embedded security October 2015

Similar documents
Side Channel Analysis and Embedded Systems Impact and Countermeasures

Secure Hardware PV018 Masaryk University Faculty of Informatics

Security in the Age of Nanocomputing. Hacking Devices

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

PUF Physical Unclonable Functions

Smart Card Security How Can We Be So Sure?

Microsemi Security Center of Excellence

CPSC 467b: Cryptography and Computer Security

Secure Embedded Systems eine Voraussetzung für Cyber Physical Systems und das Internet der Dinge

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Security testing of hardware product

Test vehicle tool to assess candidate ITSEF s competency

Secure application programming in the presence of side channel attacks. Marc Witteman & Harko Robroch Riscure 04/09/08 Session Code: RR-203

Wireless Sensor Networks Chapter 14: Security in WSNs

On Security Evaluation Testing

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 7

Today. Important From Last Time. Old Joke. Computer Security. Embedded Security. Trusted Computing Base

Local Heating Attacks on Flash Memory Devices. Dr Sergei Skorobogatov

Securing Host Operations with a Dedicated Cryptographic IC - CryptoCompanion

Objective. Testing Principle. Types of Testing. Characterization Test. Verification Testing. VLSI Design Verification and Testing.

Supporting Document Mandatory Technical Document. Application of Attack Potential to Smartcards. March Version 2.7 Revision 1 CCDB

Victor Shoup Avi Rubin. Abstract

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 6

Horst Görtz Institute for IT-Security

On a New Way to Read Data from Memory

A Study on Smart Card Security Evaluation Criteria for Side Channel Attacks

ADVANCED IC REVERSE ENGINEERING TECHNIQUES: IN DEPTH ANALYSIS OF A MODERN SMART CARD. Olivier THOMAS Blackhat USA 2015

Adversary Modelling 1

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

THREAT MODELLING FOR SECURITY TOKENS IN WEB APPLICATIONS

Hardware Trojans Detection Methods Julien FRANCQ

Security Issues with Integrated Smart Buildings

Hardware Security Modules for Protecting Embedded Systems

Low- Cost Chip Microprobing

Cyber physical systems: devices. Cyber physical systems. Ingrid Verbauwhede KU Leuven COSIC. Ingrid Verbauwhede, COSIC KU Leuven

DRTS 33. The new generation of advanced test equipments for Relays, Energy meters, Transducers and Power quality meters

Sample Project List. Software Reverse Engineering

Joint Interpretation Library

Introduction to Digital System Design

A Tutorial on Physical Security and Side-Channel Attacks

Security testing for hardware product : the security evaluations practice

Reviving smart card analysis

Advances in Smartcard Security

Measurement and Analysis Introduction of ISO7816 (Smart Card)

2 Protocol Analysis, Composability and Computation

Chapter 1: Introduction

Side Channels: Hardware or Software threat?

EECS 588: Computer and Network Security. Introduction

Wireless Sensor Network Security. Seth A. Hellbusch CMPE 257

How To Perform Differential Frequency Analysis (Dfa) On A Powerline (Aes) On An Iphone Or Ipad (Ase) On Microsoft Powerline 2 (Aces) On Pc Or Ipa (Aas)

Pervasive Computing und. Informationssicherheit

CryptoFirewall Technology Introduction

ZIMBABWE SCHOOL EXAMINATIONS COUNCIL. COMPUTER STUDIES 7014/01 PAPER 1 Multiple Choice SPECIMEN PAPER

An Overview of RFID Security and Privacy threats

Confinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:

INSTRUMENT PANEL Volvo 850 DESCRIPTION & OPERATION ACCESSORIES & EQUIPMENT Volvo Instrument Panels

SoC: Security-on-chip!

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 1 Introducing Hardware

Introduction Page 4. Inspector SCA Page 6. Inspector FI Page 10. Service & Product support Page 13. Inspector Hardware Matrix Page 14

Self-Evaluation Configuration for Remote Data Logging Systems

Banking Security using Honeypot

Advancements in Wireless Access-Control Security. By Vivien Delport Director of Applications. And

Physical Attacks on Tamper Resistance: Progress and Lessons

Internet Sustainability and Network Marketing Safety

Trusted Network Connect (TNC)

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks

Internet of Things (IoT): A vision, architectural elements, and future directions

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

System Tel (Telephones) Ltd Fax Web

CHAPTER 11: Flip Flops

The new 32-bit MSP432 MCU platform from Texas

Automotive Sensor Simulator. Automotive sensor simulator. Operating manual. AutoSim

Information Security Services

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

Cryptography and Key Management Basics

Data remanence in Flash Memory Devices

Supporting Document Guidance. Security Architecture requirements (ADV_ARC) for smart cards and similar devices. April Version 2.

FUEL-16, Troubleshooting Fuel Supply Problems

CHAPTER 1 INTRODUCTION

Research Article. Research of network payment system based on multi-factor authentication

Evaluation of Digital Signature Process

ADVANCE AUTHENTICATION TECHNIQUES

How To Write A Transport Layer Protocol For Wireless Networks

Using RFID Technology to Stop Counterfeiting

Security and Privacy Issues of Wireless Technologies

Security Sensor Network. Biswajit panja

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

MOST FRAUD CASES INVOLVE SENIOR MANAGEMENT. HOW TO PREVENT THEM FROM MISUSING THEIR POWER?

NTE2053 Integrated Circuit 8 Bit MPU Compatible A/D Converter

Smart Thermostat page 1

Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

IY2760/CS3760: Part 6. IY2760: Part 6

10 Hidden IT Risks That Might Threaten Your Law Firm

Unknown Plaintext Template Attacks

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Efficient Irrigation Using Closed-Loop Feedback. Rick Foster

CIS 551 / TCOM 401 Computer and Network Security

6.857 Lecture 13: Physical Attacks (aka Losing Secrets )

Transcription:

Embedded Security The Old Model (simplified view) Benedikt Gierlichs KU Leuven, COSIC IACR Summer school 2015 Chia Laguna, Italy Acknowledgements: Ingrid Verbauwhede, Patrick Schaumont, Kris Tiri, Bart Preneel, Helena Handschuh Attack on channel between communicating parties Encryption and cryptographic operations in black boxes Protection by strong mathematic algorithms and protocols Computationally secure October 2015 Summer school @ Sardinia 2 Or so you think... Screen reading from distance Tempest: refers to investigations and studies of compromising emanations Primarily: Electromagnetic radiation Exploitation of signals and prevention Term coined in the late 1960s (NSA) Documents remain secret until today Basic and redacted versions publicly available in the late 1990s 25 meter Public research: Van Eck phreaking (1985): reading computer screens from a "large" distance (also electronic voting machines) Vuagnoux, Pasini (2009): keystroke logging from a distance (up to 20 meters), works on wireless and wired keyboards October 2015 Summer school @ Sardinia 3 http://www.lightbluetouchpaper.org/2006/03/09/v ideo-eavesdropping-demo-at-cebit-2006/ October 2015 Summer school @ Sardinia 4 Portable setup for EM display stealing Tablet keystroke detection Hayashi et al. ACM CCS 2014 October 2015 Summer school @ Sardinia 5 Hayashi et al. ACM CCS 2014 October 2015 Summer school @ Sardinia 6 Benedikt Gierlichs, KU Leuven COSIC 1

Embedded Cryptographic Devices How is Embedded Security affected? Firewall A cryptographic device is an electronic device that implements a cryptographic algorithm and stores a cryptographic key. It is capable of performing cryptographic operations using that key. Embedded: it is exposed to adversaries in a hostile environment; full physical access, no time constraints Note: the adversary might be a legitimate user! New Model (also simplified view): Attack on channel and endpoints Encryption and cryptographic operations in gray boxes Protection by strong mathematic algorithms and protocols Protection by secure implementation Need secure implementations not only algorithms October 2015 Summer school @ Sardinia 7 October 2015 Summer school @ Sardinia 8 Internet of Things Cyber physical systems A system of collaborating computational elements controlling physical entities [1] Networked embedded systems interacting with the environment [2] [1] wikipedia [2] Ed Lee, after H. Gill NSF Network: controller area network (CAN) [Source photograph: J. Rabaey: A Brand New Wireless Day] October 2015 Summer school @ Sardinia 9 October 2015 Summer school @ Sardinia 10 Medical devices, typical scenario Interacting with the environment Small embedded devices communicate over wireless link for sensing and actuation Goal: low energy (battery powered, temperature) Security goal: attack resistant Embedded cryptography? IMEC: NERF - brain stimulant IMEC: Human++ project October 2015 Summer school @ Sardinia 11 Deep Brain stimulation [Sources: J. Rabaey, National Institutes of Health, Neurology journal] October 2015 Summer school @ Sardinia 12 Benedikt Gierlichs, KU Leuven COSIC 2

Always keep in mind Your system is as secure as its weakest link Your system is as secure as its weakest link Unknown source: seen on schneier.com October 2015 Summer school @ Sardinia 13 October 2015 Summer school @ Sardinia 14 Your system is as secure as its weakest link Your system is as secure as its weakest link The adversary will go for the weakest entry point Disable or go around security mechanisms Guess / spy on passwords Bribe the security guard If you use good crypto, he will try to go around it System designer: thinks of the "right" way to use the system Adversary: does not play by the rules Designer has to think like the adversary, anticipate attacks, protect against them There is no way to protect against all attacks Do you know all attacks? Source: P. Kocher October 2015 Summer school @ Sardinia 15 October 2015 Summer school @ Sardinia 16 Security for Embedded Systems Researcher has a new attack for embedded devices Vulnerability lies in ARM and XScale microprocessors Computerworld security April 4, 2007 How: Use JTAG interface Security for Embedded Systems SecuStick: On plug-in: Windows program pops up and asks for password Self-destructs if wrong password entered n-many times Secustick gives false sense of security April 12, 2007 http://tweakers.net/reviews/683 Security completely broken Attempt counter stored in flash memory chip Write-enable pin connected to GND: infinite number of attempts to guess the password Password is checked in software routine on PC: changing return value from "0" to "1" gives full access October 2015 Summer school @ Sardinia 17 April 12, 2007: http://tweakers.net/reviews/683 October 2015 Summer school @ Sardinia 18 Benedikt Gierlichs, KU Leuven COSIC 3

Physical security of embedded cryptographic devices Let us assume that the system is well designed Adversary cannot go around / disable security features Good cryptography is used Embedded context, physical access Adversary can "look" at the device under attack Measure physical quantities Adversary can manipulate the device under attack Expose it to physical stress and "see" how it behaves Classification of Physical Attacks Active versus passive Non-Invasive Active: Perturbate and conclude Passive: Observe and infer Invasive versus non-invasive active passive Invasive: open package and contact chip Semi-invasive: open package, no contact Non-invasive: no modification Side channel: passive and non-invasive Invasive Very difficult to detect Often cheap to set-up Often: need lots of measurements automating Circuit modification: active and invasive Expensive to detect invasion (chip might be without power) Very expensive equipment and expertise required October 2015 Summer school @ Sardinia 19 October 2015 Summer school @ Sardinia 20 Side-Channel Leakage Some Side-Channels (not exhaustive) Physical attacks Cryptanalysis (gray box, physics) (black box, maths) Does not tackle the algorithm's math. security Timing Overall or "local" execution time execution time time Input Leakage Output Power, Electromagnetic radiation Predominant: CMOS technology Consumes power when it does something, transistors switch Electric current induces and EM field Observe physical quantities in the device's vincinity and use additional information during cryptanalysis More exotic but shown to be practical Light, Sound, Temperature October 2015 Summer school @ Sardinia 21 October 2015 Summer school @ Sardinia 22 Examples: measurement setups Side-Channel leakage Smart cards FPGA, ASIC Phone, tablet Set-top boxes Etc. Side-channel leakage Is not intended Information leakage was not considered at design time Leaked information is not supposed to be known Can enable new kind of attack Often, optimizations enable leakage source: langer-emv.de Device under attack is operated in normal conditions Adversary is passive an solely observes October 2015 Summer school @ Sardinia 23 October 2015 Summer school @ Sardinia 24 Benedikt Gierlichs, KU Leuven COSIC 4

Principle is nothing new... A timing attack Breaking into a Safe is hard, because one has to solve a single, very hard problem... Divide et impera! 4-digit PIN verification o 10000 possible combinations o On average 5000 attempts necessary o Typically only 3 attempts allowed (counter) o Probability of correct guess: 3/10000 Things are different if it is possible to solve many small problems instead... FUNCTION check (USER_PIN, CORRECT_PIN) FOR i=1 TO PIN_LENGTH IF USER_PIN[i]!= CORRECT_PIN[i] RETURN -1 ENDFOR RETURN 0 MAIN FUNCTION IF check( ) == -1 COUNTER++ ELSE COUNTER = 0 October 2015 Summer school @ Sardinia 25 October 2015 Summer school @ Sardinia 26 A timing attack Execution time of check( ) leaks information o Test random PIN, measure time N o Change first PIN digit, measure time N o If N == N both digit guesses are wrong o If N > N the first digit guess was correct o If N < N the new digit guess is correct Average 5 (worst case 10) attempts per digit Average 20 (worst case 40) attempts per PIN but recall that only 3 attempts are allowed Concept of Side Channel attacks Some cryptographic algorithms gain their cryptographic strength by repeating a "weak" function many times Classical model: adversary sees only final and secure result Other algorithms use few complex functions but their implementations follow a similar idea Side Channels leak information about these "weak" intermediate results Side Channel attacks exploit information about "weak" intermediate results October 2015 Summer school @ Sardinia 27 October 2015 Summer school @ Sardinia 28 Invasive attacks Active attacks: fault injection Passive: micro-probing Probe the bus with a very thin needle Read out data from bus or individual cells directly Several needles concurrently Active: modify circuits Connect or disconnect security mechanism Disconnect security sensors RNG stuck at a fixed value Reconstruct blown fuses RNG Cut or paste tracks with laser or focused ion beam Add probe pads on buried layers [Helena Handschuh] OUT [www.fa-mal.com] October 2015 Summer school @ Sardinia 29 "0" Apply combinations of strange environmental conditions Vcc Glitch Clock Temperature UV Light X-Rays... input and bypass or infer secrets error Slide: Helena Handschuh October 2015 Summer school @ Sardinia 30 Benedikt Gierlichs, KU Leuven COSIC 5

Active attacks (semi invasive) fault injection Microscope view Exploit faulty behavior provoked by physical stress applied to the device Semi-invasive: open package but no contact Laser fault injection allows to target a relatively small surface area of the target device Laser pulse frequency ~ 50Hz Fully automated scan of chip surface Once you have a weak spot: perturbate and exploit Recent: 2 laser spots, 20 ns interval, diode lasers [www.new-wave.com] October 2015 Summer school @ Sardinia 31 October 2015 Summer school @ Sardinia 32 Differential Fault Analysis Embedded security requirements Ask for a cryptographic computation twice With any input and no fault (reference) With the same input and fault injection Infer information about the key from the output differential Time Security Sometimes a single fault injection is enough! October 2015 Summer school @ Sardinia 33 Power [wonderfulengineering.com] Area October 2015 Summer school @ Sardinia 34 Security as a design dimension Thank you for your attention! Security consumes resources! extra area, extra power, extra time, development overhead E.g. communication computation trade-off Similar to power or area optimization Perfect security does not exist (zero-power design doesn't exist either) Low-risk security does exist (low-power design does exist) Different: attacker will go for the easiest entry point: If strong crypto algorithm: try other weaknesses Monitor power consumption, electromagnetic radiation, timing Introduce glitches (= fault attacks) Guess the password Bribe the security guard (= social engineering) October 2015 Summer school @ Sardinia 35 October 2015 Summer school @ Sardinia 36 Benedikt Gierlichs, KU Leuven COSIC 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information