Workarounds. How side-channel attacks can steal data and bypass encryption.

Brother

Brother

Professional
Messages
2,590
Reaction score
544
Points
113
2e4679f093e511153c464.png


All techniques for breaking cryptographic systems are divided into two large groups: using the shortcomings of the encryption algorithms themselves and their physical implementations. In this article, we will look at the latter, which are called SCA (side-channel attacks) - attacks on side (or side) channels.

WARNING​

This article was written for research purposes. All information in it is for informational purposes only. Neither the author nor the editors are responsible for any possible harm.

What is SCA​

Unlike an abstract mathematical model, any physical implementation of a cipher system cannot be completely isolated. It always consists of some commercially available components that have their own characteristics of work. For example, a cryptomodule consumes power unevenly during different bit operations, creates characteristic radio frequency interference, experiences delays that differ depending on the input data, heats up more in one case and weaker in another. All this is indirect data that allow you to find out secret information without having direct access to it.

In practice, SCA is widely used in various ways - from eavesdropping on passwords to reading protected areas of memory bypassing the isolation of the address space, and not necessarily on the local machine.

The essence of SCA is to intercept some side signals arising from the processing of isolated or encrypted data instead of a frontal attack. Then, using these signals, they try to recover secret information (password, hash, encryption key, message text) without directly accessing the protected data.

Sound vibrations​

The simplest example: you want to find out your colleague's password, but you cannot spy on it while typing. At the same time, it is possible to determine its length by ear and a single use of a space - this key sounds very peculiar. Without any hardware or cunning software, you've already learned a lot about the password by just perking up your ears.

If you make a few audio recordings of a colleague logging in, and then apply statistical analysis, then you could recover all or most of the password. Single uncertainly recognized characters are still matched by the mask in a short time.

The same essentially (but more complicated in terms of implementation) method of side-channel attack was used by the British agency GCHQ in the mid-sixties. It installed microphones in the Egyptian embassy and recorded the sounds made by a mechanical encryption machine. They used them to find out the initial positions of the two character disks, and then they opened the encryption scheme with the usual brute force.

Today SCAs are rarely performed on an acoustic channel, unless it is done as an academic study. For example, the famous cryptographer Adi Shamir set out to recover the RSA key from a dictaphone recording of sound encryption patterns. (Yes, electronics also creaks in different ways when performing typical operations.) He eventually managed to do this, albeit in completely atypical conditions: the computer continuously encrypted with the same key for an hour, all other processes were unloaded.

Electromagnetic radiation​

Much more often in practice, electromagnetic radiation (EMI) is measured. It also changes depending on which scan code is sent to the computer from the keyboard and which instructions are executed by different chips. In Russian, this is called registration of PEMIN (spurious electromagnetic radiation and interference), and in the English-language literature - TEMPEST (Transient Electromagnetic Pulse Emanation Standard).

The abbreviation TEMPEST was taken from the secret US program of the same name in the seventies. To date, a whole set of standards has been developed on its basis, which describes the requirements for protecting equipment of various classes from unmasking EM radiation. In the 2000s, the term TEMPEST began to be used to refer to any attack based on the registration of collateral EMP.

In the modern version, programmable radio systems (SDR) are most often used for PEMIN analysis. For example, in their work Stealing Keys from PCs using a Radio, the authors show how using the FUNcube Dongle Pro + receiver you can open RSA keys, being half a meter from the laptop that processes them.

Another curious modification of this attack is the continuous measurement of the electrical potential on the laptop case during encryption or decryption. By comparing the graph with a known ciphertext and algorithm, it is possible to calculate a key even of a very large length.

Types of Side Channel Attacks​

If you get physical access to the equipment, then there are more vectors for attack through side channels. You can measure timing attacks, peaks in power consumption at the start of encryption rounds (power-monitoring attacks), manipulate input data, and examine fault attacks. Here's a general outline.

This division is very conditional. For example, “remote” here means both network attacks (see time attack on OpenSSL, PDF) and, say, interception of radio signals (you can learn more about it in the study A Survey of Electromagnetic Side-Channel Attacks, PDF).

In turn, "locality" can mean both the simple ability to get closer to the computer, and the ability to run code on it from a local medium, or even solder wires to a cryptographic module.

With the division into active and passive attacks, everything is relatively simple. Interfering with the cryptosystem? Are you changing its parameters? These are active actions. Sitting quietly with the receiver and silently watching? This is a passive interception, in which you are unlikely to sleep.

Most often, active attacks are performed to speed up the hacking, but sometimes this is just the only option. For example, to open a cryptomodule using the "black box" method, you need to send different (known) messages to it at the input and accumulate the output data for subsequent statistical analysis (difference method).

Reading residual information​

This is one of the most popular techniques. It includes recovering recently deleted files, a generic cold boot attack, and more specific techniques such as extracting a BitLocker key from a RAM dump.

When programs run, they leave a lot of traces on the disk (temporary files, logs) and in the RAM (which is virtualized and periodically swapped to the same disk), so you should always start by looking for residual information. Most techniques require physical access, but remote attacks are also possible, such as downloading backups over the network or reading the cache of a network MFP in search of documents that have passed through it.

Analysis of computational errors​

The longest procedure. Used when you don't have simpler options. At the level of hardware encryption, the occurrence of an error in the calculations can be triggered by changing the clock frequency or supply voltage of the cryptographic module. These manipulations greatly simplified the emergence of the available ChipWhisperer platform for analyzing the resistance to SCA of hardware components.

In ordinary computers, encryption is software, so you have to act differently there. Over and over again you replace part of the encrypted data (for example, overwriting memory pages) and look at the errors that occur during their further processing. One way or another, during the attack, you gradually accumulate statistics for differential analysis in the hope that you will find some kind of pattern between the input and output parameters between the plaintext and the encrypted one you know.

This process can be surprisingly rewarding because of the typical flaws in application programs and drivers. For example, Fault Attacks on Encrypted General Purpose Compute Platforms describes how you can crack the RSA secret key in GnuPG by analyzing system errors with encryption of all data in RAM (analogous to AMD Secure Memory Encryption).

Time attack​

This attack becomes possible if the duration of encryption operations depends on the data structure. This is true for all cryptosystems performing addition operations on an arbitrary (unknown in advance) number of bits. For example, for RSA and the SSL protocol based on it.

Worse, there is a kind of generic timing attacks. They target a general-purpose processor cache and can reveal information from any ongoing process - including a password manager, sandboxed browser, and encrypted virtual drive on the fly. See Meltdown and Specter for more details.

(Non) invasive attacks​

Invasiveness is the need for physical impacts on the attacked system. For example, opening a hardware-encrypted USB Flash case, dissolving the epoxy with acetone, and removing the copper shielding plate is an invasive attack (Google employees demonstrated it at Black Hat 2017, see their presentation slides, PDF). If there is no shielding inside such a flash drive, then you can act non-invasively and immediately perform a passive TEMPEST attack. Accordingly, there are intermediate "semi-invasive" methods, in which there are no irreversible changes in the design.

The most invasive method is probing. In the simplest case, the cryptomodule is opened and measuring equipment is connected to its legs or tracks. In extreme cases, it is literally studied under a microscope. A thin layer of the microtome is removed from the chip, after which the internal structure of the microcircuit is photographed with a high magnification. The procedure is repeated until the circuit diagram is restored.

Probing with "scraping" microcircuits and macro photography was popular in the eighties, when there were relatively few transistors inside the chips, and their size made it possible to see the connections through an optical microscope. Now it is used mainly for comparative analysis of individual microcontrollers and specialized circuits. It is almost impossible to study the device of modern processors in this way due to strict technological standards (14 nm or less) and the abundance of elements (billions of transistors).

Recipe for success​

In general, it doesn't really matter which side channel you choose. The main thing is that the following conditions are met during data reading:
  • the level of the recorded signal is higher than the noise level (rather high SNR ratio);
  • there is a correlation between the characteristics of the intercepted signal and the desired data (not necessarily obvious, but detected by statistical methods);
  • on the side channel, there are known low delays (the recorded value changes almost synchronously with the investigated one);
  • the frequency of registration of the signal in the side channel is equal to the frequency of change of secret data or exceeds it.

These conditions are violated in sloppy experiments, therefore, at hacker conferences, there are sometimes groundless statements about new types of SCA. For example, by changing the level of illumination in the room, they try to recreate the image on the monitor. In the era of CRT, this was possible due to horizontal scanning, but with the advent of LCD panels (in which the frames change entirely) there was not enough data for such an attack. The probability of success turned out to be about the same as guessing the state of an FHD matrix by one pixel.

It happens that the method is clearly trying to use beyond the limits of its applicability. For example, the dynamics of voltage and current readings taken directly from the chip will tell a lot about the nature of its calculations. So, using CPA (Correlation Power Analysis) in 2014, it was possible to crack AES in all encryption modes. At the same time, it is useless to try to recover the secret key by changing the power consumption of the computer. The maximum will be able to determine that it is enabled and performs some resource-intensive operations.

SCA protection​

Methods for countering side-channel attacks become apparent from an analysis of hacking practices. Here's a set of general guidelines:
  • maximum isolation. As an administrator, disable unused network interfaces, close unnecessary ports. As a user - use the onscreen keyboard to enter passwords. As a paranoid - install a polarizing light filter on the screen to prevent peeping;
  • physical access control. Lock your external media in a safe or keep it with you. If they have real encryption, this is not a reason to leave them on the table. Do not let strangers into the computer in your absence, even under a guest account. The worst hacker - with a screwdriver and a bootable USB flash drive;
  • elimination of traces. Use guaranteed deletion of files, cleaning the paging file, browser cache and directories with temporary files. Process the most confidential data in Live OS, aimed at privacy;
  • selection of cryptosystems with SCA countermeasures. The same encryption algorithm can have fundamentally different implementations. Thus, AES-CTR is less vulnerable to SCA than AES-ECB;
  • creating noise. Falling SNR below the critical level will render any ranged attack ineffective. Loud music will interfere with eavesdropping, the microwave will clog part of the EM spectrum with noise. This is done more reliably by specialized jammers;
  • general safety rules. Regularly changing passwords and encryption keys will make complex interception schemes useless.

The rest of the methods concern developers of secure devices:
  • it is recommended to shield all electronic circuits, except for wireless communication modules (anti-TEMPEST);
  • erase the marking of microcircuits and fill the boards with epoxy resin (counteraction to invasive methods);
  • align the timing of operations (anti-timing);
  • balance energy consumption (anti-CPA);
  • use a built-in (and not an external) clock generator and an additional Zener diode (anti-fault);
  • remove debug ports from serial products;
  • choose algorithms with bitwise operations on a fixed number of bits (independence from input data);
  • mask data and change initialization vectors more often (interferes with the search for correlations).

Conclusion​

In addition to cryptographic systems, side-channel attacks are increasingly being carried out against typical computer components. For example, SCA on paged virtual memory cache and another generic attack on memory segment isolation in Intel x86 architecture were recently described.

Older encryption protocols can be attacked head-on because they contain known vulnerabilities at the level of cryptographic primitives. For example, due to its prone to collisions, the SHA-1 hash function allows you to quickly generate a fake digital signature or create a fake certificate. The situation is similar with the RC4 streaming algorithm. It is at the heart of WEP authentication, which can be cracked with AirCrack in a minute.

These are all known weaknesses of the old algorithms. For new ones, no effective attacks have yet been invented, so the only way to open them using technical methods is to look for workarounds. Typically, a particular attack modification meets several criteria at once, since the side channels complement each other.
 
You must log in or register to reply here.

Similar threads

P
NFC relay attacks on access cards
Replies
0
Views
187
Papa Carder
P
Investor
All about CC carding for beginners and professionals carders - CC merchants / CC drops / Reroute / Pickup / Antifraud etc. (trash info)
Replies
0
Views
100
Investor
Investor
P
EMV Relay Attacks
Replies
0
Views
203
Papa Carder
P
Professor
Shadows in the Digital Mirror: How the Market for Stolen Biometric Data Threatens the Foundations of Digital Identity
Replies
0
Views
441
Professor
Professor
P
Bypass KYC verification for most websites
Replies
0
Views
603
Papa Carder
P
Back
Top