55 research outputs found
Passive SSH Key Compromise via Lattices
We demonstrate that a passive network attacker can opportunistically obtain private RSA host keys from an SSH server that experiences a naturally arising fault during signature computation. In prior work, this was not believed to be possible for the SSH protocol because the signature included information like the shared Diffie-Hellman secret that would not be available to a passive network observer. We show that for the signature parameters commonly in use for SSH, there is an efficient lattice attack to recover the private key in case of a signature fault. We provide a security analysis of the SSH, IKEv1, and IKEv2 protocols in this scenario, and use our attack to discover hundreds of compromised keys in the wild from several independently vulnerable implementations
Mayhem: Targeted Corruption of Register and Stack Variables
In the past decade, many vulnerabilities were discovered in
microarchitectures which yielded attack vectors and motivated the study of
countermeasures. Further, architectural and physical imperfections in DRAMs led
to the discovery of Rowhammer attacks which give an adversary power to
introduce bit flips in a victim's memory space. Numerous studies analyzed
Rowhammer and proposed techniques to prevent it altogether or to mitigate its
effects.
In this work, we push the boundary and show how Rowhammer can be further
exploited to inject faults into stack variables and even register values in a
victim's process. We achieve this by targeting the register value that is
stored in the process's stack, which subsequently is flushed out into the
memory, where it becomes vulnerable to Rowhammer. When the faulty value is
restored into the register, it will end up used in subsequent iterations. The
register value can be stored in the stack via latent function calls in the
source or by actively triggering signal handlers. We demonstrate the power of
the findings by applying the techniques to bypass SUDO and SSH authentication.
We further outline how MySQL and other cryptographic libraries can be targeted
with the new attack vector. There are a number of challenges this work
overcomes with extensive experimentation before coming together to yield an
end-to-end attack on an OpenSSL digital signature: achieving co-location with
stack and register variables, with synchronization provided via a blocking
window. We show that stack and registers are no longer safe from the Rowhammer
attack
Jolt: Recovering TLS Signing Keys via Rowhammer Faults
Digital Signature Schemes such as DSA, ECDSA, and RSA are widely deployed to protect the integrity of security protocols such as TLS, SSH, and IPSec. In TLS, for instance, RSA and (EC)DSA are used to sign the state of the agreed upon protocol parameters during the handshake phase. Naturally, RSA and (EC)DSA implementations have become the target of numerous attacks, including powerful side-channel attacks. Hence, cryptographic libraries were patched repeatedly over the years.
Here we introduce Jolt, a novel attack targeting signature scheme implementations. Our attack exploits faulty signatures gained by injecting faults during signature generation. By using the signature verification primitive, we correct faulty signatures and, in the process deduce bits of the secret signing key. Compared to recent attacks that exploit single bit biases in the nonce that require signatures, our attack requires less than a thousand faulty signatures for a -bit (EC)DSA. The performance improvement is due to the fact that our attack targets the secret signing key, which does not change across signing sessions. We show that the proposed attack also works on Schnorr and RSA signatures with minor modifications.
We demonstrate the viability of Jolt by running experiments targeting TLS handshakes in common cryptographic libraries such as WolfSSL, OpenSSL, Microsoft SymCrypt, LibreSSL, and Amazon s2n. On our target platform, the online phase takes less than 2 hours to recover bits of a -bit ECDSA key, which is sufficient for full key recovery. We note that while RSA signatures are protected in popular cryptographic libraries, OpenSSL remains vulnerable to double fault injection. We have also reviewed their Federal Information Processing Standard (FIPS) hardened versions which are slightly less efficient but still vulnerable to our attack. We found that (EC)DSA signatures remain largely unprotected against software-only faults, posing a threat to real-life deployments such as TLS, and potentially other security protocols such as SSH and IPSec. This highlights the need for a thorough review and implementation of faults checking in security protocol implementations
Distributed EaaS simulation using TEEs: A case study in the implementation and practical application of an embedded computer cluster
Internet of Things (IoT) devices with limited resources struggle to generate the high-quality entropy required for high-quality randomness. This results in weak cryptographic keys. As keys are a single point of failure in modern cryptography, IoT devices performing cryptographic operations may be susceptible to a variety of attacks.
To address this issue, we develop an Entropy as a Service (EaaS) simulation. The purpose of EaaS is to provide IoT devices with high-quality entropy as a service so that they can use it to generate strong keys. Additionally, we utilise Trusted Execution Environments (TEEs) in the simulation. TEE is a secure processor component that provides data protection, integrity, and confidentiality for select applications running on the processor by isolating them from other system processes (including the OS). TEE thereby enhances system security.
The EaaS simulation is performed on a computer cluster known as the Magi cluster. Magi cluster is a private computer cluster that has been designed, built, configured, and tested as part of this thesis to meet the requirements of Tampere University's Network and Information Security Group (NISEC). In this thesis, we explain how the Magi cluster is implemented and how it is utilised to conduct a distributed EaaS simulation utilising TEEs.Esineiden internetin (Internet of Things, IoT) laitteilla on tyypillisesti rajallisten resurssien vuoksi haasteita tuottaa tarpeeksi korkealaatuista entropiaa vahvan satunnaisuuden luomiseen. Tämä johtaa heikkoihin salausavaimiin. Koska salausavaimet ovat modernin kryptografian heikoin lenkki, IoT-laitteilla tehtävät kryptografiset operaatiot saattavat olla haavoittuvaisia useita erilaisia hyökkäyksiä vastaan.
Ratkaistaksemme tämän ongelman kehitämme simulaation, joka tarjoaa IoT-laitteille vahvaa entropiaa palveluna (Entropy as a Service, EaaS). EaaS-simulaation ideana on jakaa korkealaatuista entropiaa palveluna IoT-laitteille, jotta ne pystyvät luomaan vahvoja salausavaimia. Hyödynnämme simulaatiossa lisäksi luotettuja suoritusympäristöjä (Trusted Execution Environment, TEE). TEE on prosessorilla oleva erillinen komponentti, joka tarjoaa eristetyn ja turvallisen ajoympäristön valituille ohjelmille. TEE:tä hyödyntämällä ajonaikaiselle ohjelmalle voidaan taata datan suojaus, luottamuksellisuus sekä eheys eristämällä se muista järjestelmällä ajetuista ohjelmista (mukaan lukien käyttöjärjestelmä). Näin ollen TEE parantaa järjestelmän tietoturvallisuutta.
EaaS-simulaatio toteutetaan Magi-nimisellä tietokoneklusterilla. Magi on Tampereen Yliopiston Network and Information Security Group (NISEC) -tutkimusryhmän oma yksityinen klusteri, joka on suunniteltu, rakennettu, määritelty ja testattu osana tätä diplomityötä. Tässä diplomityössä käymme läpi, kuinka Magi-klusteri on toteutettu ja kuinka sillä toteutetaan hajautettu EaaS-simulaatio hyödyntäen TEE:itä
JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms
After years of development, FPGAs are finally making an appearance on
multi-tenant cloud servers. These heterogeneous FPGA-CPU architectures break
common assumptions about isolation and security boundaries. Since the FPGA and
CPU architectures share hardware resources, a new class of vulnerabilities
requires us to reassess the security and dependability of these platforms.
In this work, we analyze the memory and cache subsystem and study Rowhammer
and cache attacks enabled on two proposed heterogeneous FPGA-CPU platforms by
Intel: the Arria 10 GX with an integrated FPGA-CPU platform, and the Arria 10
GX PAC expansion card which connects the FPGA to the CPU via the PCIe
interface. We show that while Intel PACs currently are immune to cache attacks
from FPGA to CPU, the integrated platform is indeed vulnerable to Prime and
Probe style attacks from the FPGA to the CPU's last level cache. Further, we
demonstrate JackHammer, a novel and efficient Rowhammer from the FPGA to the
host's main memory. Our results indicate that a malicious FPGA can perform
twice as fast as a typical Rowhammer attack from the CPU on the same system and
causes around four times as many bit flips as the CPU attack. We demonstrate
the efficacy of JackHammer from the FPGA through a realistic fault attack on
the WolfSSL RSA signing implementation that reliably causes a fault after an
average of fifty-eight RSA signatures, 25% faster than a CPU rowhammer attack.
In some scenarios our JackHammer attack produces faulty signatures more than
three times more often and almost three times faster than a conventional CPU
rowhammer attack.Comment: Accepted to IACR Transactions on Cryptographic Hardware and Embedded
Systems (TCHES), Volume 2020, Issue
A New Exponentiation Algorithm Resistant to Combined Side Channel Attack
Abstract Since two different types of side channel attacks based on passive information leakage and active fault injection are independently considered as implementation threats on cryptographic modules, most countermeasures have been separately developed according to each attack type. But then, Amiel et al. proposed a combined side channel attack in which an attacker combines these two methods to recover the secret key in an RSA implementation. In this paper, we show that the BNP (Boscher, Naciri, and Prouff) algorithm for RSA, which is an SPA/FA-resistant exponentiation method, is also vulnerable to the combined attack. In addition, we propose a new exponentiation algorithm resistant to power analysis and fault attack as well as the combined attack. The proposed secure exponentiation algorithm can be employed to strengthen the security of CRT-RSA
Fault attacks on RSA and elliptic curve cryptosystems
This thesis answered how a fault attack targeting software used to program EEPROM can threaten hardware devices, for instance IoT devices. The successful fault attacks proposed in this thesis will certainly warn designers of hardware devices of the security risks their devices may face on the programming leve
- …