Side Channels: Hardware or Software threat?

Side Channels: Hardware or Software threat? Job de Haas Riscure

Who am I Job de Haas Principal Security Analyst at Riscure Testing security on: Set-top-boxes, mobile phones, smart cards, payment terminals, ADSL routers, VoIP modems, smart meters, airbag controllers, USB tokens, Before: Pentesting network security (since 1991) Riscure Services: Security Test Lab Product: Side Channel Testing Tools Full range testing: detailed hardware to white-box crypto and obfuscation

Overview Side Channel Attacks, what are they? State of attacks and hardware testing Developments in software testing

Side channel attacks Slice of Life: Pizza Orders Soar in D.C. January 16, 1991 Associated Press SPRINGFIELD, Va. a quick read on the state of world affairs, one need only look at pizza deliveries to the Pentagon, White House and CIA. "The news media doesn't always know when something big is going to happen because they're in bed, but our deliverers are out there at 2 in the morning," said Frank Meeks, owner of the 43 Domino's outlets in the Washington area. Since Jan. 7, late-night deliveries to the Pentagon have increased steadily, from three to 101 Tuesday night, he said. At the White House, 55 pizzas were delivered from 10 p.m. Tuesday to 2 a.m. today. Wikipedia: The initial conflict to expel Iraqi troops from Kuwait began with an aerial bombardment on 17 January 1991

What are side channels? (Physical) phenomena related to a process of interest Time Power consumption Light emission Temperature Sound Electro-Magnetic radiation

Principle of timing analysis Start Decision Process 1 t = 10ms t = 20ms Process 2 End

Power consumption PIN entry Signal leakage from busses, registers, ALUs, etc PIN verification attempts

But is it for real?

Every payment & HDTV decoder chip is tested Configure / Retrieve Commands / data Signal + Trigger

ChipWhisperer Open source project Kickstarter project (331 backers) restricted

What is under attack? Retrieve secrets Reverse engineer Key PIN Unlock code Program flow Crypto protocol Algorithm

What to test? Different industries use certification schemes mandating tests Testing for different channels: Timing variations Power consumption EM emanations Photon emissions But what about software products?

Overview Side Channel Attacks, what are they? History of attacks and hardware testing Developments in software testing

Software side channels Most dominant: Timing Sometimes: Error responses, counting events, etc. 3 example cases Remote web database attack Remote AES key attack RSA attack in the cloud

Case 1: Web Database Attacks Black Hat 2007: Timing Attacks for Recovering Private Entries From Database Engines, Core Security Explores a timing effect on database inserts Is able to determine existing keys in a database Tested under lab conditions

Database index B-tree

Timing effect inserting

Alternative web attacks 2013: Pixel Perfect Timing Attacks with HTML5, Paul Stone On leaking client side information such as cached content 2014: Time Trial Racing Towards Practical Remote Timing Attacks, Daniel A. Mayer, Joel Sandin A tool to investigate remote timing leakages 2015: Web Timing Attacks Made Practical, Timothy D. Morgan, Jason W. Morgan Improving statistical testing of timing differences

Time Trial results

Case 2: AES Cache Timing Attacks 2005: Cache-timing attacks on AES, Daniel J. Bernstein Timing execution of a known implementation with a known key Comparing to timing of the same with an unknown key The key can be broken http://developer.amd.com/

AES http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

AES SBOX http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html

CPU & Cache Process 1 Process 2 AES key Process 3 Type 1 Type 2 Measure Timing reveals information on table index & key!

Case 3: Cloud attack 2015: Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud Mehmet Sinan Inci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar Determine co-location on a cloud server Prime and Probe attack use Last Level Cache (LLC) Recover a 2048 bit RSA key in the Amazon Cloud

Running in the cloud http://blog.trailofbits.com/2015/07/

RSA key break Sliding window Precomputed coefficients Value leaks information on key bits Cache timing reveals coefficients Which entry is cached 4000 encryptions with same data breaks key

Future of software attacks Software security is gaining over hardware security More tools to explore side channels will appear No awareness with developers at the moment 2015 BlackHat Europe Unboxing the White-Box, Practical attacks against Obfuscated Ciphers, Riscure

Conclusion Side channel attacks are often advanced attacks Known to be practical for valuable hardware assets But, many software solutions are vulnerable too Consider if your solutions might be sensitive to these attacks

Contact: Job de Haas dehaas@riscure.com Principal Security Analyst Riscure B.V. Frontier Building, Delftechpark 49 2628 XJ Delft The Netherlands Phone: +31 15 251 40 90 Riscure North America 550 Kearny St. Suite 330 San Francisco, CA 94108 +1 (650) 646 9979 www.riscure.com inforequest@riscure.com