Physical security
Download
Report
Transcript Physical security
Physical Security
[email protected]
Overview
Smart cards
RFIDs
Attacks
(Semi)-Natural tags
Conclusions
2
IIS
Smart Cards
Smart cards
Broken!
53.98 mm
85.6 mm
0.76 mm
[And96] R. J. Anderson and M. G. Kuhn. Tamper resistance - A cautionary note. In 2nd Int.
Usenix Workshop on Electronic Commerce, pages 1-11, Oakland, California, Nov 1996. USENIX
Association.
http://www.usenix.org/publications/library/proceedings/ec96/kuhn.html
IIS
4
What makes the card smart?
CPU (8, 16, 32 bit)
Memory (RAM, ROM, EEPROM, Flash)
I/O channel (Contact/Contact less)
Cryptographic co-processor
On card devices (Fingerprint, display)
Standards (ISO 7816, GSM, EMV, VOP)
5
IIS
Main security features
Symmetric crypto
Asymmetric crypto relatively slow
Hardware random number generator
Hardware tamper resistance
X-tal clock vulnerable
Life cycle management
6
IIS
Communication
ISO 7816-4:
9600 bps : slow
USB : bulky
Bluetooth: power
Biometrics: slow
www.fingerchip.com
7
IIS
Displays
Plastic, glass
Emissive, non-emissive
Refresh, bi-stable
Segment, dot-matrix
Problems: connections,
yield, power, thickness,
price!
[Pra01] D. Praca and C. Barral. From smart cards to smart objects: the road to new smart technologies.
Computer
IIS Networks, 36(4):381-389, Jul 2001. http://dx.doi.org/10.1016/S1389-1286(01)00161-X
8
Clock & Power
Clock
» Xtal 0.6 mm
» MEMS (0.002% acc.)
Battery
» Thickness
» power density
» when to recharge
9
IIS
Integration is hard
Display
Button
32-bit CPU
Large memory
Battery
Comms
>> 25mm2
10
IIS
Photo: Philips Semiconductors
RFID
What is an RFID tag?
Antenna + small chip in ambient field
Passive, replies to queries only
Can be used for almost anything
» Supply Chain Management & Checkout (Wallmart,
Benetton)
» Homeland security
Nokia 6131 NFC
» User convenience
» Access to buildings
12
IIS
Passport application
13
IIS
Privacy issues
Sniffing
» Data collection in proximity (skimming)
» Correlate data from different tags
Watch this video
Counter measures
»
»
»
»
»
»
Shield antenna in passport with tinfoil
Encrypt the template with MRZ data
Reduce transmit range
Light controlled on/off switch
Long and short range interface
Time delayed transmit of sensitive info
[Bir07] N. Bird, C. Conrado, J. Guajardo, S. Maubach, G. Jan Schrijen, B. Skorić, A. M. H. Tombeur, P.
Thueringer, and P. Tuyls. ALGSICS - combining physics and cryptography to enhance security and privacy in
RFID systems. In F. Stajano, C. Meadows, S. Capkun, and T. Moore, editors, 4th European Workshop on
Security and Privacy in Ad-hoc and Sensor Networks (ESAS), volume LNCS 4572, pages 187-202,
Cambridge,
IIS UK, Jul 2007. Springer. http://dx.doi.org/10.1007/978-3-540-73275-4_14
14
Attacks
[Wit02] M. Witteman. Advances in smartcard security. Information Security Bulletin, pages 1122, Jul 2002. http://www.riscure.com/fileadmin/images/Docs/ISB0707MW.pdf
Attacks
Operational
» Blackmail
» Burglary
» Bribery
Technical
» Logical
» Physical
» Side channel
Attackers
» I: Clever outsiders
» II: Knowledgeable insiders
» III: Funded Organisations
16
IIS
Logical attacks
The code is too complex
» Hidden commands
» Parameter poisoning & Buffer overflow
» Malicious or buggy applets
» Protocol problems (e.g. retransmit)
» Proprietary crypto
Counter measures
» Structured design & code inspection
» Formal methods
» Testing
17
IIS
Example: RFID virus
There is a large amount of code
Generic protocols and facilities
Back end data bases
So the usual attacks:
» Buffer overflow
» SQL injection “;shutdown--”
Best paper
award
Don’t trust data from RFID tag…
[Rie06] M. R. Rieback, B. Crispo, and A. S. Tanenbaum. Is your cat infected with a computer virus? In 4th
Annual IEEE Int. Conf. on Pervasive Computing and Communications (PerCom), pages 169-179, Pisa, Italy,
Mar
IIS IEEE Computer Society. http://dx.doi.org/10.1109/PERCOM.2006.32
18 2006.
Physical attacks
The circuitry is complex and vulnerable
» Chemicals & etching
» SEM Voltage contrast
» Probe stations
» Focused Ion Beam (FIB) to make probe pads
Counter measures
» Reduced feature size (100nm)
» Multi layering
» Protective layers
» Sensors
» Bus scrambling
19
IIS
Low cost physical attacks
Block EEPROM writes by isolating Vpp
Rent focused Ion beam
[And97d] R. J. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In 5th Int. Workshop on
Security Protocols, volume LNCS 1361, pages 125-136, Paris, France, Apr 1997.
http://dx.doi.org/10.1007/BFb0028165
IIS
20
Side channel attacks
Physical phenomena can be measured
» Power
Watch this video
» EM radiation (X-ray, light, sound)
» Time
and changed
» Voltage (example later)
» Frequency (example later)
[Vua09] M. Vuagnoux and S. Pasini. Compromising electromagnetic emanations of wired andWireless
keyboards. In 18th USENIX Security Symp., pages 1-16, Montreal, Canada, Aug 2009. USENIX Assoc.
http://www.usenix.org/events/sec09/tech/full_papers/vuagnoux.pdf
IIS
21
Timing attack
Exponentiation by square and multiply
» for i = n − 2 downto 0
»
X = X2
»
if (d[i] == 1) then
»
X = X*M
Power trace shows bits 1 in the key
22
IIS
Simple power analysis
16 rounds DES
Rounds 2 & 3
[Koc99] P. C. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. J. Wiener, editor, 19th Int. Conf.
on Advances in Cryptology (CRYPTO), volume 1666 of LNCS, pages 388-397, Santa Barbara, California, Aug
IIS
23 Springer.
1999.
http://www.cryptography.com/resources/whitepapers/DPA.pdf
Differential power attacks
Difference in the third cycle due to
difference in input value for encryption
24
IIS
Active attacks : Power Dip
Reading
threshold
vcc
Stored value
of logical zero
A power Dip at the
Moment of reading
a memory cell
gnd
read a 0 as a 1
Protection measure
» Check VCC & raise an alarm if it drops
» Problem: Fast transients during start-up may raise
false alarms
25
IIS
Active attacks : Clock Glitch
Dump all of the memory
Replace 5MHz pulse by 4 pulses of 20MHz:
1. b = answer_address
2. a = answer_length
3. If (a == 0) goto 8
4.
transmit(*b)
5.
b=b+1
6.
a=a-1
Glitch here
7. goto 3
[And97d] R. J. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In 5th Int. Workshop on
Security Protocols, volume LNCS 1361, pages 125-136, Paris, France, Apr 1997.
http://dx.doi.org/10.1007/BFb0028165
IIS
26
Countermeasures
Hardware
» Lower power signals
» Increase noise levels
» Introduce timing noise
Software
» Parallelism
» Introduce random delays
» Constant time execution
» Blinding intermediate values
27
IIS
Countermeasures
Make attacks harder but not impossible
Hard to get right
Expensive to implement
28
IIS
Out of the box thinking
The humble Capacitor
» Emanates acoustic signals
» Sensitive to shocks and vibration
» CA/d
29
IIS
Listen to a PC multiplying
Freeze 1500 μF
capacitor
http://people.csail.mit.edu/tromer/acoustic/
IIS
30
Shaking a smart card....
31
IIS
Attackers business case
Attack
Class
Equipment
Cost
Succ.
Rate
Devel.
Time
Exec.
Time
Logical
PC, card reader
1-10K
Low
Wks
Mins
Physical
PC, Probe Station, 100KSEM,
1M
FIB,Microscope,
Chemistry Lab
High
Mnths
Days
Side
Channel
PC, Oscilloscope,
Function Gen.
Med.
Mnths
Hours
10K100K
Rental!
32
IIS
Design guidelines
Define the level of security needed
Perform a risk analysis
Consider the attackers business case
Use the right technologies
Build in fraud management
Design recovery and fall-back
Consider the overall system
33
IIS
IBM 4758 Crypto Coprocessor
Rolls Royce of secure devices
Tamper sensing barrier
Keys move in the RAM
Temperature & X-ray sensor
Solid aluminium case & epoxy
potting
low pass filter on power supply
Used in ATMs
Hacked!
[Cla03b] R. Clayton and M. Bond. Experience using a Low-Cost FPGA design to crack DES keys. In 4th Int.
Workshop on Cryptographic Hardware and Embedded Systems (CHES), volume LNCS 2523, pages 877-883,
Redwood
IISShores, California, 2003. Springer. http://dx.doi.org/10.1007/3-540-36400-5_42
34
(Semi) Natural tags
Finger printing
[Buc05] J. D. R. Buchanan, R. P. Cowburn, A.-V. Jausovec, D. Petit, P. Seem, G. Xiong, D.
Atkinson, K. Fenton, D. A. Allwood, and M. T. Bryan. Forgery: 'fingerprinting' documents and
packaging.
Nature, 436(7050):475, Jul 2005. http://dx.doi.org/10.1038/436475a
IIS
36
Philips Coating PUF
[Sko08] B. Škorić, G.-J. Schrijen, W. Ophey, R. Wolters, N. Verhaegh, and J. van Geloven. Experimental
hardware for coating PUFs and optical PUFs. In P. Tuyls, B. Škorić, and T. Kevenaar, editors, Security with
Noisy Data - On Private Biometrics, Secure Key Storage and Anti-Counterfeiting, pages 255-268. Springer
London,
2008. http://dx.doi.org/10.1007/978-1-84628-984-2_15
IIS
37
MEMS particles
1x1x12 m particles, shapes
Church and school roof, power line
grease/gel
Watch this video
Jewellery fluid
Spray vandals/thiefs
Smart water
[Kay92] P. H. Kaye, F. Micheli, M. Tracey, E. Hirst, and A. M. Gundlach. The production of precision silicon
micromachined non-spherical particles for aerosol studies. Journal of Aerosol Science, 23(Suppl 1):201-204,
1992. http://dx.doi.org/10.1016/0021-8502(92)90384-8
http://www.redwebsecurity.com/
38
Conclusions
Affordable tamper resistance technology
exists
Getting it right is difficult
Out of the box thinking required
39
IIS