1 / 25

563.11.3 Breaking the Chip: Vulnerabilities of Cryptographic Processors and Smart Cards

563.11.3 Breaking the Chip: Vulnerabilities of Cryptographic Processors and Smart Cards. Presented by: Ragib Hasan PISCES Group: Soumyadeb Mitra, Sruthi Bandhakavi, Ragib Hasan, Raman Sharikyn University of Illinois Spring 2006. Overview. Threat model Attackers Goals Types of attacks

martha
Download Presentation

563.11.3 Breaking the Chip: Vulnerabilities of Cryptographic Processors and Smart Cards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 563.11.3 Breaking the Chip: Vulnerabilities of Cryptographic Processors and Smart Cards Presented by: Ragib Hasan PISCES Group: Soumyadeb Mitra, Sruthi Bandhakavi, Ragib Hasan, Raman Sharikyn University of Illinois Spring 2006

  2. Overview • Threat model • Attackers • Goals • Types of attacks • Attack techniques • Cryptographic processors • Smart cards • Further reading

  3. Threat model • Attacker types • Class I: Clever outsiders • Intelligent, but lack information, exploit known attack • Class II: Knowledgeable insiders • Have inside information on protocols/design, can use sophisticated tools • Class III: Funded organizations • Have information, resources, equipments, and incentives • Can employ class II attackers in teams Abraham et. al. Transaction Security System, IBM Systems Journal, 1991

  4. Threat model • Attacker goals • To get the crypto keys stored in RAM or ROM • To learn the secret crypto algorithm used • To obtain other information stored into the chip (e.g. PINs) • To modify information on the card (e.g. calling card balance)

  5. Types of attacks • Non-invasive attack • Don’t modify processor, probe via other means • Invasive attacks • Break open processor by acids, ionization • Reverse engineering • Learn how the device works Moore, Anderson, Kuhn, Improving Smartcard Security Using Self-timed Circuit Technology

  6. Overview • Threat model • Attackers • Goals • Types of attacks • Attack techniques • Cryptographic processors • Smart cards • Further reading

  7. Crypto processors: Attacks • Naïve key theft • Master Keys loaded into the chip, attacker opens enclosure while device is running and probes the chip memory • Preventive measures • Wire the power supply through lid switches • Zeroize the chip memory whenever lid is opened

  8. Attack (1) • Theft of keys • Early chips kept keys in removable PROMs or key was listed in paper • Attacker removes the PROM or steals the paper • Solution • Shared control, by using two or more PROMs with master keys, and use them to derive actual key • Keep keys in smart cards

  9. Attack (2) • Cutting through casing • Disabling lid switches • Solutions • Add more sensors, photocells • Separate the security components, and make them “potted” using epoxy resin

  10. IBM 4758’s epoxy potting • IBM 4758, with epoxy potting partially removed

  11. Attack (3) • Attacker scrapes potting with a knife, and uses a logic probe on the bus • RSA, DES vulnerable if attacker can see protocol in action • Solution: • Use a wire mesh embedded in the epoxy • Crude scraping can be handled, but not slow erosion using sandblasting • Use a metal shield with a membrane to enclose processor

  12. Attack (4) • Memory remanence • Memory gets burned into the RAM after long time, on power up, 90% RAM bits initialized to key • Attacker goes dumpster diving to find old chips • Solution • Use RAM savers, just like screen savers • Move data around chip to prevent burn-in Gutman, Secure deletion of data from magnetic and solid state memory, Usenix Security Symp. 96

  13. Attack (5) • Freeze it! • Below -20 C (-4F), SRAM contents persist • Attacker freezes module, removes power, removes potting/mesh, attaches chip to test rig, powers on • Burn it! • Attacker floods chip with ionizing radiation (X-Ray), key gets burned in • Solution? • Add temperature/radiation alarms • Or, blow up the chip, with thermite charges!! Skorobogatov, Low Temperature Remanence in Static RAM

  14. Attack (6) • Tempest / power analysis • Noninvasive • British MI5 eavesdropped on French embassy’s crypto machine in the 1960s • Attacker looks into RF emissions or power consumption of processor • Solution • Use Aluminum shielding (Tin foil!!) • Obfuscate power line paths

  15. Attacking 4758 • 4758 addresses most of the previous attacks • So, how do you attack a 4758? • Physical • Erode potting with sandblasting, detect mesh lines, by pass them (magnetic force microscope) • Drill 8mm/0.1 mm holes to go through mesh • Send plasma jets to destroy memory zeroization circuits • Protocol level attacks • Michael Bond, a grad student, broke 4758 using a protocol attack to extract a 3DES key Michael Bond. "Attacks on Cryptoprocessor Transaction Sets" CHES 2000

  16. Overview • Threat model • Attackers • Goals • Types of attacks • Attack techniques • Cryptographic processors • Smart cards • Further reading

  17. Smart cards • Generally don’t have the protection of crypto processors • Typically have lower security, but more commonly used

  18. Non-invasive attacks • Attack the protocol • Put a laptop between the smart card and reader, and analyze messages • Put a device between card and reader that blocks certain messages • Prevent writing • Early smartcards had a separate programming voltage pin Vpp that was needed to write to EEPROM • Attacker places tape on the pin to prevent writing

  19. Non-invasive attacks • Differential power analysis • Power supply current spikes indicate type of instruction being executed • Data values can be obtained from power profile • Clock/power modulation • Overclocking the chip causes disruption in instruction (e.g. prevent branching) • Slowing down clock allows reading voltages with an electron microscope • Modulating power can prevent parts of the chip from working

  20. Invasive attacks • It is possible to remove the chip using cheap chemicals • Attacker removes chip, fits it into a test rig • Optical microscope can show ROM contents • Crystallographic staining also reveal ROM content Moore, Anderson, Kuhn, Improving Smartcard Security Using Self-timed Circuit Technology

  21. Invasive attacks • Physical probing • Low cost probing stations can land microprobes on bus lines and read values • The information is used to figure out keys or crypto algorithms • Focus Ion Beam microscopes can modify chip or shielding

  22. Invasive attacks • Memory linearization • Destroy instruction decoder to prevent jumps • Repair test circuits (blown off during manufacture) to allow testing routines to dump memory • Problem: You need to have test circuits, otherwise you can’t test the chip’s working during production

  23. Reverse engineering • Rebuild hardware circuits • Etch away layer on chip surface, take electron micrograph, create 3-D image of chip • Use the image to recreate circuit

  24. Reverse engineering • Optical fault induction • Use simple camera flash, tape it to proving station, flash the chip at a particular spot using a aluminum foil aperture • Or use a cheap laser pointer • Focusing flash on white circle makes SRAM cell bit go from 1 to 0 • Focusing on black circle makes SRAM cell go from 0 to 1 • By inducing bit faults, several protocols can be broken Skorobogatov and Ross J.Anderson, Optical Fault Induction Attacks, CHES '02

  25. Further reading • Ross Anderson’s page at Cambridge University • Workshop on Cryptographic Hardware and Embedded Systems

More Related