FORGE Course

Full Height |  Two columns |  Parts | 

Hardware Security Theory

Hardware Security Theory 04/10/2017


Security Threat Categories & Critical Infrastructure (CI) Devices

Threats


  • Vulnerable programs (coding bugs, buffer overflows, parsing errors)
  •  Malicious programs (spyware, Trojans)
  •  Misconfigured programs (security features not turned on)
  •  Social engineering (phishing/pharming)
  •  Physical theft (laptops)
  •  Electronic eavesdropping (capturing email)

Critical Infrastructure

Operational Control and Management IT layer

  • Overall supervision of the CI
  • Centralized
  • Server like devices relying on x86 machines

Distributed OT Monitoring and Network layer

  • Distributed (physically or logically) devices that control clusters of in field element
  • OT control loops are realized and deployed in action as well as the OT network functions needed for control and monitor of in field element clusters
  • consists of both IT and OT components (x86 architectures or embedded system architectures)

In-field device/end node layer

  • Data collection or CI micro activities (eg. rail track changes, fluid/gas flow change)
  • Scattered in remote/hard to reach or supervise areas (in railway tracks, in weather stations on mountain ranges, inside power plant facilities etc) and are left unattended for long time periods
  • In field devices may be of analog nature (so few hardware based attacks are possible) but most of the existing nodes are of digital nature and have processing power (“smart” devices) due to embedded system elements in the
  • They have few security protection mechanisms and rely on upper layers for their cyberattack protection
  • Embedded system processor architectures


Securing a device through software


Software cybersecurity countermeasures

  • Firewalls
  • IDS
  • Honeypots
  • SIEM Anomaly detections

Software security libraries to achieve confidentiality, Integrity and Availability etc.

  • OpenSSL
  • PKCS#11 Cryptoki
  • Software Cryptography libraries

Yet software is still vulnerable against a determined attacker

  • Zero day vulnerabilities
  • Latest example…..Ransomware


How can I trust a system remains secure when it relies on software that is fundamentally unsecure?

Can Software Be Made Completely Secure?

Probably not.

  • Modern systems are incredibly complex (hundred thousand security bugs). Not all bugs can be fixed
  • Compatibility requirements prohibit replacing all unsecure software code with secure one
  • There is a need for something to trust in the computing system → a Trusted Computing Base
  • Nearly impossible to achieve that without hardware support


How can I trust that a system is trustworthy?

  • Trusted system: a system that I trust that it will not fail (if it fails the whole security policy collapses)
  • Trustworthy system: a system that  cannot fail
  • Trusted system ----?----> Trustworthy system


How to achieve trust?

  • Answer: Use hardware security to support software system’s security


Securing a device using hardware means


  • Integrate to the software solutions a layer of trust
  • Associate…usually physically connect… a hardware token to a device.
  • The token then handles security services instead of OS related software.
  • Hardware tokens
    • Hard to maliciously alter their functionality
    • Typical vulnerabilities not applicable at this layer
    • Security critical operations performed through hardware means (speed)
    • A “sandboxed” environment that is hard to manipulate.
    • Under circumstances it can be trusted to function as intended to.




   

Hardware Security Modules (HSMs)

  • Cryptography services (cryptographic acceleration)
    • RSA 2048 bit scheme
    • Elliptic Curve Cryptography schemes
    • Hash function
    • Symmetric Key cryptography (e.g tripleDES, AES)
  • Key generation – True random number generation
  • Security protocol realization (e.g SSL/TSL)
  • Public Key Infrastructure functionality (Certificate Authority)
  • Secure Storage


Hardware Security tokens for trust

Trusted system:

“A trusted system is one that behaves in the expected manner for a particular purpose”


How can one report the system state to a third party?
Assumption:

  •     It is much easier to manipulate software than hardware
  •     You can’t provide strong security without HARDWARE means


Trusted Computing Group TPM/TSS approach:

  • Provide a trust anchor in hardware → TPM


Other Trusted computing solutions

  • Global Platform Trusted Execution Environment
  • ARM TrustZone
  • Samsung KNOX
  • Intel SGX, IPT
  • Trustonic
  • Flicker, bastion,…. (research solutions)


Further Notes On Crypto Modules

  • TPM
    • Latest version TPM v2.0
      • SHA-1,  SHA-256 and RSA, ECC (256 key bit, NIST P-256 ) and HMAC, 128-bit AES
      • RSA digital signature generation and verification, and Direct Anonymous Attestation
    • Still most devices use TPM 1.2
      • SHA-1 and RSA and HMAC
      • RSA digital signature generation and verification, and Direct Anonymous Attestation
  • TEE

    • Not so crypto oriented yet provides similar cryptoservices as TPM 1.2
    • Provide Memory and execution isolation between a normal and a trusted zone
  • Smart Cards

    • Support vital crypto operations (e.g AES/TripleDES encryption, MAC and some PK algorithm, like RSA and ECC, (EC)DSA on highly secure modes)
    • May include hardware crypto coprocessor units
    • Rely on low performance processors, low power consumption needed, small computational power


Realizing Hardware Security Modules


Design Challenges

  • Speed
    • Cryptography operations through hardware acceleration
  • Trust
    • Software execution inside the HSM must be impervious to software vulnerabilities
    • Software code that is bug free
    • Trusted execution
  • Protection from Hardware Attacks
    • Side Channel and Fault Injection Attacks
    • Physical Tampering
    • Cloning  (when possible)
    • Hardware Trojan Horses



Attacking Hardware Security Modules


Attack model

  • The HSM stores and processes secret information.
  • The main secrets are private or public keys
  • Cryptography is a key point in an HSM

  • Target:
    • To find the secret keys that are used
    • To acquire a leverage on a security protocols by retrieving the session key

Attack methods

  • Non-invasive attacks (low-cost)
    • observe or manipulate the device without physical harm to it
    • require only moderately sophisticated equipment and knowledge to implement
  • Invasive attacks (expensive)
    • almost unlimited capabilities to extract information from chips and understand their functionality
    • normally require expensive equipment, knowledgeable attackers and time
  • Semi-invasive attacks (affordable)
    • We can inject a fault during computation and observe the fault result. The internal structure of the system remains intact
    • fill the gap between non-invasive and invasive types, being both inexpensive and easily repeatable

Invasive Attack resistance (antitampering)

  • Wrapping the entire security core in fine – grained electronic mesh
  • Encasing the core in epoxy resin
  • Light sensitive diodes, temperature sensors, tamper sensors
  • Sensors to detect variations in voltage and current
  • When an attack is detected, then the chip applies data zeroification, or the chip is rendered useless
  • Tamper resistance levels:
    • LEVEL ZERO
    • LEVEL LOW
    • LEVEL MODL
    • LEVEL MOD
    • LEVEL MODH
    • LEVEL HIGH



Non invasive (Side Channel) Attacks

    


Categorizing  Side channel Attacks

  • 1st Categorization
    • Horizontal Attacks
      • They are mounted using a single leakage trace that is processed in time
    • Vertical attacks
      • The implementation is used N times using either the same or different inputs each time t in order to collect traces-observations Li(t). Each observation is associated with t-th execution of the implementation
  • 2nd Categorization
    • Simple Attacks
      • Enable the attacker to discriminate O1 from O0 in time thus revealing all bits of the secret s
      • Need 1 or few Leakage traces (rely on visual observation, on collisions)
    • Advanced Attacks
      • Not focused only on the operations but also on the Computation operands.
      •  Focused on a subset of the calculation C (and/or Oi) and through collection of sufficiently large number N of leakage traces Li(t) for all t in {1,…N} using inputs Xi(t) exploit the statistical dependency between the calculation on C for all Xi and the secret s.




An Attack example: Elliptic Curve Cryptography accelerator