Upload
milk0
View
218
Download
0
Embed Size (px)
Citation preview
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 1/63
BlackHat Japan ‘08Karsten Nohl—Univ. of Virginia
Source: New Yorker
Some material courtesy bunnie or Flylogic.
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 2/63
Lots of critical infrastructure relies on securehardware
Smartcards for access control, payment tokens
Satellite TV cards, car keys, printer cartridges, … Security often considered hard and expensive
Hence, often excluded from initial design
▪ Protection added after problems arise
▪ Patchwork security is harder and more expensive!
Karsten Nohl - Hardware Security 2
Accurate security estimates neededfor risk assessment.
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 3/63
Karsten Nohl - Hardware Security 3
Cryptographiccipher
Cryptographiccipher Challenge-
responseprotocol
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 4/63
Karsten Nohl - Hardware Security 4
CipherCipher
Backend Server
Near Field
C
ommunicationphone
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 5/63
Karsten Nohl - Hardware Security 5
Encrypted .data
Cipher
Decrypteddata .
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 6/63
Karsten Nohl - Hardware Security 6
CipherCipher
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 7/63
Hardware security relies ona) Key storage
b) Cryptographic cipher (encryption)
Many systems fail to acknowledge lack of
secrecy in hardware
“There are no secrets in silicon.” -bunnie
Karsten Nohl - Hardware Security 7
This talk discusses common weaknesses insecure key storage and proprietary encryption.
Cipher
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 8/63
Microchip Basics
Reverse-engineering algorithms
Finding secret ciphers Exploiting proprietary encryption
Security of key storage
Demo / Hands-on lab
Karsten Nohl - Hardware Security 8
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 9/63
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 10/63
I n
f i n e o n S
L E
6 6 , c o u r t e s
y
F l y l o g i c
Karsten Nohl - Hardware Security 10
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 11/63
Analyze chips using “last principles” Principle #1: Chips are structured
▪ Crucial for design partitioning and refactoring
Principle #2: Chips are designed to be read back▪ Enables prototyping and debugging
Complement analysis with “first principle”
Principle #3: Nothing can be hidden in silicon▪ Chips are self-contained; hence all data, programs, and
algorithms are available on the chip
Karsten Nohl - Hardware Security 11
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 12/63
I n
f i n e o n S
L E
6 6 , c o u r t e s
y
F l y l o g i c
Karsten Nohl - Hardware Security 12
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 13/63Karsten Nohl - Hardware Security 13Infineon SLE66 address/data bus, courtesy Flylogic
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 14/63
Can sometimesprotect data, butnot algorithms
Karsten Nohl - Hardware Security 14
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 15/63
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 16/63
Most security systems use cryptography Too many use proprietary ciphers
Many are weak, but secret
We find cipher implementations from silicon Cheap approach, no crypto knowledge required
We want to enable you to do the same
Karsten Nohl - Hardware Security 16
“No more weak ciphers. No more paranoia.”Sean O’Neil
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 17/63
Radio Frequency IDentification Tiny computer chips
Passively Powered
Karsten Nohl - Hardware Security 17
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 18/63
RFIDs are becoming ubiquitous Integrated in many security applications
Payment, Access Control
Passports, Car Ignition Implants, …
Karsten Nohl - Hardware Security 18
RFIDs will be universal
identifier . Might replacepasswords, PINs, and
fingerprints.
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 19/63
Karsten Nohl - Hardware Security 19
Passports
RSA
TU Graz [‘05]
AESNo Crypto
Mifare
???
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 20/63
NXP claimed high security: “approved authentication”
“advanced security levels”
Specs suggested
mediocre security
at best: Stream cipher
with small 48 bit key
Karsten Nohl - Hardware Security 20
Car thefts(source: hldi.org)
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 21/63
Karsten Nohl - Hardware Security 21
Reverse-engineered the secretcipher of the Mifare Classic RFID tag
and evaluated its security
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 22/63
Karsten Nohl - Hardware Security 22
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 23/63
Chemically extract chips:
Acetone
Fuming nitric acid
Shortcut: buy blank chips!
Karsten Nohl - Hardware Security 23
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 24/63
Karsten Nohl - Hardware Security 24
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 25/63
Karsten Nohl - Hardware Security 25
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 26/63
Automated polishingwith machine
–or–
Manually with sand paper “On your kitchen table”
Potential problem: tilt Solution: imbed chip in
block of plastic
Karsten Nohl - Hardware Security 26
-Starbug
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 27/63
Simple optical microscope 500x magnification
Camera 1 Mpixel
Costs < $1000, found in most labs
Stitching images Panorama software (hugin)
Each image ~100x100 μm
Align image layers
Karsten Nohl - Hardware Security 27
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 28/63
Karsten Nohl - Hardware Security 28
Cover layer
3 Interconnection layer
Logiclayer
Transistorlayer
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 29/63
Karsten Nohl - Hardware Security 29
4 NAND: Y = !(A & B & C & D)
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 30/63
Karsten Nohl - Hardware Security 30
select
detect
Logic cells are pickedform a library
Library contains fewer
than 70 gate types
Detection automated
(template matchingusing MATLAB)
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 31/63
Karsten Nohl - Hardware Security 31
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 32/63
Karsten Nohl - Hardware Security 32
Y
A
+
-
+
-
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 33/63
Karsten Nohl - Hardware Security 33
Y
A B
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 34/63
Karsten Nohl - Hardware Security 34
Collection of logic cells Free for studying,
comparing, and reverse-
engineering silicon chips
Zoo wants to grow—send
your chip images!
www.siliconzoo.org
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 35/63
Connections across all layers
Traced 1500 (!) connections manually
Tedious, time consuming
Error-prone (but errors easily spottable)
Tracing completely automated by now
Karsten Nohl - Hardware Security 35
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 36/63
Karsten Nohl - Hardware Security 36
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 37/63
Metal wire
Intra-layer via
Karsten Nohl - Hardware Security 37
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 38/63
Karsten Nohl - Hardware Security 38
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 39/63
Obfuscated placing and wiring of logic cells May defeat human inspection, but not automated tools
Dummy cells
Makes reversing harder, but not impossible
Large chips
Huge effort, huge rewards?
Self-destructive chips?
May protect secret keys, not secret algorithms
Karsten Nohl - Hardware Security 39
Source: flylogic.net
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 40/63
Karsten Nohl - Hardware Security 40
48-bit LFSR
f (∙)
RNG
Challenge Key stream
ID
+
Response
++
48-bit stream cipherMutual authentication
protocol
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 41/63
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 42/63
Karsten Nohl - Hardware Security 42
µ-Controller
NXP
Reader IC
a) Sniffing datab) Full control over timing!
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 43/63
RNG
Karsten Nohl - Hardware Security 43
16(!!)-bit random numbers
LFSR –based
Value determined by time of read
Our Attack:
Control timing (OpenPCD)
= control random number (works for tag and reader!)= break Mifare security :)
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 44/63
Cipher complexity low
Was probably a
primary design goal Very efficient
FPGA implementation
FPGA cluster finds keyin 50 minutes!
30 sec. when trading space for time!!
Karsten Nohl - Hardware Security 44
Source: Pico Comp.
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 45/63
Filter function is a network of smaller
functions that are statistically biased Adversary controls inputs, can probe forinternal state bits
Attack takes < 1 minute on laptop
Karsten Nohl - Hardware Security 45
48-bit LFSR
f a(∙) f b(∙) f a(∙) f a(∙) f b(∙)
f c(∙)
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 46/63
Unpublished attacks that exploit simplefeedback structure and statistical weaknesses
Completely passive
Works for strong random numbers Hence, even against Crypto-1 on Mifare Plus!
Attack takes 6 seconds on laptop
Stay tuned for publication …
Karsten Nohl - Hardware Security 46
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 47/63
Weak Authentication Protocol
Karsten Nohl - Hardware Security 47
48-Bit Stream Cipher
Weak Filter Function Weak Random
Number
Generator
Time Memory Trade Offs
Brute Force
(due to small key)
Key Probing
Algebraic Attacks
Replay Attacks
(due to predictable
random numbers)
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 48/63
Karsten Nohl - Hardware Security 48
Runtime on
FPGA Cluster
($100,000)
Runtime
on PC
Works despite strong
random numbers
(Mifare Plus)
Hard to
Detect
Replay Attacks (0) (0) No No
Brute Force 50 min—
Yes Yes
Time Memory
Trade Offs (TMTO)
30 sec — No Maybe
Key Probing — 1 min No No
Algebraic Attacks—
6 sec Yes Yes
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 49/63
Karsten Nohl - Hardware Security 49
No Crypto
ProprietaryCryptography(i.e., Mifare)
Security
Protection insufficient for almost all common
uses of smart cards: Access control, car theft protection, payment tokens,
TV subscriptions, hardware dongles, …
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 50/63
Reverse-Engineering is possible (and fun) You should try! (we will help)
Easy targets: small chips with proprietary crypto
Bigger rewards: bugs, backdoors, debug functions
Obscurity adds security only in the short-run
Lack of peer-review hurts later
Countermeasures mostly ineffective
Karsten Nohl - Hardware Security 50
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 51/63
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 52/63
More ubiquitous systems typically have morecopies of the secret keys in accessible places
Will become weakest link in mobile applications
Karsten Nohl - Hardware Security 52
Protocols
Cryptography
Secret keys
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 53/63
Secret keys can be stored: Online:
▪ Keys only stored on central server
▪
Expensive setup, long response times Semi-online:
▪ Devices receive keys at boot time
▪ Keys often stored in DRAM at runtime; bad idea!
Offline:▪ Devices “securely” store key copy
Karsten Nohl - Hardware Security 53
Protocols
Cryptography
Secret keys
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 54/63
Karsten Nohl - Hardware Security 54
Chip ID
Encryptedkey
ProprietaryDecryption
Chip key oraccess password
Everything neededto disclose key is
found on chip
Secret algorithmscan be found; mightbe costly (>$100,000)
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 55/63
Secret keys should be Different for every user
▪ Requires many different keys
Immediately accessible▪ Requires small number of keys
Best practice: derive user keys from master
key; store master key in „key vault“
Karsten Nohl - Hardware Security 55
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 56/63
Hardware Security Modules (HSM) Used in ATMs (cash machine) and
some smart card readers
Use proprietary encryption Hence, can be broken
▪ Probably high effort
Secure Access Modules (SAM)
are much easier to break
Credit card / smart card readers
Karsten Nohl - Hardware Security 56
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 57/63
Karsten Nohl - Hardware Security 57
HSM ID
Encrypted
key
ProprietaryDecryption
Master key Card ID,sector, …
AES / 3DES
Card key
Hardware SecurityModule (HSM)
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 58/63
„Secure“ AccessModules are usuallystandard micro-processors
Low effort to extract
master keys
SIMs/SAMs are
becoming cheaperand less secure!
(cell phones are not
any better)
Karsten Nohl - Hardware Security 58
Source: Flylogic
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 59/63
Secret algorithms for key storage anddiversification can be found
Same techniques that find proprietary encryption
Easy for most SAMs, high effort for HSMs
Secret keys can be extracted from “secure”
key storage
Online systems secure keys, but may necessitatetheir own access control
Best practice: always be prepared for key roll-over
Karsten Nohl - Hardware Security 59
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 60/63
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 61/63
For the hands-on exercises after the demo,please download and install:
Or, if you already have Matlab and Image
Processing Library installed, get:
Karsten Nohl - Hardware Security 61
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 62/63
8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware
http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 63/63
Hardware security is hard Cost constraints, legacy support
▪ Leads to weak ciphers
Hardness of distributed trust
▪ Online systems too slow and expensive
▪ Offline systems may not protect secret key
Prepare for failure
Layer security measures
Support key roll-over
Never rely on single manufacturer
Protocols
Cryptography
Secret keys