Giving Away Crypto Keys for $230
Giving Away Crypto Keys for $230
We all know that 256-bit AES is pretty near uncrackable when we throw lots of CPU power at it. In fact, we could turn on all the computers in the world, and let them run for a billion years, and we still wouldn’t be able to brute force it. But … it gives away its secrets for just $230 [here]:
The setup from researchers at Fox-IT and Riscure monitors the radiation from a processor and guesses the 256-bit key used within a few minutes:
The method used is known as Van Eck phreaking.
The equipment used includes: an antenna; an external amplifier; bandpass filters; and a software-defined radio receiver USB stick:
The research team think that the method could be used against standard mobile phones too, with the detection of the EM waves achieved at 30cm and for a 50 second scan.
Crypto leaks
The security community has produced some wonderful encryption algorithms, which are ultra secure, but eventually, all the bits end up in silicon and metal, and it’s there, increasingly, that an intruder will place monitors in order to crack the keys.
The cracking of encryption keys has often involved brute force methods, or targeting flaws in its implementation. There is, though, increasing interest in physical side-channel attacks where there is an unintentional information leakage of cryptography information, such as from electromagnetic radiation, power consumption, electric voltage fluctuations, and even sound and thermal variations. Few companies currently protect their devices against side channel attacks, especially as it would prove costly, and require extensive testing with complex equipment.
Devices too are becoming faster, and, as they do, they are likely to emit an increasing amount of radio and electromagnetic (EM) emissions. A 2GHz processor, for example, is running at the same frequency as our wi-fi signals (2.4 GHz), and often the chips are not protected from emitting radio waves, and that is it a natural by-product of the fast operation of the device. As these high frequencies it is often difficult to stop EM emissions and from these being coupled into nearby wires and into other circuits.
Observing the cache
Just last week security researchers introduced found a flaw in the GnuPG crypto library. This allowed them to crack a 1,024-bit public key and find the associated private key, and thus decrypt secret data. GnuPG is a standard open source library for cryptography (libgcrypt) and used in Windows, Mac and Linux systems [here]:
The vulnerability has been given an ID of CVE-2017–7526 and is attacked with a local FLUSH+RELOAD side-channel attack, where the “left-to-right sliding window” method leaks information about the exponent bits, and where the full key can be recovered. It involves a Level 3 Cache Side-Channel Attack where the cache memory stores the private RSA key.
The attacker observes the memory utilisation of the cache (or from the electromagnetic radiation emitted in the decryption process). While it may be difficult on physical machines, the researchers outline that it is possible to extract the key from one VM onto another. It is also likely that 2,048 bit RSA could be cracked with the same method, but would require more computing resource to crack.
1,024 bit keys fall to current flows
At the current time the limit of cracking RSA is for 768-bit keys and is attacked using the factorization of the modulus (N), but other methods of using side channel attacks, such as, in 2010, observing the current flows on a processor to crack 1,024-bit keys (in less than 100 hours) [here]:
Radio Attacks
There has been work on cracking the RSA algorithm with acoustic methods, along with electromagnetic and voltage variations. Now researchers have taken a significant step forward in a paper entitled [here]:
ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs
Within this paper, the authors outline the cracking of ECDH (Elliptic Curve Diffie-Hellman) which is one of the most popular key exchange methods, and is often used when connecting to sites such as Microsoft Live, Google and Facebook.
In their work they attack the ECDH public key encryption algorithm, and measure electromagnetic changes. It uses carefully chosen ciphertext, and a time-frequency signal analysis technique, in order to crack the key. This releases the decryption key within seconds, including from an antenna in another room.
ECDH is now a popular method, and is basically the Diffie-Hellman key exchange method with the usage of elliptic curve methods.
Power analysis
The work of modulating the power rails on chips is well documented for discovering encryption keys, where the security and protection of the key is reduced. There has also been work on a “cold boot” where the memory chips are frozen, and which keep their bit states:
Differential Power analysis on SIM cards
So up to now, we all thought that SIM cards were secure from most types of attack. But Prof Yu-Yu from Shanghai Jiao Tong University has now shown that 3G/4G SIM cards, using 128-bit AES, can be hacked — so the nightmare of SIM card cloning could come true [paper].
The access to SIM encryption keys is a key focus for law enforcement, and it was highlighted earlier in the year when law enforcement agents were suspected of stealing the billions of encryption keys from Dutch SIM card manufacturer Gemalto. These keys would allow access to both the data and voice messages on the phones.
In his Black Hat USA 2015 presentation this week Prof Yu-Yu outlined how a differential power analysis method that recovers encryption keys from SIM cards and which allows them to be cloned. Overall it takes 10–40 minutes to recover the key, and his method has succeeded on eight of the most popular SIM card manufacturers.
He uses basically an oscilloscope to capture the power changes and a MP300-SC2 protocol analyser, along with a PC to analyse the cryptography (Figure 1). The work uses Differential Power Analysis (DPA). With Simple Power Analysis (SPA) we monitoring the power consumed by the processor, and this can give hints on the contents of its registers and data buses.
Figure 1: Prof Yu-Yu’s experimental setup
With DPA, the chips are given some tests for encryption, and then the power levels are observed for the chips, after which they are analysed to show a correlation of the bit patterns used (Figure 2). The differences in the encryption process are then used to crack the key. For example, we take some test data, and apply a range of keys to the device, and watch the power levels. Each of the power consumption levels will change depending on the activity within the chip.
Figure 2: Power analysis of the AES method
DPA and CPA on AES cracking
The work we have done here cracks 128-bit AES in less than 30 minutes on an Arduino device using power analysis attacks on the AES-128 S-box with differential power analysis (DPA) and correlation power analysis (CPA) [here]: