Test vehicle tool to assess candidate ITSEF s competency

Transcription

1 Test vehicle tool to assess candidate ITSEF s competency September 28, 2011 Takayuki TOBITA IT Security Center (ISEC) Information-technology Promotion Agency, JAPAN (IPA) 1

2 Common Criteria Scheme in Japan JISEC: Japan IT Security Evaluation and Certification Scheme ITSEF: Evaluation Facilities They have to be accredited, provided that they have sufficient evaluation skill. IPA: The Certification Body 2

3 Current situation in Japan Only certifying software-related products. No hardware certification. We have decided to have hardware certification scheme of our own! 3

4 We need to Establish the hardware certification scheme Have ITSEFs that are capable of performing hardware penetration testing ability. Develop the Test vehicle to assess ITSEFs 4

5 Not enough is the current accreditation scheme Requirements of penetration testing ability is far different from those for software. It is difficult to judge ITSEFs ability by only ETR and interview. ITSEFs do not have enough experience. 5

6 Bad case ITSEFs said there is no problem! I cannot attack on it. It must be resistant to attacker with high attack potential!! Is it true? Really? Had they missed vulnerability because of their insufficient skill? 6

7 What to do about We have to judge whether they have sufficient skill. We need the new tool to asses ITSEFs skill. Test vehicle is cool! 7

8 What is the Test Vehicle Test Vehicle is a security hardware product in the form of smartcard with some deliberately embedded vulnerabilities. The ITSEFs can demonstrate their ability of penetration testing by attacking it. 8

9 Who made it? IPA sponsors the project. Trusted Labs had designed and developed the test vehicle. specialized in security consulting and evaluation of embedded devices. 9

10 What scenarios are included? Test Vehicle offers required attack scenarios They can demonstrate that their penetration testing skill is high enough in every attack method required by hardware evaluation. *) Application of attack potential to smart card, version 2.7 February

11 Design policy Difficulty of Test Vehicle should be not too high and not too low. If the difficulty is too low, low skill ITSEFs would pass. If the difficulty is too high, even well-skilled ITSEFs would fail. 11

12 Contents Power Analysis (SPA/DPA) Software Attack Various types of Perturbation Attack to force cryptographic engine to constant output. Authentication bypass. to dump memory. to reduce 3DES computation to single DES Differential Fault Analysis (DFA) 12

13 And also physical attack Semi invasive attack Perturbation with Laser Probing 13

14 Power analysis scenarios Retrieving DES key by DPA Typical attack path is: Find interesting point Acquisition of power traces Alignment Analysis 14

15 Like this Monitor power consumption It seems 8 bytes input and output process. 15

16 Like this It is hardware DES. We need the curve of DES encryption processing region. Acquire a lot of traces of this region. 16

17 Test vehicle has countermeasures not so easy! Test Vehicle implements a bunch of countermeasures Random delay Noise Random S-BOX Random Masking Sensors 17

18 ITSEFs need to overcome them To overcome Random S-BOX, how do you attack Normal analysis: You need incredibly many traces... With preprocessing: You need fewer traces 18

19 High level attack potential You also need to overcome random delays Simple alignment does not work You should do something... Masking! You have to be able to do high order DPA. ITSEFs have to pass these scenarios within practical time. 19

20 Perturbation scenario is Perturbation for authentication bypass by Glitches (VCC, CLK, Laser) You need to overcome hardware countermeasures. Vcc Difficult to find an exploitable condition Intensity, Timing, Length RESET RESET Time 20

21 We also prepare a test report template Test Vehicle is provided to ITSEFs along with a penetration test report template. No.11 :DPA on RSA Q_1:Put the RSA encryption trace image. Q_2:Write the signature key Q_3:Write your attack path Q_4:How many traces do you need? 21

22 ITSEFs to submit the report The test report template makes it possible to measure ITSEFs ability appropriately. ITSEFs submit the report of the attack detail by filling in the test report template IPA judges 22

23 Now and future Test Vehicle is under fine tuning of difficulty level We are going to release it in

24 Now and future Next Test Vehicle: JavaCard! It covers attack scenarios related to GlobalPlatform, Firewall attack, Bytecode verification, Defensive virtual machine, etc. It will come in Stay tuned! 24

25 Japan Information Technology Security Evaluation and Certification Scheme Thank you for your attention. IT Security Center IPA, Japan JISEC Information URL: English: Japanese: 25