Yet Another Computer Side Channel
Researchers have managed to get two computers to communicate using heat and thermal sensors. It’s not really viable communication—the bit rate is eight per hour over fifteen inches—but it’s neat.
Entries Tagged "side-channel attacks"
Page 6 of 9
Hardware Bit-Flipping Attack
The Project Zero team at Google has posted details of a new attack that targets a computer’s’ DRAM. It’s called Rowhammer. Here’s a good description:
Here’s how Rowhammer gets its name: In the Dynamic Random Access Memory (DRAM) used in some laptops, a hacker can run a program designed to repeatedly access a certain row of transistors in the computer’s memory, “hammering” it until the charge from that row leaks into the next row of memory. That electromagnetic leakage can cause what’s known as “bit flipping,” in which transistors in the neighboring row of memory have their state reversed, turning ones into zeros or vice versa. And for the first time, the Google researchers have shown that they can use that bit flipping to actually gain unintended levels of control over a victim computer. Their Rowhammer hack can allow a “privilege escalation,” expanding the attacker’s influence beyond a certain fenced-in portion of memory to more sensitive areas.
When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.
The cause is simply the super dense packing of chips:
This works because DRAM cells have been getting smaller and closer together. As DRAM manufacturing scales down chip features to smaller physical dimensions, to fit more memory capacity onto a chip, it has become harder to prevent DRAM cells from interacting electrically with each other. As a result, accessing one location in memory can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells. With enough accesses, this can change a cell’s value from 1 to 0 or vice versa.
Very clever, and yet another example of the security interplay between hardware and software.
This kind of thing is hard to fix, although the Google team gives some mitigation techniques at the end of their analysis.
Slashdot thread.
EDITED TO ADD (3/12): Good explanation of the vulnerability.
Can the NSA Break Microsoft's BitLocker?
The Intercept has a new story on the CIA’s—yes, the CIA, not the NSA—efforts to break encryption. These are from the Snowden documents, and talk about a conference called the Trusted Computing Base Jamboree. There are some interesting documents associated with the article, but not a lot of hard information.
There’s a paragraph about Microsoft’s BitLocker, the encryption system used to protect MS Windows computers:
Also presented at the Jamboree were successes in the targeting of Microsoft’s disk encryption technology, and the TPM chips that are used to store its encryption keys. Researchers at the CIA conference in 2010 boasted about the ability to extract the encryption keys used by BitLocker and thus decrypt private data stored on the computer. Because the TPM chip is used to protect the system from untrusted software, attacking it could allow the covert installation of malware onto the computer, which could be used to access otherwise encrypted communications and files of consumers. Microsoft declined to comment for this story.
This implies that the US intelligence community—I’m guessing the NSA here—can break BitLocker. The source document, though, is much less definitive about it.
Power analysis, a side-channel attack, can be used against secure devices to non-invasively extract protected cryptographic information such as implementation details or secret keys. We have employed a number of publically known attacks against the RSA cryptography found in TPMs from five different manufacturers. We will discuss the details of these attacks and provide insight into how private TPM key information can be obtained with power analysis. In addition to conventional wired power analysis, we will present results for extracting the key by measuring electromagnetic signals emanating from the TPM while it remains on the motherboard. We will also describe and present results for an entirely new unpublished attack against a Chinese Remainder Theorem (CRT) implementation of RSA that will yield private key information in a single trace.
The ability to obtain a private TPM key not only provides access to TPM-encrypted data, but also enables us to circumvent the root-of-trust system by modifying expected digest values in sealed data. We will describe a case study in which modifications to Microsoft’s Bitlocker encrypted metadata prevents software-level detection of changes to the BIOS.
Differential power analysis is a powerful cryptanalytic attack. Basically, it examines a chip’s power consumption while it performs encryption and decryption operations and uses that information to recover the key. What’s important here is that this is an attack to extract key information from a chip while it is running. If the chip is powered down, or if it doesn’t have the key inside, there’s no attack.
I don’t take this to mean that the NSA can take a BitLocker-encrypted hard drive and recover the key. I do take it to mean that the NSA can perform a bunch of clever hacks on a BitLocker-encrypted hard drive while it is running. So I don’t think this means that BitLocker is broken.
But who knows? We do know that the FBI pressured Microsoft to add a backdoor to BitLocker in 2005. I believe that was unsuccessful.
More than that, we don’t know.
EDITED TO ADD (3/12): Starting with Windows 8, Microsoft removed the Elephant Diffuser from BitLocker. I see no reason to remove it other than to make the encryption weaker.
Cell Phones Leak Location Information through Power Usage
New research on tracking the location of smart phone users by monitoring power consumption:
PowerSpy takes advantage of the fact that a phone’s cellular transmissions use more power to reach a given cell tower the farther it travels from that tower, or when obstacles like buildings or mountains block its signal. That correlation between battery use and variables like environmental conditions and cell tower distance is strong enough that momentary power drains like a phone conversation or the use of another power-hungry app can be filtered out, Michalevsky says.
One of the machine-learning tricks the researchers used to detect that “noise” is a focus on longer-term trends in the phone’s power use rather than those than last just a few seconds or minutes. “A sufficiently long power measurement (several minutes) enables the learning algorithm to ‘see’ through the noise,” the researchers write. “We show that measuring the phone’s aggregate power consumption over time completely reveals the phone’s location and movement.”
Even so, PowerSpy has a major limitation: It requires that the snooper pre-measure how a phone’s power use behaves as it travels along defined routes. This means you can’t snoop on a place you or a cohort has never been, as you need to have actually walked or driven along the route your subject’s phone takes in order to draw any location conclusions.
I’m not sure how practical this is, but it’s certainly interesting.
The paper.
Jumping Air Gaps with All-in-One Printers
Last week, Adi Shamir gave a presentation at Black Hat Europe on using all-in-one printers to control computers on the other side of air gaps. There’s no paper yet, but two publications reported on the talk:
Theoretically, if a malicious program is installed on an air-gapped computer by an unsuspecting user via, say, a USB thumb drive, attackers should have a hard time controlling the malicious program or stealing data through it because there is no Internet connection.
But the researchers found that if a multifunction printer is attached to such a computer, attackers could issue commands to a malicious program running on it by flashing visible or infrared light at the scanner lid when open.
[…]
The researchers observed that if a source of light is pointed repeatedly at the white coating on the inside of the scanner’s lid during a scanning operation, the resulting image will have a series of white lines on darker background. Those lines correspond to the pulses of light hitting the lid and their thickness depends on the duration of the pulses, Shamir explained.
Using this observation the researchers developed Morse code that can be used to send pulses of light at different intervals and interpret the resulting lines as binary data1s and 0s. Malware running on an air-gapped system could be programmed to initiate a scanning operation at a certain time—for example, during the night—and then interpret the commands sent by attackers using the technique from far away.
Shamir estimated that several hundred bits of data can be sent during a single scan. That’s enough to send small commands that can activate various functionality built into the malware.
This technique can be used to send commands into an air-gapped computer network, and to exfiltrate data from that network.
Side-Channel Attacks on Frog Calls
The male túngara frog Physalaemus pustulosus uses calls to attract females. But croaking also causes ripples in the water, which are eavesdropped on—both by rival male frogs and frog-eating bats.
Acoustic Cryptanalysis
This is neat:
Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG’s current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
Beyond acoustics, we demonstrate that a similar low-bandwidth attack can be performed by measuring the electric potential of a computer chassis. A suitably-equipped attacker need merely touch the target computer with his bare hand, or get the required leakage information from the ground wires at the remote end of VGA, USB or Ethernet cables.
Breaking Hard-Disk Encryption
The newly announced ElcomSoft Forensic Disk Decryptor can decrypt BitLocker, PGP, and TrueCrypt. And it’s only $300. How does it work?
Elcomsoft Forensic Disk Decryptor acquires the necessary decryption keys by analyzing memory dumps and/or hibernation files obtained from the target PC. You’ll thus need to get a memory dump from a running PC (locked or unlocked) with encrypted volumes mounted, via a standard forensic product or via a FireWire attack. Alternatively, decryption keys can also be derived from hibernation files if a target PC is turned off.
This isn’t new. I wrote about AccessData doing the same thing in 2007:
Even so, none of this might actually matter. AccessData sells another program, Forensic Toolkit, that, among other things, scans a hard drive for every printable character string. It looks in documents, in the Registry, in e-mail, in swap files, in deleted space on the hard drive … everywhere. And it creates a dictionary from that, and feeds it into PRTK.
And PRTK breaks more than 50 percent of passwords from this dictionary alone.
It’s getting harder and harder to maintain good file security.
Stealing VM Keys from the Hardware Cache
Research into one VM stealing crypto keys from another VM running on the same hardware.
ABSTRACT: This paper details the construction of an access-driven side-channel attack by which a malicious virtual machine (VM) extracts fine-grained information from a victim VM running on the same physical computer. This attack is the first such attack demonstrated on a symmetric multiprocessing system virtualized using a modern VMM (Xen). Such systems are very common today, ranging from desktops that use virtualization to sandbox application or OS compromises, to clouds that co-locate the workloads of mutually distrustful customers. Constructing such a side-channel requires overcoming challenges including core migration, numerous sources of channel noise, and the difficulty of preempting the victim with sufficient frequency to extract fine-grained information from it. This paper addresses these challenges and demonstrates the attack in a lab setting by extracting an ElGamal decryption key from a victim using the most recent version of the libgcrypt cryptographic library.
Hacking Brain-Computer Interfaces
In this fascinating piece of research, the question is asked: can we surreptitiously collect secret information from the brains of people using brain-computer interface devices? One article:
A team of security researchers from Oxford, UC Berkeley, and the University of Geneva say that they were able to deduce digits of PIN numbers, birth months, areas of residence and other personal information by presenting 30 headset-wearing subjects with images of ATM machines, debit cards, maps, people, and random numbers in a series of experiments. The paper, titled “On the Feasibility of Side-Channel Attacks with Brain Computer Interfaces,” represents the first major attempt to uncover potential security risks in the use of the headsets.
This is a new development in spyware.
EDITED TO ADD (9/6): More articles. And here’s a discussion of the pros and cons of this sort of technology.
Sidebar photo of Bruce Schneier by Joe MacInnis.