usenix Security Symp. 96
12
Attack (5)
Freeze it!
Below -20 C (-4F), SRAM contents persist Attacker freezes module, removes power, removes potting/mesh, attaches chip to test rig, powers on
Burn it!
Attacker floods chip with ionizing radiation (XRay), key gets burned in
Solution?
Add temperature/radiation alarms Or, blow up the chip, with thermite charges!!
Skorobogatov, Low Temperature Remanence in Static RAM
13
Attack (6)
Tempest / power analysis
Noninvasive
British MI5 eavesdropped on French embassys crypto machine in the 1960s
Solution
Use Aluminum shielding (Tin foil!!) Obfuscate power line paths
14
Attacking 4758
4758 addresses most of the previous attacks So, how do you attack a 4758?
Physical
Erode potting with sandblasting, detect mesh lines, by pass them (magnetic force microscope) Drill 8mm/0.1 mm holes to go through mesh Send plasma jets to destroy memory zeroization circuits
15
Overview
Threat model
Attackers Goals Types of attacks
Attack techniques
Cryptographic processors Smart cards
Further reading
16
Smart cards
Generally dont have the protection of crypto processors Typically have lower security, but more commonly used
17
Non-invasive attacks
Attack the protocol
Put a laptop between the smart card and reader, and analyze messages Put a device between card and reader that blocks certain messages
Prevent writing
Early smartcards had a separate programming voltage pin Vpp that was needed to write to EEPROM Attacker places tape on the pin to prevent writing
18
Non-invasive attacks
Differential power analysis
Power supply current spikes indicate type of instruction being executed Data values can be obtained from power profile
Clock/power modulation
Overclocking the chip causes disruption in instruction (e.g. prevent branching) Slowing down clock allows reading voltages with an electron microscope Modulating power can prevent parts of the chip from working
19
Invasive attacks
It is possible to remove the chip using cheap chemicals Attacker removes chip, fits it into a test rig Optical microscope can show ROM contents Crystallographic staining also reveal ROM content
Moore, Anderson, Kuhn, Improving Smartcard Security Using Self-timed Circuit Technology
20
Invasive attacks
Physical probing
Low cost probing stations can land microprobes on bus lines and read values The information is used to figure out keys or crypto algorithms Focus Ion Beam microscopes can modify chip or shielding
21
Invasive attacks
Memory linearization
Destroy instruction decoder to prevent jumps Repair test circuits (blown off during manufacture) to allow testing routines to dump memory
Problem: You need to have test circuits, otherwise you cant test the chips working during production
22
Reverse engineering
Rebuild hardware circuits
Etch away layer on chip surface, take electron micrograph, create 3-D image of chip Use the image to recreate circuit
23
Reverse engineering
Optical fault induction
Use simple camera flash, tape it to proving station, flash the chip at a particular spot using a aluminum foil aperture Or use a cheap laser pointer
Focusing flash on white circle makes SRAM cell bit go from 1 to 0 Focusing on black circle makes SRAM cell go from 0 to 1 By inducing bit faults, several protocols can be broken
24
Skorobogatov and Ross J.Anderson, Optical Fault Induction Attacks, CHES '02
Further reading
Ross Andersons page at Cambridge University Workshop on Cryptographic Hardware and Embedded Systems
25