Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
Introduction to Information Security0368-3065, Spring 2015
Lecture 8:Side-channel key extraction from PCs
Guest lecturer:Daniel Genkin
Slides credit:John Mitchell, Stanford
2
Side-channel key extraction from PCs“Who by sound and who by ground,
who by pin and who by skin”
Daniel GenkinTechnion and Tel Aviv University
Eran TromerTel Aviv University
Laboratory for Experimental Information Security
Adi ShamirWeizmann Institute of Science
joint work with
Itamar PipmanTel Aviv University
Lev PachmanovTel Aviv University
3
Side channel attacks
electromagneticacoustic
probing
opticalpower
CPUarchitecture
4
Acoustic emanations
5
Acoustic emanations from PCs
• Noisy electrical components in the voltage regulator
• Commonly known as “coil-whine’’ but also originates from capacitors
Bzzzzzz
6
Experimental setup (example)
target
microphoneamplifier
attacker
digitizer
7
Demo: distinguishing instructions
8
Distinguishing various CPU operations [Shamir Tromer 04]
1sec
frequency
time
280kHz
9
Traditional side channel attacks methodology
1. Grab/borrow/steal device2. Find key-dependent instruction3. Record emanations using
high-bandwidth equipment(> clock rate , PC: >2GHz)
4. Obtain traces5. Signal and cryptanalytic analysis 6. Recover key
for i=1…2048sqr(…)if key[i]=1
mul(…)
Hard for PCs
10
1. Grab/borrow/steal device2. Find key-dependent instruction3. Record emanations using
high-bandwidth equipment(> clock rate , PC: >2GHz)
4. Obtain traces5. Signal and cryptanalytic analysis 6. Recover key
Traditional side channel attacks methodology
Hard for PCs
Not handed out
vs.
Measuring a 2GHz PC requires expansive and bulky equipment (compared to a 100 MHz smart card)
vs.
100,000$
1,000$
Complex electronicsrunning complicated software (in parallel)
vs.
11
Acoustic Leakage of RSA
12
Definitions (RSA)
Key setup
• sk: random primes 𝑝𝑝, 𝑞𝑞,
private exponent 𝑑𝑑
• pk: 𝑛𝑛 = 𝑝𝑝𝑞𝑞, public
exponent 𝑒𝑒
Encryption𝑐𝑐 = 𝑚𝑚𝑒𝑒 𝑚𝑚𝑚𝑚𝑑𝑑 𝑛𝑛
Decryption
𝑚𝑚 = 𝑐𝑐𝑑𝑑 𝑚𝑚𝑚𝑚𝑑𝑑 𝑛𝑛A quicker way used by most implementations
𝑚𝑚𝑝𝑝 = 𝑐𝑐𝑑𝑑𝑝𝑝 𝑚𝑚𝑚𝑚𝑑𝑑 𝑝𝑝𝑚𝑚𝑞𝑞 = 𝑐𝑐𝑑𝑑𝑞𝑞 𝑚𝑚𝑚𝑚𝑑𝑑 𝑞𝑞
Obtain 𝑚𝑚 using Chinese Remainder Theorem
13
mod qmod p
GnuPG RSA key distinguishability [Shamir Tromer 04]
sound of the keys(after frequency downshifting and filtering)
frequency
time
14
Key Extraction
15
Our results: acoustic RSA key extraction
• Low-bandwidth cryptanalytic attacks– 50 kHz bandwidth to attack a 2 GHz CPU– Inexpensive equipment
• Common cryptographic software– GnuPG 1.4.15 (CVE 2013-4576)– Worked with GnuPG developers
to mitigate the attack
• Applicable to various laptop models
16
Amplifying the key dependency
• Difficulties when attacking RSA – 2GHz CPU speed vs. 50kHz measurements– Cannot rely on a single key-dependent instruction
• New idea: leakage self-amplificationabuse algorithm’s own code to amplify its own leakage!– Craft suitable cipher-texts to affect the code inside inner-most loop – Small differences in repeated inner-most loops cause a big overall
difference in code behavior– Measure acoustic leakage
17
An adaptive chosen-ciphertext attack
�0 𝑖𝑖𝑖𝑖 𝑐𝑐 > 𝑞𝑞1 𝑖𝑖𝑖𝑖 𝑐𝑐 ≤ 𝑞𝑞
𝑐𝑐 = . . . . . . 111 … 1
𝑞𝑞 = 1? ? ? ? ? ? ? …
1111...1
1000…01
𝑞𝑞 = 11? ? ? ? ? ? …
0
𝑞𝑞 = 110? ? ? ? ? …
𝑐𝑐 = 10111111…
𝑐𝑐 = 11011111…
Bit-distinguisher oracle
𝑞𝑞 = 11011010 …
18
An adaptive chosen-ciphertext attack
�0 𝑖𝑖𝑖𝑖 𝑐𝑐 > 𝑞𝑞1 𝑖𝑖𝑖𝑖 𝑐𝑐 ≤ 𝑞𝑞
𝑐𝑐 = . . . . . . 111 … 1Total #measurements:
𝐾𝐾𝑒𝑒𝐾𝐾 𝑠𝑠𝑖𝑖𝑠𝑠𝑒𝑒2 ⋅ 2
⋅ 2
Overall: 2048 decryptions for RSA-4096 (~1 hour)
Just qCoppersmith
lattice reduction:half the bits suffice
Error correction
Bit distinguisher oracle
send chosen ciphertexts using
19
GnuPG RSA decryption - 𝑚𝑚𝑞𝑞 = 𝑐𝑐𝑑𝑑𝑞𝑞 𝑚𝑚𝑚𝑚𝑑𝑑 𝑞𝑞
modular_exponentiation(c,d,q){…karatsuba_mult(a,c)…
}
karatsuba_mult(a,c){…basic_mult(x,y)…
}
basic_mult(x,y){…
}
if (y[j]==0)return 0else return y[j]*x
x7
craft c such that𝑞𝑞𝑖𝑖 = 1 → 𝐾𝐾[𝑗𝑗] = 0𝑞𝑞𝑖𝑖 = 0 → 𝐾𝐾 𝑗𝑗 ≠ 0
(for most 𝑗𝑗’s)
x19 x2048
Grand total:272384 times
~0.5 sec of measurements
20
Modular exponentiation
m = 𝑐𝑐𝑑𝑑𝑛𝑛⋯𝑑𝑑𝑖𝑖 𝑚𝑚𝑚𝑚𝑑𝑑 𝑞𝑞
m = 𝑐𝑐𝑑𝑑𝑛𝑛⋯𝑑𝑑𝑖𝑖0 𝑚𝑚𝑚𝑚𝑑𝑑 𝑞𝑞
𝑡𝑡 = 𝑐𝑐𝑑𝑑𝑛𝑛⋯𝑑𝑑𝑖𝑖1 𝑚𝑚𝑚𝑚𝑑𝑑 𝑞𝑞
m = 𝑐𝑐𝑑𝑑𝑛𝑛⋯𝑑𝑑𝑖𝑖−1 𝑚𝑚𝑚𝑚𝑑𝑑 𝑞𝑞
Q: Why always compute 𝑡𝑡 ← 𝑚𝑚 ⋅ 𝑐𝑐 then conditionally copy?A: This is a side channel countermeasure meant to protect 𝑑𝑑
21
Extracting 𝑞𝑞𝑖𝑖 (simplified)
𝑐𝑐𝑖𝑖 = 𝑞𝑞2048 ⋯𝑞𝑞𝑖𝑖+101⋯ 1
If 𝒒𝒒𝒊𝒊 = 𝟏𝟏 then 𝑐𝑐𝑖𝑖 < 𝑞𝑞, thus 𝑐𝑐 = 𝑐𝑐𝑖𝑖. That is, 𝒄𝒄 has special structure.
If 𝒒𝒒𝒊𝒊 = 𝟎𝟎 then 2q > 𝑐𝑐𝑖𝑖 > 𝑞𝑞, thus 𝑐𝑐 = 𝑐𝑐𝑖𝑖 − 𝑞𝑞.That is, 𝒄𝒄 is random looking.and we now multiply by 𝑐𝑐causing the bit-dependent leakage.
22
Extracting 𝑞𝑞𝑖𝑖
𝑐𝑐𝑖𝑖 = 𝑞𝑞2048 ⋯𝑞𝑞𝑖𝑖+101⋯ 1 + 𝑛𝑛
If 𝒒𝒒𝒊𝒊 = 𝟏𝟏 then 𝑐𝑐𝑖𝑖 − 𝑛𝑛 < 𝑞𝑞, thus 𝑐𝑐 = 𝑐𝑐𝑖𝑖 − 𝑛𝑛. That is, 𝒄𝒄 has special structure.If 𝒒𝒒𝒊𝒊 = 𝟎𝟎 then2q > 𝑐𝑐𝑖𝑖 − 𝑛𝑛 > 𝑞𝑞, thus 𝑐𝑐= 𝑐𝑐𝑖𝑖 − 𝑞𝑞 − 𝑛𝑛.That is, 𝒄𝒄 is random looking.and we now multiply by 𝑐𝑐causing the bit-dependent leakage.
23
Extracting 𝑞𝑞𝑖𝑖 (problem)
Single multiplication is way too fast for us to measure
Multiplication is repeated 2048 times (0.5 sec of data)
24
Empirical Results
25
Distinguishing a key bit by a spectral signature
frequency
time
frequency
time
mod q
mod p
mod q
mod p
26
Demo: key extraction
27
Results
RSA 4096-bit key extraction from1 meter away using a microphone
28
Results
RSA 4096-bit key extraction from10 meters away using a parabolic microphone
29
Results
RSA 4096-bit key extraction from30cm away using a smartphone
30
Karatsuba multiplicationBased on the following identity for multiplication and runs in 𝜃𝜃 𝑛𝑛log2 3time
𝑎𝑎𝑎𝑎 = 22𝑛𝑛 + 2𝑛𝑛 𝑎𝑎𝐻𝐻𝑎𝑎𝐻𝐻 + 2𝑛𝑛 𝑎𝑎𝐻𝐻 − 𝑎𝑎𝐿𝐿 𝑎𝑎𝐿𝐿 − 𝑎𝑎𝐻𝐻 + 2𝑛𝑛 + 1 𝑎𝑎𝐿𝐿𝑎𝑎𝐿𝐿
If 𝑞𝑞𝑖𝑖 = 1 then 𝑎𝑎 has many 1-valued or 0-valued bits causing the result to have many 0-valued bits.
If 𝑞𝑞𝑖𝑖 = 0 then 𝑎𝑎 is random-looking and so is the result.
31
Basic multiplication
If 𝑎𝑎𝑖𝑖 = 0 the algorithm does nothing!
Repeated for a total of 8 times in this call and for a total of up to ~300,000 times!, allowing for the leakage to be detectable using low bandwidth means (such as sound).
32
Electric Channels
33
Power analysis• Power analysis: measure device’s power consumption
• RSA 4096-bit key extraction is possible in a few seconds
34
Key = 101011…
Ground-potential analysis• Attenuating EMI emanations
“Unwanted currents or electromagnetic fields? Dump them to the circuit ground!”(Bypass capacitors, RF shields, …)
• Device is grounded, but its “ground” potential fluctuates relative to the mains earth ground.
Computationaffects currents and EM fieldsdumped to device groundconnected to conductive chassis
35
Demo: key extraction
36
RSA and ElGamal key extraction in a few seconds usingdirect chassis measurement (non-adaptive attack)
Key = 101011…
37
RSA and ElGamal key extraction in a few seconds usinghuman touch (non-adaptive attack)
Key = 101011…
38
Ground-potential analysis
• Device is grounded, but its “ground” potential fluctuates relative to the mains earth ground.
Computationaffects device groundconnected to conductive chassisconnected to shielded cablesEven when no data, or port is turned off.
Key = 101011…
• Attenuating EMI emanations“Unwanted currents or electromagnetic fields? Dump them to the circuit ground!”(Bypass capacitors, RF shields, …)
39
Demo: key extraction
40
RSA and ElGamal key extraction in a few seconds usingthe far end of 10 meter network cable (non-adaptive attack)
Key = 101011…
works even if a firewall is present, or port is turned off
41
Key extraction on far side of Ethernet cableusing a mobile phone
42
Electromagnetic key extraction
• Currents inside the target create electromagnetic waves.
• Can be detected using an electromagnetic probe (e.g., a loop of wire).
43
Electromagnetic key extraction
• Currents inside the target create electromagnetic waves.
• Can be detected using an electromagnetic probe (e.g., a loop of wire).
44
Countermeasures(class discussion)
45
1. Shielding
Ineffective countermeasures
46
2. Adding noise(play loud music while decrypting)
3. Concurrent software load
Ineffective countermeasures (cont.)
47
Given a ciphertext 𝑐𝑐:1. Generate a random number 𝑟𝑟 and compute 𝑟𝑟𝑒𝑒
2. Decrypt 𝑟𝑟𝑒𝑒 ⋅ 𝑐𝑐 and obtain 𝑚𝑚𝑚3. Output 𝑚𝑚′ ⋅ 𝑟𝑟−1
Works since 𝑒𝑒𝑑𝑑 = 1 𝑚𝑚𝑚𝑚𝑑𝑑 𝜙𝜙(𝑛𝑛) thus:𝑟𝑟𝑒𝑒 ⋅ 𝑐𝑐 𝑑𝑑 ⋅ 𝑟𝑟−1 𝑚𝑚𝑚𝑚𝑑𝑑 𝑛𝑛 = 𝑟𝑟𝑒𝑒𝑑𝑑 ⋅ 𝑟𝑟−1 ⋅ 𝑐𝑐𝑑𝑑 𝑚𝑚𝑚𝑚𝑑𝑑 𝑛𝑛
= 𝑟𝑟 ⋅ 𝑟𝑟−1 ⋅ 𝑐𝑐𝑑𝑑 𝑚𝑚𝑚𝑚𝑑𝑑 𝑛𝑛= 𝑐𝑐𝑑𝑑 𝑚𝑚𝑚𝑚𝑑𝑑 𝑛𝑛= 𝑚𝑚
Countermeasures (ciphertext randomization)
48
cs.tau.ac.il/~tromer/acoustic CRYPTO’14 CVE 2013-4576
cs.tau.ac.il/~tromer/handsoff CHES’14 CVE-2014-5270
cs.tau.ac.il/~tromer/radioexp CVE-2014-3591