63
BlackHat Japan ‘08 Karsten NohlUniv. of Virginia Source: New Yorker Some material courte sy bunnie or Flylogic.

BlackHat Japan 08 Nohl Secret Algorithms in Hardware

  • Upload
    milk0

  • View
    218

  • Download
    0

Embed Size (px)

Citation preview

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 1/63

BlackHat Japan ‘08Karsten Nohl—Univ. of Virginia

Source: New Yorker 

Some material courtesy bunnie or Flylogic.

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 2/63

Lots of critical infrastructure relies on securehardware

Smartcards for access control, payment tokens

Satellite TV cards, car keys, printer cartridges, … Security often considered hard and expensive

Hence, often excluded from initial design

▪ Protection added after problems arise

▪ Patchwork security is harder and more expensive!

Karsten Nohl - Hardware Security 2

Accurate security estimates neededfor risk assessment.

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 3/63

Karsten Nohl - Hardware Security 3

Cryptographiccipher

Cryptographiccipher Challenge-

responseprotocol

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 4/63

Karsten Nohl - Hardware Security 4

CipherCipher

Backend Server

Near Field

C

ommunicationphone

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 5/63

Karsten Nohl - Hardware Security 5

Encrypted .data

Cipher

Decrypteddata .

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 6/63

Karsten Nohl - Hardware Security 6

CipherCipher

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 7/63

Hardware security relies ona) Key storage

b) Cryptographic cipher (encryption)

Many systems fail to acknowledge lack of 

secrecy in hardware

“There are no secrets in silicon.” -bunnie

Karsten Nohl - Hardware Security 7

This talk discusses common weaknesses insecure key storage and proprietary encryption.

Cipher

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 8/63

Microchip Basics

Reverse-engineering algorithms

Finding secret ciphers Exploiting proprietary encryption

Security of key storage

Demo / Hands-on lab

Karsten Nohl - Hardware Security 8

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 9/63

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 10/63

    I   n

    f    i   n   e   o   n     S

    L    E

    6    6 ,   c   o   u   r   t   e   s

   y

    F    l   y    l   o   g    i   c

Karsten Nohl - Hardware Security 10

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 11/63

Analyze chips using “last principles” Principle #1: Chips are structured

▪ Crucial for design partitioning and refactoring

Principle #2: Chips are designed to be read back▪ Enables prototyping and debugging

Complement analysis with “first principle”

Principle #3: Nothing can be hidden in silicon▪ Chips are self-contained; hence all data, programs, and

algorithms are available on the chip

Karsten Nohl - Hardware Security 11

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 12/63

    I   n

    f    i   n   e   o   n     S

    L    E

    6    6 ,   c   o   u   r   t   e   s

   y

    F    l   y    l   o   g    i   c

Karsten Nohl - Hardware Security 12

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 13/63Karsten Nohl - Hardware Security 13Infineon SLE66 address/data bus, courtesy Flylogic

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 14/63

Can sometimesprotect data, butnot algorithms

Karsten Nohl - Hardware Security 14

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 15/63

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 16/63

Most security systems use cryptography Too many use proprietary ciphers

Many are weak, but secret

We find cipher implementations from silicon Cheap approach, no crypto knowledge required

We want to enable you to do the same

Karsten Nohl - Hardware Security 16

“No more weak ciphers. No more paranoia.”Sean O’Neil

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 17/63

Radio Frequency IDentification Tiny computer chips

Passively Powered

Karsten Nohl - Hardware Security 17

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 18/63

RFIDs are becoming ubiquitous Integrated in many security applications

Payment, Access Control

Passports, Car Ignition Implants, …

Karsten Nohl - Hardware Security 18

RFIDs will be universal 

identifier . Might replacepasswords, PINs, and

fingerprints.

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 19/63

Karsten Nohl - Hardware Security 19

Passports

RSA

TU Graz [‘05]

AESNo Crypto

Mifare

???

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 20/63

NXP claimed high security: “approved authentication”

“advanced security levels”

Specs suggested

mediocre security

at best: Stream cipher

with small 48 bit key

Karsten Nohl - Hardware Security 20

Car thefts(source: hldi.org)

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 21/63

Karsten Nohl - Hardware Security 21

Reverse-engineered the secretcipher of the Mifare Classic RFID tag

and evaluated its security

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 22/63

Karsten Nohl - Hardware Security 22

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 23/63

Chemically extract chips:

Acetone

Fuming nitric acid

Shortcut: buy blank chips!

Karsten Nohl - Hardware Security 23

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 24/63

Karsten Nohl - Hardware Security 24

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 25/63

Karsten Nohl - Hardware Security 25

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 26/63

Automated polishingwith machine

–or–

Manually with sand paper “On your kitchen table”

Potential problem: tilt Solution: imbed chip in

block of plastic

Karsten Nohl - Hardware Security 26

-Starbug

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 27/63

Simple optical microscope 500x magnification

Camera 1 Mpixel

Costs < $1000, found in most labs

Stitching images Panorama software (hugin)

Each image ~100x100 μm

Align image layers

Karsten Nohl - Hardware Security 27

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 28/63

Karsten Nohl - Hardware Security 28

Cover layer

3 Interconnection layer

Logiclayer

Transistorlayer

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 29/63

Karsten Nohl - Hardware Security 29

4 NAND: Y = !(A & B & C & D)

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 30/63

Karsten Nohl - Hardware Security 30

select

detect

Logic cells are pickedform a library

Library contains fewer

than 70 gate types

Detection automated

(template matchingusing MATLAB)

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 31/63

Karsten Nohl - Hardware Security 31

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 32/63

Karsten Nohl - Hardware Security 32

Y

A

+

-

+

-

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 33/63

Karsten Nohl - Hardware Security 33

Y

A B

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 34/63

Karsten Nohl - Hardware Security 34

Collection of logic cells Free for studying,

comparing, and reverse-

engineering silicon chips

Zoo wants to grow—send

your chip images!

www.siliconzoo.org

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 35/63

Connections across all layers

Traced 1500 (!) connections manually

Tedious, time consuming

Error-prone (but errors easily spottable)

Tracing completely automated by now

Karsten Nohl - Hardware Security 35

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 36/63

Karsten Nohl - Hardware Security 36

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 37/63

Metal wire

Intra-layer via

Karsten Nohl - Hardware Security 37

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 38/63

Karsten Nohl - Hardware Security 38

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 39/63

Obfuscated placing and wiring of logic cells May defeat human inspection, but not automated tools

Dummy cells

Makes reversing harder, but not impossible

Large chips

Huge effort, huge rewards?

Self-destructive chips?

May protect secret keys, not secret algorithms

Karsten Nohl - Hardware Security 39

Source: flylogic.net

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 40/63

Karsten Nohl - Hardware Security 40

48-bit LFSR

f (∙)

RNG

Challenge Key stream

ID

+

Response

++

48-bit stream cipherMutual authentication

protocol

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 41/63

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 42/63

Karsten Nohl - Hardware Security 42

µ-Controller

NXP

Reader IC

a) Sniffing datab) Full control over timing!

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 43/63

RNG

Karsten Nohl - Hardware Security 43

16(!!)-bit random numbers

LFSR –based

Value determined by time of read

Our Attack:

Control timing (OpenPCD)

= control random number (works for tag and reader!)= break Mifare security :)

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 44/63

Cipher complexity low

Was probably a

primary design goal Very efficient

FPGA implementation

FPGA cluster finds keyin 50 minutes!

30 sec. when trading space for time!!

Karsten Nohl - Hardware Security 44

Source: Pico Comp.

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 45/63

Filter function is a network of smaller

functions that are statistically biased Adversary controls inputs, can probe forinternal state bits

Attack takes < 1 minute on laptop

Karsten Nohl - Hardware Security 45

48-bit LFSR

f a(∙) f b(∙) f a(∙) f a(∙) f b(∙)

f c(∙)

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 46/63

Unpublished attacks that exploit simplefeedback structure and statistical weaknesses

Completely passive

Works for strong random numbers Hence, even against Crypto-1 on Mifare Plus!

Attack takes 6 seconds on laptop

Stay tuned for publication …

Karsten Nohl - Hardware Security 46

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 47/63

Weak Authentication Protocol

Karsten Nohl - Hardware Security 47

48-Bit Stream Cipher

Weak Filter Function Weak Random

Number

Generator

Time Memory Trade Offs

Brute Force

(due to small key)

Key Probing

Algebraic Attacks

Replay Attacks

(due to predictable

random numbers)

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 48/63

Karsten Nohl - Hardware Security 48

Runtime on

FPGA Cluster

($100,000)

Runtime

on PC

Works despite strong

random numbers

(Mifare Plus)

Hard to

Detect

Replay Attacks (0) (0) No No

Brute Force 50 min—

Yes Yes

Time Memory

Trade Offs (TMTO)

30 sec — No Maybe

Key Probing — 1 min No No

Algebraic Attacks—

6 sec Yes Yes

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 49/63

Karsten Nohl - Hardware Security 49

No Crypto

ProprietaryCryptography(i.e., Mifare)

Security

Protection insufficient for almost all common

uses of smart cards: Access control, car theft protection, payment tokens,

TV subscriptions, hardware dongles, …

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 50/63

Reverse-Engineering is possible (and fun) You should try! (we will help)

Easy targets: small chips with proprietary crypto

Bigger rewards: bugs, backdoors, debug functions

Obscurity adds security only in the short-run

Lack of peer-review hurts later

Countermeasures mostly ineffective

Karsten Nohl - Hardware Security 50

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 51/63

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 52/63

More ubiquitous systems typically have morecopies of the secret keys in accessible places

Will become weakest link in mobile applications

Karsten Nohl - Hardware Security 52

Protocols

Cryptography

Secret keys

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 53/63

Secret keys can be stored: Online:

▪ Keys only stored on central server

Expensive setup, long response times Semi-online:

▪ Devices receive keys at boot time

▪ Keys often stored in DRAM at runtime; bad idea!

Offline:▪ Devices “securely” store key copy

Karsten Nohl - Hardware Security 53

Protocols

Cryptography

Secret keys

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 54/63

Karsten Nohl - Hardware Security 54

Chip ID

Encryptedkey

ProprietaryDecryption

Chip key oraccess password

Everything neededto disclose key is

found on chip

Secret algorithmscan be found; mightbe costly (>$100,000)

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 55/63

Secret keys should be Different for every user

▪ Requires many different keys

Immediately accessible▪ Requires small number of keys

Best practice: derive user keys from master

key; store master key in „key vault“

Karsten Nohl - Hardware Security 55

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 56/63

Hardware Security Modules (HSM) Used in ATMs (cash machine) and

some smart card readers

Use proprietary encryption Hence, can be broken

▪ Probably high effort

Secure Access Modules (SAM)

are much easier to break

Credit card / smart card readers

Karsten Nohl - Hardware Security 56

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 57/63

Karsten Nohl - Hardware Security 57

HSM ID

Encrypted

key

ProprietaryDecryption

Master key Card ID,sector, …

AES / 3DES

Card key

Hardware SecurityModule (HSM)

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 58/63

„Secure“ AccessModules are usuallystandard micro-processors

Low effort to extract

master keys

SIMs/SAMs are

becoming cheaperand less secure!

(cell phones are not

any better)

Karsten Nohl - Hardware Security 58

Source: Flylogic

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 59/63

Secret algorithms for key storage anddiversification can be found

Same techniques that find proprietary encryption

Easy for most SAMs, high effort for HSMs

Secret keys can be extracted from “secure”

key storage

Online systems secure keys, but may necessitatetheir own access control

Best practice: always be prepared for key roll-over

Karsten Nohl - Hardware Security 59

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 60/63

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 61/63

For the hands-on exercises after the demo,please download and install:

Or, if you already have Matlab and Image

Processing Library installed, get:

Karsten Nohl - Hardware Security 61

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 62/63

8/8/2019 BlackHat Japan 08 Nohl Secret Algorithms in Hardware

http://slidepdf.com/reader/full/blackhat-japan-08-nohl-secret-algorithms-in-hardware 63/63

Hardware security is hard Cost constraints, legacy support

▪ Leads to weak ciphers

Hardness of distributed trust

▪ Online systems too slow and expensive

▪ Offline systems may not protect secret key

Prepare for failure

Layer security measures

Support key roll-over

Never rely on single manufacturer

Protocols

Cryptography

Secret keys