Guides Zen and the Art of Breaking Security - Part II

Zen and the Art of Breaking Security – Part II

By Razvan Peteanu for SecurityPortal


Today we will continue our journey into the less explored ways to break security.
Part one has explained what Zen has to do with the topic.


There are cases in which "gentle" techniques like timing or power
analyses are not enough to fulfill the attacker’s goal. Or the goal itself is
not to break the protection scheme but to break through it, to the end
target the mechanism is protecting, in a modern reenactment of Alexander the
Great’s "solution" to the Gordian knot. Enter failure-inducing
attacks
, in which the technique is to induce a failure in the very protection
mechanism itself.


Since computing equipment uses electrical power to function, manipulating the
voltage becomes an obvious target. A handy but coarse attack would be to blow
the circuit up into smoke by applying the 110/220V voltage to it. Not elegant and
a bit dangerous, but perfectly valid in the real world if this is what it takes
to access a bank safe.

This is the very reason security systems should have
a fail-safe operation: the failure of the protection mechanism should leave
the rest of the system in a secure state. A power lock should keep the door
locked in the event of a power outage, and a firewall should be designed so that
if its software crashes, all traffic is blocked between its interfaces.

There
are finer approaches to voltage attacks though. An electrical system, particularly
a complex and delicate one like today’s digital systems, only works correctly
within a specified range of the supply voltage. What happens if we lower this
voltage but just enough to cause malfunctions in the system’s behavior? If
the Vcc, ideally at +5V, is allowed to be between 4.7 and 5.5V, what happens
if we make it 4.6V? Does the circuit detect it and shut down?

Not necessarily,
and [1] describes how a microcontroller and a security processor
were successfully so attacked. In the former case, the microcontroller had its
Vcc (normally +5V) raised up to Vpp -0.5 (Vpp is normally +12V) during repeated
attempts to clear the security bit of the chip. In the latter case, the power
was momentarily dropped in order to cause the release of the chip’s security
lock.

Yet another voltage-lowering attack referenced in [1]
caused a smartcard’s pseudo-random generator to output mainly digits of 1, compromising
the quality of the encryption key.


In situations where direct access to the circuit is not possible, there are
other ways to induce failure: irradiation (which affects the state of registry
and memory cells) or temperature (freezing the circuits with a chemical spray
or heating them with a portable device). Military-grade integrated circuits
have better temperature tolerances, but the wider range was intended to accommodate
harsh weather conditions and not security attacks.


Molecular Computing

We have so far explored several possibilities which, however off the beaten path
they may seem, still revolve around computing and electricity. For a totally
fresh approach to solving a security problem, specifically breaking DES, credits
go to the authors of [2] and [3], who carried
forward an idea set out by Leonard Adleman. In [4], Prof. Adleman
described a way to solve a mathematical problem (the directed Hamiltonian path,
also known as the traveling salesman problem: finding the path that goes exactly
once through all nodes of a graph), proven NP-complete, by means of molecular
biology.

The idea is to map all nodes to DNA sequences, allow a chemo-biological
reaction to happen so that more complex structures are formed, then extract
the "winning" combination, of known length/weight, via magnetic separation,
and analyze it so that the actual sequence is obtained. The key here is the
massive parallelization of the combinatorial work that takes place when all
DNA sequences are mixed up and shaken.

In fact, as noted in [3],
this is a rare case in which the attacker and not the cryptographer is
helped by the parallelization. The entire technique is useless, for the creators
of the message would encrypt the data much faster with existing software
or DES chips. Molecular cryptanalysis is still an emerging field.

The techniques
are still prone to errors, but here is yet another example in which security
can be broken by taking a totally different approach from those considered by
the designers of a mechanism. The strength of DES remains in only being attackable
through brute force and, with classic computing, this takes a lot of time. Not
necessarily so if we look at it with a "beginner’s mind."

Traffic Analysis

Let us go back to the digital world now. In many of the examples above, we wrote
about breaking an encrypted message or a system. Knowing that "something
is going on" is already a significant step for an attacker and, in fact,
perhaps one of the most devastating. The best spy is one that the counter-intelligence
service does not know of. If someone is suspected, already his covert activity
is endangered and, as the Real World shows us, breaking PGP is not necessarily
the only way to get to the cleartext message (perhaps it would be the most
difficult; it is far easier to plant a keystroke logger, as FBI recently did
against Nicodemo Scarfo, to use TEMPEST or plain old espionage).


Excerpt for relying on sheer good luck, people have turned to steganographic
techniques to hide the presence of a message, without necessarily protecting
it further. In the past, steganography relied on cleverness or technology (invisible
ink, microdot photography). In the Internet age, software allows us to hide
messages in images, sounds or text. It is even used for copyright watermarking
of multimedia artworks, so easily stolen and reproduced. It is a wonderfully
covert channel to send information — who would even suspect the JPEG I sent to
my friend had hidden data? Or is it that simple?


Steganography has its disadvantages. It relies on a well-chosen container that
does not reveal the hidden information. For instance, synthesized images with
large areas with the same color information show the "noise." The
data-hiding algorithm itself, if naïve, can lead to the compromise of the
message and all subsequent ones. Public packages use known algorithms, and it
might be possible that interested agencies already have developed detection
techniques. See [5] and [6] for attacks against
watermarking techniques.

It matters a lot whom you are up against. However, we will not dwell into the
pros and cons of steganography itself. After all, as the attacker does not yet
know, there is a hidden message.

Yet, there is something in the big picture that
can lead to suspicions: the traffic itself. Out of nowhere, there is a flurry
of multimedia attachments between two people. Especially for large quantities
of hidden data, you might need many containers. For a party that has access to
the larger data pipes, it is possible to compile statistical information on
the email patterns and signal any significant change. If I suddenly start to
exchange images or, for this matter, even PGP emails (easily identifiable by
searching for the —–BEGIN PGP MESSAGE—– header), this may be flagged as
"interesting, requires further investigation."

We do not have to limit
ourselves to email. Traffic analysis has been used in military intelligence
for a long time. By observing the paths of supply trucks or triangulating radio
transmitters, the relocation of the military bases can be inferred. Cellular
companies use it to detect fraud by flagging unusual call patterns. Banks analyze
electronic payments to detect buying patterns. Intrusion detection systems do
it to signal unusual packets.


Of course, there will be a lot of false positives. By itself, traffic analysis
cannot tell us more, but that’s not its job. Traffic analysis is a statistical
tool and thus requires large amounts of data. It also requires the computing
and logistical means to gather it, including access to points where traffic
is concentrated.

But once a single entity in a big set is singled out, it is
no longer an undifferentiated contributor to the overall traffic. It acquires
an identity in the eye of the attacker, and from here other techniques can be
used. Traffic analysis can still be part of them: by analyzing where my cell
phone is or what phone calls I place, information about the places I go and the people
I know is obtained.

The balance of power has also changed: it is no longer the
monitoring system against the indiscriminate traffic flow, but the system vs.
an entity. And the more information is available, the more expanded in scope
traffic analysis becomes, and at some point the term "surveillance"
would be better suited. But this is where the scope of the article ends. Perhaps
with the ding of a bell.


References

[1] Ross Anderson, Markus Kuhn, Tamper Resistance –
a Cautionary Note

http://citeseer.nj.nec.com/anderson96tamper.html


[2] D. Boneh, C. Dunworth, and R. Lipton, Breaking DES
using a molecular computer

http://theory.stanford.edu/~dabo/abstracts/bioDES.html


[3] Leonard M. Adleman, Paul W. K. Rothemund, Sam Roweisy,
Erik Winfree, On Applying Molecular Computation To The Data Encryption Standard


http://citeseer.nj.nec.com/adleman-applying.html


[4] Leonard M. Adleman, Molecular computation of solutions
to combinatorial problems

http://citeseer.nj.nec.com/adleman94molecular.html


[5] Fabien A.P. Petitcolas, Ross J. Anderson, Markus G.
Kuhn, Attacks on Copyright Marking Systems

http://citeseer.nj.nec.com/318149.html


[6] Neil F. Johnson, Zoran Duric, Sushil Jajodia, Information
Hiding: Steganography and Watermarking – Attacks and Countermeasures
, Kluwer
Academic Pub; ISBN: 0792372042


SecurityPortal is the world’s foremost on-line resource and services
provider for companies and individuals concerned about protecting their
information systems and networks.
http://www.SecurityPortal.com
The Focal Point for Security on the Net ™

Latest Posts

Related Stories