physical security
Download
Skip this Video
Download Presentation
Physical Security

Loading in 2 Seconds...

play fullscreen
1 / 39

Physical Security - PowerPoint PPT Presentation


  • 74 Views
  • Uploaded on

Physical Security. [email protected] Overview. Smart cards RFIDs Attacks (Semi)-Natural tags Conclusions. Smart Cards. Smart cards. Broken!. 53.98 mm. 85.6 mm. 0.76 mm.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Physical Security' - spike


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
overview
Overview
  • Smart cards
  • RFIDs
  • Attacks
  • (Semi)-Natural tags
  • Conclusions

IIS

smart cards1
Smart cards

Broken!

53.98 mm

85.6 mm

0.76 mm

[And96] R. J. Anderson and M. G. Kuhn. Tamper resistance - A cautionary note. In 2nd Int. Usenix Workshop on Electronic Commerce, pages 1-11, Oakland, California, Nov 1996. USENIX Association. http://www.usenix.org/publications/library/proceedings/ec96/kuhn.html

IIS

what makes the card smart
What makes the card smart?
  • CPU (8, 16, 32 bit)
  • Memory (RAM, ROM, EEPROM, Flash)
  • I/O channel (Contact/Contact less)
  • Cryptographic co-processor
  • On card devices (Fingerprint, display)
  • Standards (ISO 7816, GSM, EMV, VOP)

IIS

main security features
Main security features
  • Symmetric crypto
  • Asymmetric crypto relatively slow
  • Hardware random number generator
  • Hardware tamper resistance
  • X-tal clock vulnerable
  • Life cycle management

IIS

communication
Communication
  • ISO 7816-4:

9600 bps : slow

  • USB : bulky
  • Bluetooth: power
  • Biometrics: slow

www.fingerchip.com

IIS

displays
Displays
  • Plastic, glass
  • Emissive, non-emissive
  • Refresh, bi-stable
  • Segment, dot-matrix
  • Problems: connections, yield, power, thickness, price!

[Pra01] D. Praca and C. Barral. From smart cards to smart objects: the road to new smart technologies. Computer Networks, 36(4):381-389, Jul 2001. http://dx.doi.org/10.1016/S1389-1286(01)00161-X

IIS

clock power
Clock & Power
  • Clock
    • Xtal 0.6 mm
    • MEMS (0.002% acc.)
  • Battery
    • Thickness
    • power density
    • when to recharge

IIS

integration is hard
Integration is hard
  • Display
  • Button
  • 32-bit CPU
  • Large memory
  • Battery
  • Comms
  • >> 25mm2

Photo: Philips Semiconductors

IIS

what is an rfid tag
What is an RFID tag?
  • Antenna + small chip in ambient field
  • Passive, replies to queries only
  • Can be used for almost anything
    • Supply Chain Management & Checkout (Wallmart, Benetton)
    • Homeland security
    • User convenience
    • Access to buildings

Nokia 6131 NFC

IIS

privacy issues
Privacy issues
  • Sniffing
    • Data collection in proximity (skimming)
    • Correlate data from different tags
  • Counter measures
    • Shield antenna in passport with tinfoil
    • Encrypt the template with MRZ data
    • Reduce transmit range
    • Light controlled on/off switch
    • Long and short range interface
    • Time delayed transmit of sensitive info

Watch this video

[Bir07] N. Bird, C. Conrado, J. Guajardo, S. Maubach, G. Jan Schrijen, B. Skorić, A. M. H. Tombeur, P. Thueringer, and P. Tuyls. ALGSICS - combining physics and cryptography to enhance security and privacy in RFID systems. In F. Stajano, C. Meadows, S. Capkun, and T. Moore, editors, 4th European Workshop on Security and Privacy in Ad-hoc and Sensor Networks (ESAS), volume LNCS 4572, pages 187-202, Cambridge, UK, Jul 2007. Springer. http://dx.doi.org/10.1007/978-3-540-73275-4_14

IIS

attacks

Attacks

[Wit02] M. Witteman. Advances in smartcard security. Information Security Bulletin, pages 11-22, Jul 2002. http://www.riscure.com/fileadmin/images/Docs/ISB0707MW.pdf

attacks1
Attacks
  • Operational
    • Blackmail
    • Burglary
    • Bribery
  • Technical
    • Logical
    • Physical
    • Side channel
  • Attackers
    • I: Clever outsiders
    • II: Knowledgeable insiders
    • III: Funded Organisations

IIS

logical attacks
Logical attacks
  • The code is too complex
    • Hidden commands
    • Parameter poisoning & Buffer overflow
    • Malicious or buggy applets
    • Protocol problems (e.g. retransmit)
    • Proprietary crypto
  • Counter measures
    • Structured design & code inspection
    • Formal methods
    • Testing

IIS

example rfid virus
Example: RFID virus
  • There is a large amount of code
  • Generic protocols and facilities
  • Back end data bases
  • So the usual attacks:
    • Buffer overflow
    • SQL injection “;shutdown--”
  • Don’t trust data from RFID tag…

Best paper

award

[Rie06] M. R. Rieback, B. Crispo, and A. S. Tanenbaum. Is your cat infected with a computer virus? In 4th Annual IEEE Int. Conf. on Pervasive Computing and Communications (PerCom), pages 169-179, Pisa, Italy, Mar 2006. IEEE Computer Society. http://dx.doi.org/10.1109/PERCOM.2006.32

IIS

physical attacks
Physical attacks
  • The circuitry is complex and vulnerable
    • Chemicals & etching
    • SEM Voltage contrast
    • Probe stations
    • Focused Ion Beam (FIB) to make probe pads
  • Counter measures
    • Reduced feature size (100nm)
    • Multi layering
    • Protective layers
    • Sensors
    • Bus scrambling

IIS

low cost physical attacks
Low cost physical attacks
  • Block EEPROM writes by isolating Vpp
  • Rent focused Ion beam

[And97d] R. J. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In 5th Int. Workshop on Security Protocols, volume LNCS 1361, pages 125-136, Paris, France, Apr 1997. http://dx.doi.org/10.1007/BFb0028165

IIS

side channel attacks
Side channel attacks
  • Physical phenomena can be measured
    • Power
    • EM radiation (X-ray, light, sound)
    • Time
  • and changed
    • Voltage (example later)
    • Frequency (example later)

Watch this video

[Vua09] M. Vuagnoux and S. Pasini. Compromising electromagnetic emanations of wired andWireless keyboards. In 18th USENIX Security Symp., pages 1-16, Montreal, Canada, Aug 2009. USENIX Assoc. http://www.usenix.org/events/sec09/tech/full_papers/vuagnoux.pdf

IIS

timing attack
Timing attack
  • Exponentiation by square and multiply
    • for i = n − 2 downto 0
    • X = X2
    • if (d[i] == 1) then
    • X = X*M
  • Power trace shows bits 1 in the key

IIS

simple power analysis
Simple power analysis
  • 16 rounds DES
  • Rounds 2 & 3

[Koc99] P. C. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In M. J. Wiener, editor, 19th Int. Conf. on Advances in Cryptology (CRYPTO), volume 1666 of LNCS, pages 388-397, Santa Barbara, California, Aug 1999. Springer. http://www.cryptography.com/resources/whitepapers/DPA.pdf

IIS

differential power attacks
Differential power attacks
  • Difference in the third cycle due to difference in input value for encryption

IIS

active attacks power dip
Active attacks : Power Dip

A power Dip at the

Moment of reading

a memory cell

vcc

  • read a 0 as a 1
  • Protection measure
    • Check VCC & raise an alarm if it drops
    • Problem: Fast transients during start-up may raise false alarms

Reading

threshold

Stored value

of logical zero

gnd

IIS

active attacks clock glitch
Active attacks : Clock Glitch
  • Dump all of the memory
  • Replace 5MHz pulse by 4 pulses of 20MHz:
    • b = answer_address
    • a = answer_length
    • If (a == 0) goto 8
    • transmit(*b)
    • b=b+1
    • a=a-1
    • goto 3

Glitch here

[And97d] R. J. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In 5th Int. Workshop on Security Protocols, volume LNCS 1361, pages 125-136, Paris, France, Apr 1997. http://dx.doi.org/10.1007/BFb0028165

IIS

countermeasures
Countermeasures
  • Hardware
    • Lower power signals
    • Increase noise levels
    • Introduce timing noise
  • Software
    • Parallelism
    • Introduce random delays
    • Constant time execution
    • Blinding intermediate values

IIS

countermeasures1
Countermeasures
  • Make attacks harder but not impossible
  • Hard to get right
  • Expensive to implement

IIS

out of the box thinking
Out of the box thinking
  • The humble Capacitor
    • Emanates acoustic signals
    • Sensitive to shocks and vibration
    • C  A / d

IIS

listen to a pc multiplying
Listen to a PC multiplying

Freeze 1500 μF

capacitor

http://people.csail.mit.edu/tromer/acoustic/

IIS

design guidelines
Design guidelines
  • Define the level of security needed
  • Perform a risk analysis
  • Consider the attackers business case
  • Use the right technologies
  • Build in fraud management
  • Design recovery and fall-back
  • Consider the overall system

IIS

ibm 4758 crypto coprocessor
IBM 4758 Crypto Coprocessor
  • Rolls Royce of secure devices
  • Tamper sensing barrier
  • Keys move in the RAM
  • Temperature & X-ray sensor
  • Solid aluminium case & epoxy potting
  • low pass filter on power supply
  • Used in ATMs
  • Hacked!

[Cla03b] R. Clayton and M. Bond. Experience using a Low-Cost FPGA design to crack DES keys. In 4th Int. Workshop on Cryptographic Hardware and Embedded Systems (CHES), volume LNCS 2523, pages 877-883, Redwood Shores, California, 2003. Springer. http://dx.doi.org/10.1007/3-540-36400-5_42

IIS

finger printing
Finger printing

[Buc05] J. D. R. Buchanan, R. P. Cowburn, A.-V. Jausovec, D. Petit, P. Seem, G. Xiong, D. Atkinson, K. Fenton, D. A. Allwood, and M. T. Bryan. Forgery: \'fingerprinting\' documents and packaging. Nature, 436(7050):475, Jul 2005. http://dx.doi.org/10.1038/436475a

IIS

philips coating puf
Philips Coating PUF

[Sko08] B. Škorić, G.-J. Schrijen, W. Ophey, R. Wolters, N. Verhaegh, and J. van Geloven. Experimental hardware for coating PUFs and optical PUFs. In P. Tuyls, B. Škorić, and T. Kevenaar, editors, Security with Noisy Data - On Private Biometrics, Secure Key Storage and Anti-Counterfeiting, pages 255-268. Springer London, 2008. http://dx.doi.org/10.1007/978-1-84628-984-2_15

IIS

mems particles
MEMS particles
  • 1x1x12 m particles, shapes
  • Church and school roof, power line grease/gel
  • Jewellery fluid
  • Spray vandals/thiefs
  • Smart water

Watch this video

[Kay92] P. H. Kaye, F. Micheli, M. Tracey, E. Hirst, and A. M. Gundlach. The production of precision silicon micromachined non-spherical particles for aerosol studies. Journal of Aerosol Science, 23(Suppl 1):201-204, 1992. http://dx.doi.org/10.1016/0021-8502(92)90384-8

http://www.redwebsecurity.com/

IIS

conclusions
Conclusions
  • Affordable tamper resistance technology exists
  • Getting it right is difficult
  • Out of the box thinking required

IIS

ad