defeating tls client authentication using fault attacks
play

Defeating TLS client authentication using fault attacks Who are we - PowerPoint PPT Presentation

Feb 26, 2023 •376 likes •889 views

Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @ Security Evaluation Kudelski Security Lab @ Kudelski IoT Embedded systems Hardware attacks security research Glitch / EM Reverse

  1. Defeating TLS client authentication using fault attacks

  2. Who are we ? ● R&D dept. @ ● Security Evaluation Kudelski Security Lab @ Kudelski IoT ● Embedded systems ● Hardware attacks security research – Glitch / EM – Reverse engineering – Lasers ! 2

  3. Introduction ● In more and more use cases we have an embedded device which communicates with a cloud. ● The device (usually) authenticates itself to guarantee data origin. ● Some of the devices are low cost and have no physical security. 3

  4. TLS (in a nutshell)

  5. TLS 1.2 ● Transport Layer Security replaces Secure Sockets Layer ● De facto standard ( the s of https and green lock in the browser) ● Current version is TLS 1.3 released in 2018. ● TLS 1.2 is still massively used. ● Used in IoT for mutual authentication with the cloud. 5

  6. Amazon Web Services IoT 6

  7. AWS IoT authentication ● TLS 1.2 authentication is used by AWS IoT to identify devices. ● AWS FreeRTOS uses mbedTLS from ARM to implement TLS. ● AWS IoT cloud supports the following cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256 (recommended) ECDHE-RSA-AES128-GCM-SHA256 (recommended) ECDHE-ECDSA-AES128-SHA256 ... 7

  8. AWS IoT authentication Client certificate and private key are in the firmware: 8

  9. TLS 1.2 handshake 9

  10. Certificate Verify signature 10

  11. Elliptic Curve Digital Signature Algorithm (in a nutshell too)

  12. ECDSA signature ● TLS allows using RSA or ECDSA as signature algorithms. ● ECDSA has the advantage to have smaller key lengths for the same security level. ● Performance of ECDSA is better for signature. Perfect signature algorithm for IoT. 12

  13. ECDSA From d , the device private key, the signature is computed over the elliptic curve: ( x , y )= k ⋅ P r = x − 1 ( h + rd ) s = k The output signature is (r, s) . The nonce k must be generated randomly and must be unique. 13

  14. ECDSA attack From r it is not possible to recover the value of k (discrete logarithm). But if two different messages have been signed with the same nonce then it is possible to recover k . Then with k we can recover d the private key directly. 2010: PS3 signature key recovery 14

  15. Fault attacks on ECDSA If we are able to set the nonce to a known value or to reduce its entropy then the private key can be recovered with: − 1 d =( ks − h )⋅ r h is known since it is the hash of previous handshake messages 15

  16. MbedTLS implementation

  17. mbedTLS Used in a lot of embedded SDKs “ mbedTLS offers an SSL library with an intuitive API and readable source code, so you can actually understand what the code does. ” (tls.mbed.org) We analyzed the code until we reached the nonce generation 17

  18. MbedTLS implementation The nonce is generated in the mbedtls_ecp_gen_privkey in ecp.c: 18

  19. MbedTLS implementation 19

  20. MbedTLS random nonce generation Fill a buffer with random values: Depending on SDK/target, will use the hardware RNG Convert the buffer to a mbedtls_mpi value: Converts buffer from big- to little-endian... By copying the buffer bytes to dword 20

  21. Attack Idea ● Generate a lookup table containing small nonces multiplied by the generator i.e. with records (k, k P) . ⋅ ● Insert a fault to exit the buffer copy loop earlier. ● The resulting nonce value may be truncated (32 bits). ● If the resulting signature is in our table then we can recover the nonce and then private key ! 21

  22. Code protection ? ● Return value is uninitialized at the beginning of the function ● Compiler initializes the value to 0... ● Function returns 0 if successful 22

  23. Exploitation

  24. ESP32 ● System-on-Chip manufactured by Espressif ● Widely deployed on the field ● Supported by AWS IoT ● Integrated Wi-Fi ● Vulnerable to voltage glitch 24

  25. Previous fault attacks on ESP32 ● LimitedResults: – Voltage glitch – Effects used to ● Bypass AES encryption ● Bypass secure boot ● Extract flash encryption and secure boot keys 25

  26. ESP32 power domains 26

  27. Voltage glitch on ESP32 27

  28. ESP32 preparation 28

  29. ESP32 preparation 29

  30. Chipwhisperer setup ● Voltage glitch was generated by Chipwhisperer using crowbar method. 30

  31. Chipwhisperer setup 31

  32. ESP32 start-up 32

  33. Glitch shape 33

  34. Lookup table ● We generated a lookup table for k from 1 to 2 32 , around 300GB. ● It took two days to generate the table but then one lookup takes 5s. ● The table is similar to the one used during an attack against Bitcoin signature. (https://github.com/nomeata/secp265k1-lookup-table.) 34

  35. Key recovery ● The network was probed and each signature was recorded with the corresponding hash of the previous handshake messages ● If the signature is in our database: 35

  36. Quick win ● During the tests, we found a glitch point that fixes the nonce to 0xFFFFFFFF ● Eases the cracking process 36

  37. Disclosure

  38. MbedTLS implementation ● The call to read_binary was removed from version after 2.16.1 of mbedTLS for performance reasons. But it was still included in ESP32 software until February 2020. ● (Un)fortunately, there are other ways to attack the signature with the same results (CTR_DRBG or HMAC_DRBG). 38

  39. MbedTLS implementation 39

  40. Disclosure ● We contacted ARM with full details of our attack. ● We suggested to change the default return value to something else in our responsible disclosure ● About one month later : “ [...] We generally consider hardware fault attacks out of scope of the Mbed TLS threat model. However, we are happy to work with you on this issue and follow coordinated disclosure with the fix. ● No more communication from ARM since then 40

  41. No response ? 41

  42. Timeline ● 09/09/2019 : Vulnerability reported to ARM. ● 09/27/2019 : ARM acknowledge the vulnerability. ● 11/22/2019 : ARM hardened the library with error status. ● 02/12/2020 : Espressif upgraded to mbedTLS v2.16.5. ● Now : Vulnerability still exists. 42

  43. Possible countermeasures ● Use TLS 1.3 – Handshakes are encrypted ● Use RSA for authentication ? ● Use a hardware secure element 43

  44. Conclusions

  45. Takeaways ● Full key recovery is possible using a single fault. ● This attack is not related to the target platform. ● Software hardening must be implemented carefully. 45

  46. Questions ? 46

  47. Backup slides 47

  48. Previous attacks on ECDSA ● 2014: “Ooh Aah... Just a Little Bit” ● 2019: Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies ● 2019: TPM.fail ● 2019: Minerva 48

  49. Previous fault attack on TLS ● Attacking Deterministic Signature Schemes using Fault Attacks (Poddebniak et al.) : ● Rowhammer on deterministic ECDSA and EdDSA. ● Server attack. ● Needs one faulted and one correct signature for the same message. ● Degenerate Fault Attacks on Elliptic Curve Parameters in OpenSSL (Takahashi et al.) : ● Fault attack on point decompression. ● Application on OpenSSL running on Raspberry Pie. 49

  50. Degenerate Fault Attacks 50

  51. ESP32 preparation 51

Recommend

Transcript collision Attacks Breaking Authentication in TLS, IKE, and SSH G. Leurent, K.

Transcript collision Attacks Breaking Authentication in TLS, IKE, and SSH G. Leurent, K.

Introduction Client Authentication Downgrade Attack Channel Binding Conclusion Transcript collision Attacks Breaking Authentication in TLS, IKE, and SSH G. Leurent, K. Bhargavan (Inria) Transcript collision Attacks Dagstuhl 16012 1 / 20

370 views • 33 slides
TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication

TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication

TLS 1.3 Client Authentication Andrei Popov, Microsoft Corp. Issue 1: TLS Client Authentication After the Handshake The user navigates to the sites landing page, no client authentication required. Eventually, the user requests a

69 views • 6 slides
Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

DAISY D ata A nalysis and I nformation S ecurit Y Lab Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to Audio-based Adversarial Attacks Yingying (Jennifer) Chen Professor, Electrical and Computer

1.05k views • 46 slides
ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User Authentication Authentication process Means of authentication Passwords Vulnerabilities of passwords Password Cracking Dictionary Attacks

472 views • 21 slides
Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph

Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures Christoph Dobraunig, Maria Eichlseder, Hannes Gross, Stefan Mangard, Florian Mendel, Robert Primas ASIACRYPT 2018 IAIK - Graz University of Technology www.tugraz.at

1.01k views • 78 slides
An Efficient Black-box Technique for Defeating Web Application Attacks R. Sekar S tony Brook

An Efficient Black-box Technique for Defeating Web Application Attacks R. Sekar S tony Brook

An Efficient Black-box Technique for Defeating Web Application Attacks R. Sekar S tony Brook University (Research supported by DARPA, NS F and ONR) 2/9/2009 Example: SquirrelMail Command Injection Attack: use maliciously Incom ing

747 views • 21 slides
Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE

Defeating Relay Attacks in NFC Payments Serge Vaudenay COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasec.epfl.ch/ SV 2014 distance-bounding SDTA 14 1 / 42 Relay Attacks 1 Distance-Bounding Protocols 2 3 Asymmetric DB Protocols

1.02k views • 42 slides
RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks Saturday 29th

RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks Saturday 29th

RandomPad: Usability of Randomized Mobile Keypads for Defeating Inference Attacks Saturday 29th April, 2017. IMPS 2017, Paris, France. Anindya Maiti , Kirsten Crager , Murtuza Jadliwala , Jibo He , Kevin Kwiat and Charles

361 views • 35 slides
Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia

Introduction to Fault Attacks Josep Balasch KU Leuven ESAT / COSIC IACR Summer School 2015 Chia Laguna, Sardinia (Italy) 19 October 2015 Introduction to Fault Attacks 19 October 2015 What are fault attacks? Active attacks against

571 views • 27 slides
COLOSSAL DDoS ATTACKS ARE THE NEW REALITY Defeating DDoS Needs a Precision Strategy Your Secure

COLOSSAL DDoS ATTACKS ARE THE NEW REALITY Defeating DDoS Needs a Precision Strategy Your Secure

COLOSSAL DDoS ATTACKS ARE THE NEW REALITY Defeating DDoS Needs a Precision Strategy Your Secure Application Services CONFIDENTIAL | DO NOT DISTRIBUTE Company 1. CONFIDENTIAL | DO NOT DISTRIBUTE Attack Tools over Time - Evolved Binary

385 views • 12 slides
Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France

Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France

Cache attacks: From side channels to fault attacks Clmentine Maurice CNRS, Rennes, France November 16, 2017 Cryptacus Workshop, Nijmegen, Netherlands the attacker only needs unprivileged execution on the victims machine

1.99k views • 164 slides
Mars Attacks! Revisited. Differential Attack 12 Rounds of the MARS Core and Defeating the Complex

Mars Attacks! Revisited. Differential Attack 12 Rounds of the MARS Core and Defeating the Complex

MARS Distinguisher and Subkey Recovery Recovery of the secret key Attack Analysis Conclusion Mars Attacks! Revisited. Differential Attack 12 Rounds of the MARS Core and Defeating the Complex MARS Key Schedule INDOCRYPT11 Michael Gorski,

1.16k views • 48 slides
Fault Attacks on Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

Fault Attacks on Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

Fault Attacks on Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics, University of Auckland PQCrypto 2017, 26th of June 1/15 Outline 1 Preliminaries Introduction Supersingular isogenies SSI cryptosystems 2 Fault attack

379 views • 33 slides
Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE

Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH or: MD5 MUST DIE http://sloth-attack.org Karthikeyan Bhargavan Gatan Leurent Crypto protocols and applications evolve Agility: graceful transition from old to new

228 views • 18 slides
Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier,

Fault Attacks Made Easy: Differential Fault Analysis Automation on Assembly Code Jakub Breier, Xiaolu Hou and Yang Liu 10 September 2018 1 / 25 Table of Contents Background and Motivation 1 Overview of DATAC DFA Automation Tool for

727 views • 25 slides
Beyond Trust PostgreSQL Client Authentication Christoph Mnch-Tegeder 2ndQuadrant

Beyond Trust PostgreSQL Client Authentication Christoph Mnch-Tegeder 2ndQuadrant

Beyond Trust PostgreSQL Client Authentication Christoph Mnch-Tegeder 2ndQuadrant http://www.2ndquadrant.com/ 2017-02-05 Part I Authentication Why Authentication? Too complicated Nobody knows my database Nobody will attack us

813 views • 39 slides
USER AUTHENTICATION GRAD SEC SEP 26 2017 TODAYS PAPERS SPEARPHISHING ATTACKS

USER AUTHENTICATION GRAD SEC SEP 26 2017 TODAYS PAPERS SPEARPHISHING ATTACKS

USER AUTHENTICATION GRAD SEC SEP 26 2017 TODAYS PAPERS SPEARPHISHING ATTACKS SPEARPHISHING ATTACKS Imbue the email with a sense of trust or authority LURE Spoof (or log in as) the source / name Make the topic such that theyll

632 views • 25 slides
CLIENT INITIATED BACKCHANNEL AUTHENTICATION CIBA? CIBA is an authentication flow like OpenID

CLIENT INITIATED BACKCHANNEL AUTHENTICATION CIBA? CIBA is an authentication flow like OpenID

CLIENT INITIATED BACKCHANNEL AUTHENTICATION CIBA? CIBA is an authentication flow like OpenID Connect. However, unlike OpenID Connect, there is direct Relying Party to OpenID Provider communication without redirects through the user's browser.

505 views • 17 slides
Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada

Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada

Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada Popa April 12, 2016 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof. Dan Boneh Authentication &

1.11k views • 73 slides
CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis

CSE392/ISE331 Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application Popular attacks Cross-site

266 views • 15 slides
Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of

Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of

Introduction Threats Setups Attacks Countermeasures Conclusion 1 / 31 Fault Attacks and Countermeasures Michael Hutter Summer School on Design and Security of Cryptographic Algorithms and Devices for Real-World Applications Sibenik,

849 views • 31 slides
Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs

Fault Attacks on Elliptic Curve Cryptosystems Marc Joye Thomson Security Labs marc.joye@thomson.net CryptoPuces 2009 Porquerolles, June 26, 2009 Outline Elliptic Curve Cryptography Inducing Faults Fault Attacks Countermeasures

363 views • 24 slides
Its Not My Fault 1915: rotor machines: (electro-)mechanical - On Fault Attacks on

Its Not My Fault 1915: rotor machines: (electro-)mechanical - On Fault Attacks on

Its Not My Fault Bart Preneel FDTC12 9 September 2011 Symmetric crypto history 101 http://www.ecrypt.eu.org pre-1915: manual encryption or simple devices Its Not My Fault 1915: rotor machines: (electro-)mechanical - On

296 views • 6 slides
Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS REMINDER 2: Security Services in X.800 Authentication 1. Pear entity authentication Data origin authentication Access Control 2.

618 views • 13 slides

More recommend