By Razvan Peteanu for SecurityPortal
I’ll admit I had double thoughts about creating yet another variation on the
"Zen and the Art of…" theme. I myself shiver when I see such titles, but I hope
Zen practitioners and Mr. Pirsig [1] will forgive
me this time. The Zen quotation is appropriate for what we will describe
in this two-part series: alternative, perhaps even unusual, means to induce
or exploit security vulnerabilities.
Designing a secure solution, be it a protocol, algorithm or enterprise architecture,
is far from trivial. Apart from the technical or scientific difficulties to
overcome, there is a mental trap easy to fall into: looking at the picture through
the eyes of the designer. The designer often works with concepts, not with the
real thing. We look at an algorithm’s specifications and we mistake it for its
implementation in a particular program. We read several RFCs and we say, this
is TCP/IP.
The more we work on a topic, the stronger the identification
between the concept and its implementation. We often reduce the implementation
to the concept, leaving nothing out of the real thing but the concept that originated
it. In Zen, we are often reminded that the finger pointing to the moon is not
the moon.
Typical example: because algorithm XYZ is not breakable according
to the public research, it must mean that an XYZ encryption program or chip cannot
be broken. We have just reduced the actual implementation to the mathematical
idea. Not only have we limited ourselves in the scope of what we will defend,
but we have also made an implicit assumption that the attack path implies breaking the
algorithm.
Side-channel attacks are those which employ (apparently) "unusual"
methods that seem to have little to do with the security concepts that underlie
a system. For instance, when we think about encryption, we tend to follow the
thought to key size, symmetric or public, brute-force attacks and so on. Granted,
we should think of them. However, there are other ways to attack a cryptographic
system, coming from a totally different direction, addressing not the concept
but the implementation as well as the other pieces in the big picture.
TEMPEST
One example of side-channel attacks is the TEMPEST technology [2].
The topic will be covered in a different article for SecurityPortal, so we won’t
go into many details here, but the essence is that today’s computing systems
are sources of electromagnetic radiation, and this radiation can be intercepted
with appropriate equipment.
The radiation is not devoid of significance like
a light bulb’s, but is modulated by the bits going from one subsystem to another.
The keyboard I type my password on, particularly helped by the long cable to
the PC, sends around signals that could easily allow an attacker to capture
my credentials. The monitor, again linked to the PC with a cable, is another
strong source. Even if I work in a shielded room, some radiation is induced
into and leaks through the power cable and can be intercepted elsewhere near
the building’s transformer.
For such cases, it no longer matters that I have a long
and random PGP passphrase, that the system is virus-free and firewalled and
that the crypto algorithms and their implementation in PGP are flawless. The
real world also consists of the hardware PGP runs on, the electromagnetic fields,
and the building the computer and myself are in, and it is at this level that a perceptive
attacker would strike.
Timing Attacks
A more subtle attempt is the timing attack, which reminds us that, at
the end of the day, any software implementation boils down to running some machine
language instructions on a CPU — and these operations are not instantaneous. Depending
on how the program goes through different logical paths, some actions will take
longer, some shorter.
We normally completely ignore this level of detail, and
only care about if the system is fast or slow, or if the Web page takes
more than two seconds to download. But imagine you have a hardware chip that accepts
a 30-character passphrase to unlock a safe. In his third Mission: Impossible,
Tom Cruise managed to steal the board and gave it to you to find the passphrase
(Hollywood can only do so much). The board contained a single chip. Had it been
like a regular motherboard, with different subsystems, an attacker, by recording the traffic
on the buses, would have access to the machine code and data as
they are transferred from the memory, so the attack would have been significantly
easier.
The 240-bit key is not something fun to attack by brute-forcing the entire
keyspace. For the example’s sake, let’s consider that the implementation is poorly
designed and that although the password check only begins after the entire password
is typed in, the passphrase is actually checked character by character. If
the first character is correct, the check goes to the next character; if not,
the code generates a beep and exits. The second character is checked now, and
so on.
A human user would instantly hear the beep. If the board is connected
to a logic analyzer, however, we can time with very good precision how long
it takes from the moment we input the password until the command signal to the
buzzer is sent. We first try with a password consisting of 30 ‘