אני יודע מה עשית בפענוח האחרון : התקפות ערוצי צד על מחשבים אישיים I Know What You Did Last Decryption: Side Channel Attacks on PCs Lev Pachmanov Tel Aviv University Daniel Genkin Technion and Tel Aviv University joint work with Itamar Pipman Adi Shamir Tel Aviv University Weizmann Institute of Science Eran Tromer Tel Aviv University Cryptoday 2014 30 December 2014 1
Side channel attacks 2 probing CPU architecture optical power electromagnetic acoustic
3 Acoustic emanations
4 ENGULF [Peter Wright, pycatcher, p. 84] In 1956, a couple of Post Office engineers fixed a phone at the Egyptian embassy in London.
ENGULF (cont.) 5 The combined MI5/GCHQ operation enabled us to read the Egyptian ciphers in the London Embassy throughout the Suez Crisis.
Acoustic emanations from PCs 6 Noisy electrical components in the voltage regulator Bzzzzzz Commonly known as coil-whine but also originates from capacitors
Experimental setup (example) 7 attacker amplifier microphone target digitizer
8 Demo: distinguishing instructions
time 9 Distinguishing various CPU operations [Shamir Tromer 04] frequency 280kHz 1sec
Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key for i=1 2048 sqr( ) if key[i]=1 mul( ) Hard for PCs 10
Traditional side channel attacks methodology 1. Grab/borrow/steal device 2. Find key-dependent instruction 3. Record emanations using high-bandwidth equipment (> clock rate, PC: >2GHz) 4. Obtain traces 5. Signal and cryptanalytic analysis 6. Recover key 11 Complex electronics running complicated software Hard for (in PCs parallel) vs. Not handed out vs. Measuring a 2GHz PC requires expansive and bulky equipment (compared to a 100 MHz smart card) 100,000$ vs. 1,000$
12 Acoustic Leakage of RSA
Definitions (RSA) 13
time GnuPG RSA key distinguishability [Shamir Tromer 04] frequency mod p mod q sound of the keys (after frequency downshifting and filtering) 14
15 Key Extraction
Our results: acoustic RSA key extraction Low-bandwidth cryptanalytic attacks 50 khz bandwidth to attack a 2 GHz CPU Inexpensive equipment Common cryptographic software GnuPG 1.4.15 (CVE 2013-4576) Worked with GnuPG developers to mitigate the attack Applicable to various laptop models 16
Amplifying the key dependency Difficulties when attacking RSA 2GHz CPU speed vs. 50kHz measurements Cannot rely on a single key-dependent instruction New idea: leakage self-amplification abuse algorithm s own code to amplify its own leakage! Craft suitable cipher-texts to affect the code inside inner-most loop Small differences in repeated inner-most loops cause a big overall difference in code behavior Measure acoustic leakage 17
18 An adaptive chosen-ciphertext attack 1111...1 Bit-distinguisher oracle 1000 0 10
An adaptive chosen-ciphertext attack 19 Bit distinguisher oracle Error correction Just q Coppersmith lattice reduction: half the bits suffice send chosen ciphertexts using
20 modular_exponentiation(c,d,q){ karatsuba_mult(a,c) } karatsuba_mult(a,c){ basic_mult(x,y) } basic_mult(x,y){ if (y[j]==0) return 0 else return y[j]*x } x7 Grand total: 272384 times ~0.5 sec of measurements x19 x2048
Modular exponentiation 21 no key dependent operation to measure
22
23
24 Multiplication is repeated 2048 times (0.5 sec of data) Single multiplication is way too fast for us to measure
25 Empirical Results
time Distinguishing a key bit by a spectral signature 26 time frequency frequency mod p mod p mod q mod q
27 Demo: key extraction
Results 28 RSA 4096-bit key extraction from 1 meter away using a microphone
Results RSA 4096-bit key extraction from 10 meters away using a parabolic microphone 29
Results 30 RSA 4096-bit key extraction from 30cm away using a smartphone
Karatsuba multiplication 31
Basic multiplication 32 Repeated for a total of 8 times in this call and for a total of up to ~300,000 times!, allowing for the leakage to be detectable using low bandwidth means (such as sound).
33 Electric Channels
34 Power analysis Power analysis: measure device s power consumption RSA 4096-bit key extraction is possible in a few seconds
Ground-potential analysis Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects dumped to connected to Computation currents and EM fields device ground conductive chassis Key = 101011 35
36 Demo: key extraction
RSA and ElGamal key extraction in a few seconds using direct chassis measurement (non-adaptive attack) 37 Key = 101011
RSA and ElGamal key extraction in a few seconds using human touch (non-adaptive attack) 38 Key = 101011
Ground-potential analysis 39 Attenuating EMI emanations Unwanted currents or electromagnetic fields? Dump them to the circuit ground! (Bypass capacitors, RF shields, ) Device is grounded, but its ground potential fluctuates relative to the mains earth ground. affects connected to connected to Computation device ground conductive chassis shielded cables Even when no data, or port is turned off. Key = 101011
40 Demo: key extraction
RSA and ElGamal key extraction in a few seconds using the far end of 10 meter network cable (non-adaptive attack) 41 works even if a firewall is present, or port is turned off Key = 101011
Key extraction on far side of Ethernet cable using a mobile phone 42
Electromagnetic key extraction Currents inside the target create electromagnetic waves. Can be detected using an electromagnetic probe (e.g., a loop of wire). 43
Electromagnetic key extraction Currents inside the target create electromagnetic waves. Can be detected using an electromagnetic probe (e.g., a loop of wire). 44
45 Countermeasures (class discussion)
Ineffective countermeasures 46 1. Shielding
Ineffective countermeasures (cont.) 2. Adding noise (play loud music while decrypting) 3. Concurrent software load 47
Countermeasures (ciphertext randomization) 48
cs.tau.ac.il/~tromer/acoustic CRYPTO 14 CVE 2013-4576 cs.tau.ac.il/~tromer/handsoff CHES 14 CVE-2014-5270 cs.tau.ac.il/~tromer/radioexp CHES 15 CVE-2014-3591 49
cs.tau.ac.il/~tromer/acoustic CRYPTO 14 CVE 2013-4576 cs.tau.ac.il/~tromer/handsoff CHES 14 CVE-2014-5270 cs.tau.ac.il/~tromer/radioexp CHES 15 CVE-2014-3591 50
cs.tau.ac.il/~tromer/acoustic CRYPTO 14 CVE 2013-4576 cs.tau.ac.il/~tromer/handsoff CHES 14 CVE-2014-5270 cs.tau.ac.il/~tromer/radioexp CHES 15 CVE-2014-3591 51
52