Pseudorandom Black Swans Cache Attacks on CTR DRBG Shaanan Cohney 1 , Andrew Kwong 2 , Shahar Paz 3 , Daniel Genkin 2 , Nadia Heninger 4 , Eyal Ronen 5 , Yuval Yarom 6 1 University of Pennsylvania 2 University of Michigan 3 Tel Aviv University 4 University of California, San Diego , 5 Tel Aviv University and COSIC (KU Leuven) 6 University of Adelaide and Data61
Lesson Learned (the hard way) Plenty of real-world, random number generation disasters: 1 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Lesson Learned (the hard way) Plenty of real-world, random number generation disasters: ◮ Dual EC Backdoor 1 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Lesson Learned (the hard way) Plenty of real-world, random number generation disasters: ◮ Dual EC Backdoor ◮ Juniper Dual EC Incident (RWC 2016) 1 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Lesson Learned (the hard way) Plenty of real-world, random number generation disasters: ◮ Dual EC Backdoor ◮ Juniper Dual EC Incident (RWC 2016) ◮ DUHK Attack on ANSI X9.31 1 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Standardized Designs NIST SP 800-90 series lists approved designs: 2 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Standardized Designs NIST SP 800-90 series lists approved designs: ◮ Dual EC (deprecated in disgrace) ◮ HMAC DRBG ◮ HASH DRBG ◮ CTR DRBG 2 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Standardized Designs NIST SP 800-90 series lists approved designs: ◮ Dual EC (deprecated in disgrace) ◮ HMAC DRBG ◮ HASH DRBG ◮ CTR DRBG Limited formal analysis until Woodage and Shumow (RWC 2018) 2 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
CTR DRBG ◮ Highly popular (67.8% of FIPS certifications), integrated into libraries, OSes, CPUs 3 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
CTR DRBG ◮ Highly popular (67.8% of FIPS certifications), integrated into libraries, OSes, CPUs ◮ Design: • State consists of key K and counter V 3 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
CTR DRBG ◮ Highly popular (67.8% of FIPS certifications), integrated into libraries, OSes, CPUs ◮ Design: • State consists of key K and counter V • Encrypts incrementing counter to generate output 3 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
CTR DRBG ◮ Highly popular (67.8% of FIPS certifications), integrated into libraries, OSes, CPUs ◮ Design: • State consists of key K and counter V • Encrypts incrementing counter to generate output • Optional user-provided additional entropy 3 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
CTR DRBG: Generate Function K , counter + 1, addin Three Stage Process: 1. Advance State & Add Entropy AES K , counter 4 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
CTR DRBG: Generate Function K , counter + 1 Three Stage Process: 1. Advance State & Add Entropy AES 2. Produce Output output 4 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
CTR DRBG: Generate Function K , counter + 1, addin Three Stage Process: 1. Advance State & Add Entropy AES 2. Produce Output 3. Advance State & Add Entropy K , counter 4 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Key Rotation Flaw [WS19][CWPG+19] Problem 1: Key is not rotated until after encryptions are done–not safe against key compromise! Problem 2: Additional entropy is optional and implementer chosen. 5 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Problem 1: Key Not Rotated Often Enough K , counter + 1 Attacker may be able to compromise K using a side channel attack An attacker then decrypts PRG output to AES learn state: D K ( output ) = counter + 1 output 6 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Problem 2: Lack of Entropy K , counter + 1, addin Once attacker has ( K , counter ), guesses AES addin and calculates updated state K , counter 7 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Problem 2: Lack of Entropy K , counter + 1, addin Once attacker has ( K , counter ), guesses addin and calculates updated state AES If addin is used at all! K , counter 7 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Is a side-channel attack on CTR DRBG realistic? Condition #1: Are CTR DRBG implementations vulnerable to side-channel attacks? “T-table” AES has been a canonical target for cache attacks for 15 years. Most crypto libraries now use AES-NI by default. 8 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Is a side-channel attack on CTR DRBG realistic? Condition #1: Are CTR DRBG implementations vulnerable to side-channel attacks? “T-table” AES has been a canonical target for cache attacks for 15 years. Most crypto libraries now use AES-NI by default. ... but not for AES when used in CTR DRBG. 8 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Is a side-channel attack on CTR DRBG realistic? Condition #1: Are CTR DRBG implementations vulnerable to side-channel attacks? “T-table” AES has been a canonical target for cache attacks for 15 years. Most crypto libraries now use AES-NI by default. ... but not for AES when used in CTR DRBG. Vulnerable T-table AES CTR DRBG implementations: ◮ OpenSSL 1.0.2 FIPS module ◮ NetBSD kernel systemwide PRG ◮ FortiOSv5 ◮ mbedTLS-SGX ◮ nist rng library 8 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
FIPS Requirements “Cryptographic modules may be susceptible to other attacks for which testable security requirements were not available at the time this version of the standard was issued (e.g., power analysis, timing analysis, and/or fault induction) or the attacks were outside of the scope of the standard (e.g., TEMPEST)” – Mitigation of Other Attacks (FIPS 140-2) 9 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Is a side-channel attack on CTR DRBG realistic? Condition #2: Discover an attack scenario that produces enough output. Is this a problem in real world protocols like TLS? Scenario: Attacker compromises PRG state during protocol execution, uses it to compromise cryptographic secrets 10 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Is a side-channel attack on CTR DRBG realistic? Condition #2: Discover an attack scenario that produces enough output. Is this a problem in real world protocols like TLS? Scenario: Attacker compromises PRG state during protocol execution, uses it to compromise cryptographic secrets Empirically, cache attacks require around 2000 bytes of AES output to recover key. 10 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Is a side-channel attack on CTR DRBG realistic? Condition #2: Discover an attack scenario that produces enough output. Is this a problem in real world protocols like TLS? Scenario: Attacker compromises PRG state during protocol execution, uses it to compromise cryptographic secrets Empirically, cache attacks require around 2000 bytes of AES output to recover key. Juniper and DUHK used nonces for state compromise, but these are too short for a cache attack. 10 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Finding long PRG outputs in TLS handshake Brainstorming sources of additional PRG output in TLS handshake: 11 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Finding long PRG outputs in TLS handshake Brainstorming sources of additional PRG output in TLS handshake: ◮ RSA-PSS padding? 11 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Finding long PRG outputs in TLS handshake Brainstorming sources of additional PRG output in TLS handshake: ◮ RSA-PSS padding? ✗ • Randomized signature padding • RFC 8446 restricts PSS salt length for TLS 1.2, so not enough output 11 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Finding long PRG outputs in TLS handshake Brainstorming sources of additional PRG output in TLS handshake: ◮ RSA-PSS padding? ✗ • Randomized signature padding • RFC 8446 restricts PSS salt length for TLS 1.2, so not enough output ◮ ExtendedRandom? 11 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Finding long PRG outputs in TLS handshake Brainstorming sources of additional PRG output in TLS handshake: ◮ RSA-PSS padding? ✗ • Randomized signature padding • RFC 8446 restricts PSS salt length for TLS 1.2, so not enough output ◮ ExtendedRandom? ✗ • Non-standard IETF proposal to permit clients to request up to 216 bytes of randomness from server • No known functional implementations 11 Pseudorandom Black Swans Cohney, Kwong, Paz, Genkin, Heninger, Ronen, Yarom
Recommend
More recommend