Using fault injection attacks for digital forensics

Information about Using fault injection attacks for digital forensics

Published on November 22, 2018

Author: JustinBlack7

Source: slideshare.net

Content

1. 1 Using Fault Injection For Forensics 30 mins October 4, 2018 c0c0n Yashin Mehaboobe

2. 2 #whoami INTRODUCTION • Security Analyst, Riscure • Working on • Embedded Security • Fault Injection • Side Channel Analysis • Conference speaker • Caffeine enthusiast • NOT A LAWYER/LEO

3. 3 Digital Forensics INTRODUCTION • Recovery and subsequent investigation of data from digital devices • Sub discipline within forensics science • Increasingly more digital evidence being used in courts. • Allows for breakthroughs in otherwise difficult cases (BTK)

4. 4 The need for Digital Forensics INTRODUCTION http://www.pewinternet.org/fact-sheet/mobile/

5. 5 The need for Digital Forensics INTRODUCTION External drive, 84 Cell Phones, 228 Computers, 73 Video, 27 http://www.mshp.dps.missouri.gov/MSHPWeb/PatrolDivisions/DD CC/Units/ComputerForensicUnit/index.html

6. 6 Hurdle: Encrypted Devices INTRODUCTION • With rise of easy to use smartphones came easily encrypted devices • A large number of smartphones support disk encryption • Other encrypted devices such as encrypted HDDs and USB mass storage devices are also increasing in number • Termed as ‘warrant-proof’ by US DoJ (Due to 5th amendment issues)

7. 7 Hurdle: Encrypted Devices INTRODUCTION Source: Manhattan DA report on Report on Smartphone Encryption & Public Safety

8. 8 Overview of Encrypted Devices INTRODUCTION Controller w/ crypto Storage USB/SATA INPUT

9. 9 How do Encrypted Devices work INTRODUCTION • Storage usually encrypted with with AES-XTS • User input used as • Authentication • one of the inputs to the key derivation process • Issue with PIN based PBKDF only = Bruteforce • Also possible to store a seed and use it along with the PIN to derive the encryption key. • Most devices also have an auto erase function after n attempts

10. 10 Assets within an encrypted device INTRODUCTION • Core asset within an encrypted device = encryption key/stored data • If encryption key is the same across multiple devices = Scalable attack • Firmware = RE of encryption and key derivation process

11. 11 Example 1 : 2015 San Bernadino attack • Terror attack in California • Perpetrator had an encrypted iPhone 5C • Apple was subpoenaed but refused to decrypt • FBI found other ways to bypass encryption INTRODUCTION Photo courtesy: Kārlis Dambrāns

12. 12 Example 2: Paytsar Bkhchadzhyan INTRODUCTION • Suspect in Paris Hilton hacking case • Suspect had an encryption iPhone device protected by TouchID • An LA judge ruled that 5th amendment doesn’t cover biometrics • Suspect’s fingerprints were then used to unlock the device.

13. 13 Bypass 1 : Debug Ports • Serial port exposed • Unlock command identified • Replay allows access • Repeatable scalable attack INTRODUCTION https://elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way

14. 14 Bypass 2: Debug commands INTRODUCTION • Another device tested by Google researchers had debug commands enabled • Allowed them to dump the master password over USB • This was a scalable repeatable attack https://elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way

15. 15 Bypass 3: Outdated crypto INTRODUCTION • Some devices still use outdated cryptography like RC4 and RSA-512 • Vulnerable to various cryptographic attacks • Encrypting is not Securely encrypting https://elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way

16. 16INTRODUCTION

17. 17 Fault Injection INTRODUCTION • Fault injection is ‘altering the intended behavior of a chip by manipulating its environmental conditions’* • Can be used in various scenarios to bypass otherwise robust checks • Various types of fault injection: • EM • VCC • Clock • Optical * Timmers, Spruyt – Bypassing Secure Boot using Fault Injection

18. 18 5.5V 100 ms 1.8V 5.5V 100 ms 1.8V Voltage FI

19. 19 Fault Injection INTRODUCTION Initialization Function 1 Security Function Function 2 Password=wrongpass1

20. 20 Fault Injection INTRODUCTION Initialization Function 1 Security Function Function 2 Password = wrongpass1

21. 21 Disabling modules Chip Destruction CMP R0,R1 BNE ERROR ... Skipping instructions Preventing R/W Flipping bits Effect of Glitching

22. 22 Bypass 4: Fault injection • FI is getting more viable for forensics • Multiple ways to accomplish this: • bypass authentication • extract the key from memory • extract the firmware to be analyzed later • prevent the attempts counter being incremented.

23. 23 Fault injection setup Target Trigger Power

24. 24 Fault injection setup INTRODUCTION

25. 25 DEMO

26. 26 Why Fault Injection + Forensics INTRODUCTION • Device might be immune to other attacks • Bruteforce++ via counter reset • FI firmware extraction = easier RE of firmware • Cross-device encryption key extraction

27. 27 Tooling Open Source Commercial INTRODUCTION

28. 28 Prevention INTRODUCTION • Fault injection attacks are not unstoppable • Countermeasures exist and have for a while • Smart cards have been reasonably secure against FI for a while • Ensure devices have hardware countermeasures • FI vulnerabilities are not always easy to identify. • Training developers allow for early detection

29. 29 Scalability INTRODUCTION • How scalable are these attacks? • Depends on implementation • Is the root key reused? • Is the firmware contents available? • Any usable attack vector found?

30. 30 Recap INTRODUCTION • Encrypted devices are rising in number • Multiple methods to bypass the security provided by these • Fault injection can be a valid attack path when others fail • Countermeasures can help mitigate fault injection

31. 31 Questions?

32. 32 Challenge your security Riscure B.V. Frontier Building, Delftechpark 49 2628 XJ Delft The Netherlands Phone: +31 15 251 40 90 www.riscure.com Riscure North America 550 Kearny St., Suite 330 San Francisco, CA 94108 USA Phone: +1 650 646 99 79 [email protected] Riscure China Room 2030-31, No. 989, Changle Road Shanghai 200031, China Phone: +86 21 5117 5435 [email protected] Yashin Mehaboobe Security Analyst [email protected]

#whoami presentations

Zer 0 no zer(0 day)   dragon jar
25. 09. 2020
0 views

Zer 0 no zer(0 day) dragon jar

Related presentations


Other presentations created by JustinBlack7

Who needs iot security?
22. 11. 2018
0 views

Who needs iot security?

Top 10 secure boot mistakes
22. 11. 2018
0 views

Top 10 secure boot mistakes