Zen and the Art of Breaking Security - Part II
Today we will continue our journey into the less explored ways to break security. Part one has explained what Zen has to do with the topic.
There are cases in which "gentle" techniques like timing or power analyses are not enough to fulfill the attacker's goal. Or the goal itself is not to break the protection scheme but to break through it, to the end target the mechanism is protecting, in a modern reenactment of Alexander the Great's "solution" to the Gordian knot. Enter failure-inducing attacks, in which the technique is to induce a failure in the very protection mechanism itself.
Since computing equipment uses electrical power to function, manipulating the voltage becomes an obvious target. A handy but coarse attack would be to blow the circuit up into smoke by applying the 110/220V voltage to it. Not elegant and a bit dangerous, but perfectly valid in the real world if this is what it takes to access a bank safe.
This is the very reason security systems should have a fail-safe operation: the failure of the protection mechanism should leave the rest of the system in a secure state. A power lock should keep the door locked in the event of a power outage, and a firewall should be designed so that if its software crashes, all traffic is blocked between its interfaces.
There are finer approaches to voltage attacks though. An electrical system, particularly a complex and delicate one like today's digital systems, only works correctly within a specified range of the supply voltage. What happens if we lower this voltage but just enough to cause malfunctions in the system's behavior? If the Vcc, ideally at +5V, is allowed to be between 4.7 and 5.5V, what happens if we make it 4.6V? Does the circuit detect it and shut down?
Not necessarily, and  describes how a microcontroller and a security processor were successfully so attacked. In the former case, the microcontroller had its Vcc (normally +5V) raised up to Vpp -0.5 (Vpp is normally +12V) during repeated attempts to clear the security bit of the chip. In the latter case, the power was momentarily dropped in order to cause the release of the chip's security lock.
Yet another voltage-lowering attack referenced in  caused a smartcard's pseudo-random generator to output mainly digits of 1, compromising the quality of the encryption key.
In situations where direct access to the circuit is not possible, there are other ways to induce failure: irradiation (which affects the state of registry and memory cells) or temperature (freezing the circuits with a chemical spray or heating them with a portable device). Military-grade integrated circuits have better temperature tolerances, but the wider range was intended to accommodate harsh weather conditions and not security attacks.
We have so far explored several possibilities which, however off the beaten path they may seem, still revolve around computing and electricity. For a totally fresh approach to solving a security problem, specifically breaking DES, credits go to the authors of  and , who carried forward an idea set out by Leonard Adleman. In , Prof. Adleman described a way to solve a mathematical problem (the directed Hamiltonian path, also known as the traveling salesman problem: finding the path that goes exactly once through all nodes of a graph), proven NP-complete, by means of molecular biology.
The idea is to map all nodes to DNA sequences, allow a chemo-biological reaction to happen so that more complex structures are formed, then extract the "winning" combination, of known length/weight, via magnetic separation, and analyze it so that the actual sequence is obtained. The key here is the massive parallelization of the combinatorial work that takes place when all DNA sequences are mixed up and shaken.
In fact, as noted in , this is a rare case in which the attacker and not the cryptographer is helped by the parallelization. The entire technique is useless, for the creators of the message would encrypt the data much faster with existing software or DES chips. Molecular cryptanalysis is still an emerging field.
The techniques are still prone to errors, but here is yet another example in which security can be broken by taking a totally different approach from those considered by the designers of a mechanism. The strength of DES remains in only being attackable through brute force and, with classic computing, this takes a lot of time. Not necessarily so if we look at it with a "beginner's mind."
Let us go back to the digital world now. In many of the examples above, we wrote about breaking an encrypted message or a system. Knowing that "something is going on" is already a significant step for an attacker and, in fact, perhaps one of the most devastating. The best spy is one that the counter-intelligence service does not know of. If someone is suspected, already his covert activity is endangered and, as the Real World shows us, breaking PGP is not necessarily the only way to get to the cleartext message (perhaps it would be the most difficult; it is far easier to plant a keystroke logger, as FBI recently did against Nicodemo Scarfo, to use TEMPEST or plain old espionage).
Excerpt for relying on sheer good luck, people have turned to steganographic techniques to hide the presence of a message, without necessarily protecting it further. In the past, steganography relied on cleverness or technology (invisible ink, microdot photography). In the Internet age, software allows us to hide messages in images, sounds or text. It is even used for copyright watermarking of multimedia artworks, so easily stolen and reproduced. It is a wonderfully covert channel to send information who would even suspect the JPEG I sent to my friend had hidden data? Or is it that simple?
Steganography has its disadvantages. It relies on a well-chosen container that does not reveal the hidden information. For instance, synthesized images with large areas with the same color information show the "noise." The data-hiding algorithm itself, if naïve, can lead to the compromise of the message and all subsequent ones. Public packages use known algorithms, and it might be possible that interested agencies already have developed detection techniques. See  and  for attacks against watermarking techniques.
It matters a lot whom you are up against. However, we will not dwell into the pros and cons of steganography itself. After all, as the attacker does not yet know, there is a hidden message.
Yet, there is something in the big picture that can lead to suspicions: the traffic itself. Out of nowhere, there is a flurry of multimedia attachments between two people. Especially for large quantities of hidden data, you might need many containers. For a party that has access to the larger data pipes, it is possible to compile statistical information on the email patterns and signal any significant change. If I suddenly start to exchange images or, for this matter, even PGP emails (easily identifiable by searching for the -----BEGIN PGP MESSAGE----- header), this may be flagged as "interesting, requires further investigation."
We do not have to limit ourselves to email. Traffic analysis has been used in military intelligence for a long time. By observing the paths of supply trucks or triangulating radio transmitters, the relocation of the military bases can be inferred. Cellular companies use it to detect fraud by flagging unusual call patterns. Banks analyze electronic payments to detect buying patterns. Intrusion detection systems do it to signal unusual packets.
Of course, there will be a lot of false positives. By itself, traffic analysis cannot tell us more, but that's not its job. Traffic analysis is a statistical tool and thus requires large amounts of data. It also requires the computing and logistical means to gather it, including access to points where traffic is concentrated.
But once a single entity in a big set is singled out, it is no longer an undifferentiated contributor to the overall traffic. It acquires an identity in the eye of the attacker, and from here other techniques can be used. Traffic analysis can still be part of them: by analyzing where my cell phone is or what phone calls I place, information about the places I go and the people I know is obtained.
The balance of power has also changed: it is no longer the monitoring system against the indiscriminate traffic flow, but the system vs. an entity. And the more information is available, the more expanded in scope traffic analysis becomes, and at some point the term "surveillance" would be better suited. But this is where the scope of the article ends. Perhaps with the ding of a bell.
 Ross Anderson, Markus Kuhn, Tamper Resistance -
a Cautionary Note
 D. Boneh, C. Dunworth, and R. Lipton, Breaking DES
using a molecular computer
 Leonard M. Adleman, Paul W. K. Rothemund, Sam Roweisy,
Erik Winfree, On Applying Molecular Computation To The Data Encryption Standard
 Leonard M. Adleman, Molecular computation of solutions
to combinatorial problems
 Fabien A.P. Petitcolas, Ross J. Anderson, Markus G.
Kuhn, Attacks on Copyright Marking Systems
SecurityPortal is the world's foremost on-line resource and services
provider for companies and individuals concerned about protecting their
information systems and networks.
The Focal Point for Security on the Net (tm)