Introduction to Computer Systems 15-213/18-243, spring 2009

Introduction to Computer Systems 15-213/18-243, spring 2009

Computer Security 2014 Side channel attacks Background An algorithm or software can be designed to be provably secure. E.g. cryptosystems, small OS kernels, TPM modules, ... Involves proving that certain situations cannot arise Or that breaking them would be just as hard as doing something incredibly tedious Such as factoring large numbers

But what about the environment in which these algorithms or software 2 Side channel attacks Attacks that exploit the physical implementation of a system Correlation between physical measurements during computation (side channel) and the internal state of the computer 3 Side channel attacks

Timing attacks Measure time between computations Power monitoring attacks Measure varying power consumption during computation Electromagnetic attacks Measure radiation from devices (e.g. monitors) Acoustic attacks

Listen to sounds emitted during computation Differential fault analysis Deliberately provoke faults in computation to discover secrets Data remanence Resurrect data that was thought to have been deleted Such as the memset() of the password example from first class 4 Early attacks 1956: Operation ENGULF

British&US did not want to fund Egyptian President Nasser to build the Ashwan High Dam so he turned to the Soviets Nasser takes over the Suez Canal, formerly under British&French control, to collect tolls on ships MI5 places bugs in the Egyptian embassy to listen to 2-3 rotors of Hagelin cipher machines that were communicating sensitive information with French and Soviets Soviets helped sweep the embassy for bugs, but left the MI5 one! Relies on an attack of the physical implementation of the Hagelin cipher machine: a side channel attack What was the side channel? 5

Early attacks 1946-1952: The Thing Soviets gave US ambassador to the USSR 2 hand crafted seal for his office. Ingenious passive listening device inside based on a spring by Theremin Spies shot radiowaves at 330MHz at distance to activate microphone and listen in for 6 years Discovered by a stroke of luck by a technician 6

Early attacks 1947-ish: Laser microphone (Buran) Theremin also developed a technique for showning a low power infrared beam on glass windows to detect vibrations from sound at distance Used by precursor of KGB to spy on U.S., U.K. and French embassies in Moscow Works best with smooth surfaces, hence the use of rippled glass by security agencies... 7

Early attacks 1980: Soviets accused of planting bugs in IBM Selectric printers to listen to the sound of the type ball as it rotates and strikes the paper Allows the spies to listen to what was being printed 8 Early attacks 1985: Wim van Eck eavesdrops CRT/LCD emissions Oscillating electronic currents inside video

displays generate electromagnetic radiation in the radio frequency range that correlated with the image being shown on the screen. CRT: Cost ~$15. LCD (2004): Cost ~$2000 9 Early countermeasures TEMPEST: NSA specification for protection against side-channel attacks. Been partially declassified. U.S. initially playing catch-up to Soviet intelligence on exploiting emanations

Sets up zones depending on how physically close an attacker can get (0-100m) Add extra noise (shielding) when required: 10 More modern attacks Loughry & Umphress (2002): Information Leakage from Optical Emanations 1991: Briol shows that sounds from dot-matrix printers leak significant details on the contents being printed 2002: Loughry and Umphress show

that the LED lights on networking equipment are heavily correlated with the data they are transmitting Could effectively listen in on all network traffic Mostly theoretical 11 More modern attacks Zhuang et al: 2004: Asonov and Agrawal of IBM show that keyboard and keypads (such as on ATMs) emit different sounds for different keys

Practical experiments by Berkeley in 2005 for covert listening for passwords, PINs, etc. Needs a training phase (each key 100 times) 2005: Zhuang, Zhou and Tygar recover 96% of English text from keyboard sound recording No training required, if recording is at least 10 min. 12 Timing attacks 2004: Shamir and Tromer use timing attacks against CPUs

Different operations cause variable ultrasonic noise from the capacitors/inductors 2013: Shamir, Tromer and Genkin use techniques to listen to GnuPG via a cell phone Able to extract 4096-bit private key by listening to the computation 13 More recent attacks

2007: Bortz, Boneh and Nandy show observing timing data of TCP packets (even HTTPS) allows you to infer: number of Facebook friends (effectively), contents of shopping cart, and so forth Recent discussions about impact on TOR: check whether a connection exists between a user and a server Think oppressed journalist and Twitter via TOR Spoof TCP packets to halve the window size of a connection 14

More modern attacks 2011: Thermal imaging Mowery et al. show how ATM keypads can be broken by looking at residual heat from keypressed by a target user Works up to a minute after the user enters the password Reduces search space

from 10,000 to about 24 for 4-digit PIN 15 More modern attacks 2011: Traynor et al. from Gatech show how the accelerometer on a cell phone can decode vibrations emitted from a nearby keyboard Effectively a listening device for any app on the phone Sampling rate much smaller than with previous gizmos Perhaps 100Hz on iPhone 4, or 400x less then Asonov et al. Instead, modeled keypress events

Models proximity between keys, left/right, duration of keystroke, ... This timing attack was investigated in depth for SSH passwords in 2002 16 More modern attacks 2009: Vuagnoux and Pasini capture electromagnetic emanations directly from keyboards at 20m distance No need for other wires providing physical support for emanations

Demo: 17 Whats happening today 2014: Timing attack to identify Google users Want to know if a particular Gmail address being used? Link to a picture that only the

authenticated user could access Triggers onerror() in Javascript in 891ms if image was accessible, but 573ms if not. 18 Whats happening today 19 SAP flaw 20 SAP flaw

Roughly equal to the following C code: int passwordCheck(char *truepw, char *pw) { while (*truepw) { if (*truepw != *pw) { printf ("Password check failed\n"); return -1; } } return 0; } Whats the flaw? How would you exploit it? 21 SAP flaw

2014: SAP Router Password Timing Attack Router disallows connections based on a table, unless the correct password is specified. Just walk linearly through the passwords, asking: Hey, is the next character A? No? How about B? ... Illustrates a general problem for cryptosystems (and caches) 22

Countermeasures Side-channel attacks rely on merging information from the side channel to the original data Approach 1: Eliminate side channels Put government buildings in a Faraday cage (antiTEMPEST) Jam the channels / add random delays Let execution paths not depend on secret information (PC-secure) Myers et al. (2011) Predictively mitigate timing attacks Approach 2: Remove correlation between

side channel and original data Blinding in cryptography In RSA, multiply encrypted ciphertext with a random 23

Recently Viewed Presentations

  • Cells and Organelles - CCA Biology

    Cells and Organelles - CCA Biology

    Cells and Organelles. ... The organelles of eukaryotes allow for greater division of labor within the cell than is possible in prokaryotes. ... As a table, make a flow chart comparing the parts of a cell to an automobile production...
  • Science  Pushes & Pulls Tasc: Can I design

    Science Pushes & Pulls Tasc: Can I design

    PSHE/SEAL/SMSC: Seal - 'Going For Goals!' PE Dance - Firework Dance, moving to poetry written. Gym - To Practise basic movements (roll, jump, take weight on hands, travel close to the floor!) Outdoor games: To consolidate basic principles.
  • June 2017 The Massachusetts Financial Services Sector 7th

    June 2017 The Massachusetts Financial Services Sector 7th

    One such startup is Cambridge-based Kensho, which uses large computing power and state-of-the-art analytical tools to combine natural language search queries, graphical user interfaces and secure cloud computing. Within seconds of the market data being released, Kensho is able to...
  • AMH in pre-pubertal girls Crisosto et al, JCEM, 2007

    AMH in pre-pubertal girls Crisosto et al, JCEM, 2007

    Polycystic Ovarian Syndrome (PCOS) is one of the most common endocrinopathies affecting 5-10% of women of reproductive age. (Amer 2006) PCOS . is a multifactorial complex characterized by chronic . anovulation, polycystic .
  • The Digestive System The process of digestion has

    The Digestive System The process of digestion has

    NO DIGESTION OCCURS HERE The colon has a large surface area for the absorption of water from the fluid we drink, food we eat, mucus and digestive juices. It also absorbs mineral salts. Solid waste made up of undigested food,...
  • BETTY NEUMAN - RN-BSN Portfolio for Terri Sand

    BETTY NEUMAN - RN-BSN Portfolio for Terri Sand

    BETTY NEUMAN . A System Model Study Using an Evidence-Based Theory. ... society. Proposes that "nurses enter into the client's world to promote stability and balance ". Neuman & Fawcett, 2002. THEORY. The Neuman model is illustrated by multiple circles...
  • Roots from the Greeks

    Roots from the Greeks

    a word formed from the first (or first few) letters of a series of words. Repondezs'ilvous plait. Self. contained. underwater . breathing . apparatus. Acronyms are used so often that we may forget the original words that they represent. Back...
  • The Gospel Driven Life -

    The Gospel Driven Life -

    "For the wrath of God is revealed from heaven against all ungodliness and unrighteousness of men, who by their unrighteousness suppress the truth." (Romans 1:18 ESV) For we know him who said, "Vengeance is mine; I will repay." And again,...