SlideShare a Scribd company logo

[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices

S
srkedmi

This document discusses attacking the Linux pseudo-random number generator (PRNG) on Android and embedded devices. It begins by motivating the attack by describing a previous vulnerability discovered in the Android keystore. It then provides an overview of the Linux PRNG and describes how an attacker could reconstruct the PRNG's internal state by simulating PRNGs with different seeds and comparing to leaked values from the real PRNG. It discusses problems with mounting the attack and where leaks could be obtained, such as during the kernel or platform boot process. It then describes a local attack method using a malware to obtain a PRNG seed and bypass stack canary protection.

Technology
1 of 94
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
Attacking the Linux PRNG on Android & Embedded Devices David Kaplan, Sagi Kedmi, Roee Hay & Avi Dayan IBM Security Systems
agenda • Motivation and Introduction • Linux Random Number Generator
agenda • Motivation and Introduction • Linux Random Number Generator • Our Attack • 1st Attack Vector – Local Atk. • Demo • 2nd Attack Vector – Remote Atk.
agenda • Motivation and Introduction • Linux Random Number Generator • Our Attack • 1st Attack Vector – Local Atk. • Demo • 2nd Attack Vector – Remote Atk. • Mitigations
MOTIVATION
motivation_keystore_buffer_overflow • We discovered CVE-2014-3100, a stack-based Buffer Overflow in Keystore • Service responsible for securely storing crypto related data • We had privately reported to Google and they provided a patch available in KITKAT. Whitepaper. • Exploit must overcome various defense mechanisms, including Stack Canaries. /* KeyStore is a secured storage for key-value pairs. In this implementation, * each file stores one key-value pair. Keys are encoded in file names, and * values are encrypted with checksums. The encryption key is protected by a * user-defined password. To keep things simple, buffers are always larger than * the maximum space we needed, so boundary checks on buffers are omitted. */
motivation_keystore_buffer_overflow Stack canaries and their enforcement LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits • On libbionic load: __stack_chk_guard = *(uintptr_t *)getauxval(AT_RANDOM)); • Function Prologue: ● Place __stack_chk_guard on the stack (before ret). • Function Epilogue: ● Compare saved stack canary with __stack_chk_guard; → Crash if mismatch
motivation_keystore_buffer_overflow Stack canaries and their enforcement LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits • On libbionic load: __stack_chk_guard = *(uintptr_t *)getauxval(AT_RANDOM)); • Function Prologue: ● Place __stack_chk_guard on the stack (before ret). • Function Epilogue: ● Compare saved stack canary with __stack_chk_guard; → Crash if mismatch ● fork() → execve(). ● execve() → Auxiliary vector (AUXV) ● AUXV[AT_RANDOM] = 16 Random bytes from the PRNG ● libbionic assigns canary = first 4 bytes of AT_RANDOM Canary origins; *nix process creation model
motivation_keystore_buffer_overflow Stack canaries and their enforcement LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits • On libbionic load: __stack_chk_guard = *(uintptr_t *)getauxval(AT_RANDOM)); • Function Prologue: ● Place __stack_chk_guard on the stack (before ret). • Function Epilogue: ● Compare saved stack canary with __stack_chk_guard; → Crash if mismatch ● fork() → execve(). ● execve() → Auxiliary vector (AUXV) ● AUXV[AT_RANDOM] = 16 Random bytes from the PRNG ● libbionic assigns canary = first 4 bytes of AT_RANDOM Canary origins; *nix process creation model Remember this; We'll get back to it
motivation_keystore_buffer_overflow LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits Attacks on the Stack-Smashing Protection: • Naive Online Bruteforce of the Canary Value • Impractical: 2^32 attempts on average.
motivation_keystore_buffer_overflow LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits Attacks on the Stack-Smashing Protection: • Naive Online Bruteforce of the Canary Value • Impractical: 2^32 attempts on average. • Online Learning of the Canary Value • By another info leak issue • Re-forking server: • Very efficient: 514 attempts until success on average
motivation_keystore_buffer_overflow LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) Stack Guard initialization 32 bits 128 bits __stack_chk_guard Attacks on the Stack-Smashing Protection: • Naive Online Bruteforce of the Canary Value • Impractical: 2^32 attempts on average. • Online Learning of the Canary Value • By another info leak issue • Re-forking server: • Very efficient: 514 attempts until success on average • Overwrite __stack_chk_guard • By overwriting some pointer
motivation_keystore_buffer_overflow LR Saved Registers Canary (32 bits) Buffer Attacks on the Stack-Smashing Protection: • Naive Online Bruteforce of the Canary Value • Impractical: 2^32 attempts on average. • Online Learning of the Canary Value • By another info leak issue • Re-forking server: • Very efficient: 514 attempts until success on average • Overwrite __stack_chk_guard • By overwriting some pointer • Our attack: Offline reconstruction of the PRNG’s internal state Stack layout Linux PRNG AUXV(AT_RANDOM) Stack Guard initialization 32 bits 128 bits __stack_chk_guard__stack_chk_guard__stack_chk_guard
motivation_wrap_up LR Saved Registers Canary (32 bits) Buffer Wrap things up: • We found a vulnerability in a critical service in Android 4.3. • In an effort to exploit it, we had to overcome a stack canary, we couldn't do so using known techniques. • Canaries are 4 random bytes that are extracted from the Linux PRNG. • Aimed to find a weakness in the PRNG that will allow us to intelligently guess the canary. • End up with a full-fledged attack on the Linux PRNG. Stack layout Linux PRNG AUXV(AT_RANDOM) Stack Guard initialization 32 bits 128 bits __stack_chk_guard__stack_chk_guard__stack_chk_guard
LINUX PRNG
INPUT POOL BLOCKING POOL NON-BLOCKING POOL /dev/urandom /dev/random get_random_bytes() lprng_overview Bird's eye view • Output is hashed twice using SHA1 • Extracts in blocks of 10 bytes and truncates if necessary.
INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) INTERRUPT DISK INPUT T I M E R time if KEC >= 192 bits *KEC = Kernel Entropy Count entropy_sources 63 31 0 seconds nanoseconds
INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) INTERRUPT DISK INPUT T I M E R time if KEC < 192 bits *KEC = Kernel Entropy Count boot_time_vulnerability 63 31 0 seconds nanoseconds
NON-BLOCKING-POOL ktime_t EXTRACTION (PULL) boot_time_vulnerability 63 31 0 seconds nanoseconds
boot_timeline Device powers on Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready May occur In different order
OUR WORK
Prior art on weakness in early boot * Present practical run-time attack Formalize attack Demonstrate PoC against current mobile platforms contribution * Heninger et al. 2012, Becherer et al. 2009, Ding et al. 2014
Given a LEAK of a value extracted from the non-blocking pool and LOW ENTROPY AT BOOT, the STATE of the PRNG can be determined until external entropy is too high attack_outcome
NON-BLOCKING-POOL seed_t1 EXTRACTION (PULL) 63 31 0 seconds nseconds Using the PRNG against itself ● Recall: Low boot-time entropy degenerates the PRNG and that the output of the PRNG is hashed twice using SHA1. ● Fact: Crypto. hash functions are designed to be collision resistant. attack_leak NON-BLOCKING-POOL EXTRACTION (PULL) ≠ seed_t2 seed_t1 63 31 0 seconds nseconds
NON-BLOCKING-POOL seed_t1 EXTRACTION (PULL) 63 31 0 seconds nseconds Using the PRNG against itself ● Recall: Low boot-time entropy degenerates the PRNG and that the output of the PRNG is hashed twice using SHA1. ● Fact: Crypto. hash functions are designed to be collision resistant. ● It is highly unlikely that PRNGs that are seeded with different seeds will result in the same output. Regardless of the order of extractions. attack_leak NON-BLOCKING-POOL EXTRACTION (PULL) ≠ seed_t2 seed_t1 63 31 0 seconds nseconds
NON-BLOCKING-POOL seed_t1 EXTRACTION (PULL) 63 31 0 seconds nseconds Using the PRNG against itself ● Recall: Low boot-time entropy degenerates the PRNG and that the output of the PRNG is hashed twice using SHA1. ● Fact: Crypto. hash functions are designed to be collision resistant. ● It is highly unlikely that PRNGs that are seeded with different seeds will result in the same output. Regardless of the order of extractions. ● Result: Every leak(sequence of random bytes) from the non blocking pool is almost certainly the offspring of one specific seed. attack_leak NON-BLOCKING-POOL EXTRACTION (PULL) ≠ seed_t2 seed_t1 63 31 0 seconds nseconds
Using the PRNG against itself ● Given a leak from the nonblocking pool of a “Real” PRNG we could simulate offline PRNGs with different seeds and compare extractions with the online leak. attack_overview REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
Using the PRNG against itself ● Given a leak from the nonblocking pool of a “Real” PRNG we could simulate offline PRNGs with different seeds and compare extractions with the online leak. ● Due to SHA1's collision resistance, if one of the simulated PRNGs produces a sequence of random bytes that is the same as the leak value – we almost certainly found the seed. attack_overview REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
Using the PRNG against itself ● Given a leak from the nonblocking pool of a “Real” PRNG we could simulate offline PRNGs with different seeds and compare extractions with the online leak. ● Due to SHA1's collision resistance, if one of the simulated PRNGs produces a sequence of random bytes that is the same as the leak value – we almost certainly found the seed. ● Once we have the seed we can produce the same outputs of the “Real” PRNG until noise from the Input pool is mixed to the Nonblocking pool attack_overview REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
Even After the mixing, the PRNG is vulnerable ● Note: in the whitepaper we demonstrated a more intricate attack flow attack_overview REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
Problems we faced: ● The Nonblocking pool seed is 8 bytes long, Say we consider only the nanoseconds and assuming uniform distribution attack_overview 10 9 =2 log2 (10 9 ) ≃2 30 63 31 0 seconds nanoseconds REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
Problems we faced: ● The Nonblocking pool seed is 8 bytes long, Say we consider only the nanoseconds and assuming uniform distribution ● Hidden entropy source – Concurrency attack_overview 10 9 =2 log2 (10 9 ) ≃2 30 REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE 1 2 3 4 3 4 POOL STATE Yellow Path - Process A: extract from pool - Process A: mix into pool - Process B: extract from pool - Process B: mix into pool Green Path - Process A: extract from pool - Process B: extract from pool - Process A: mix into pool - Process B: mix into pool
Problems we faced: ● The Nonblocking pool seed is 8 bytes long, Say we consider only the nanoseconds and assuming uniform distribution ● Hidden entropy source – Concurrency ● What can be attacked? ● Where can we get the leak value? attack_overview 10 9 =2 log2 (10 9 ) ≃2 30 REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
Where can we find leaks and attack targets ? attack_overview Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on
Terminology attack_overview Device powers on Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Kernel Boot-time Leak/Target Platform Boot-time Leak/Target Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target
1st Attack Vector Malware → PRNG Seed → Keystore's Canary
Instrumenting a device ● Samsung Galaxy S4, Android 4.3 s4_offline_study
Instrumenting a device ● Samsung Galaxy S4, Android 4.3 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets s4_offline_study
Instrumenting a device ● Samsung Galaxy S4, Android 4.3 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets ● Fixed the seeds to see catch some bias in the order of extractions – find bias in conc. s4_offline_study
Instrumenting a device ● Samsung Galaxy S4, Android 4.3 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets ● Fixed the seeds to see catch some bias in the order of extractions – find bias in conc. ● In total, we rebooted(script) the device more than 2000 times, each time we dumped the kernel ring buffer to a file. s4_offline_study
Details s4_attack_leak Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on Platform Boot-time Leak/Target
Details ● Android designers chose to spawn every app process by forking a master process – Zygote s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
Details ● Android designers chose to spawn every app process by forking a master process – Zygote ● Zygote(app_process) is fork'ed and exec'ed by init at platform boot-time s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
Details ● Android designers chose to spawn every app process by forking a master process – Zygote ● Zygote(app_process) is fork'ed and exec'ed by init at platform boot-time ● *nix-like vs. App process creation model. Exec() ? s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
Details ● Android designers chose to spawn every app process by forking a master process – Zygote ● Zygote(app_process) is fork'ed and exec'ed by init at platform boot-time ● *nix-like vs. App process creation model. Exec() ? ● Recall: exec() enforces ASLR and assigns the AT_RANDOM s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
Details ● Result: All Applications in Android has the same Canary value (AT_RANDOM) and largely the same address space layout s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... fork() AUXV(AT_RANDOM) Zygote Linux PRNG AUXV(AT_RANDOM) – Zygote's WhatsApp AUXV(AT_RANDOM) – Zygote's Contacts AUXV(AT_RANDOM) – Zygote's MALWARE fork() leak/target
Details ● Result: All Applications in Android has the same Canary value (AT_RANDOM) and largely the same address space layout s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... fork() AUXV(AT_RANDOM) Zygote Linux PRNG AUXV(AT_RANDOM) – Zygote's WhatsApp AUXV(AT_RANDOM) – Zygote's Contacts AUXV(AT_RANDOM) – Zygote's MALWARE fork() fork() leak/target
s4_attack_leak_concurrency REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a leak, what's the probability of finding the original seed ? ● Zygote's AT_RANDOM is our leak It's a platform boot-time leak, which means It occurs in the 'Concurrency Hell' phase leak/target
s4_attack_leak_concurrency REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a leak, what's the probability of finding the original seed ? ● Zygote's AT_RANDOM is our leak It's a platform boot-time leak, which means It occurs in the 'Concurrency Hell' phase ● An offline study of the samples revealed bias towards a specific extraction path from the nonblocking pool leak/target
s4_attack_leak_concurrency REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a leak, what's the probability of finding the original seed ? ● Zygote's AT_RANDOM is our leak It's a platform boot-time leak, which means It occurs in the 'Concurrency Hell' phase ● An offline study of the samples revealed bias towards a specific extraction path from the nonblocking pool ● 20% of the samples had Zygote's AT_RANDOM bytes somewhere in the extraction path leak/target
s4_attack_leak_concurrency REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a leak, what's the probability of finding the original seed ? ● Given a leak and assuming we try all 230 possible seeds the chance is leak/target 1 5
H (snb)=23.5bits s4_non-blocking_seed REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
= LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE s4_attack_targets leak/target Given a seed, Probabilities of finding the canary of early boot services
= LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a seed, Probabilities of finding the canary of early boot services SIM. PRNG seed_t_k RANDOM VALUE s4_attack_targets leak/target 6 100
= LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given Zygote's AT_RANDOM, the probability of guessing the Keystore's canary value is: SIM. PRNG seed_t_k RANDOM VALUE s4_attack_targets leak/target 1 5 ⋅ 6 100 ≃0.01→1% Remember where we came from... we needed to guess 32 random bits
= LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given Zygote's AT_RANDOM, the probability of guessing the Keystore's canary value is: SIM. PRNG seed_t_k RANDOM VALUE s4_attack_targets leak/target 1 5 ⋅ 6 100 ≃0.01→1% 1 232 ≃0.00000000023→0.000000023%
DEMO s4_demo = LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE leak/target
2nd Attack Vector Ping6 → PRNG Seed → IPv6 Fragment Injection & Getting Keystore's Canary
Instrumenting a device ● Samsung Galaxy S2, Android 4.1.2 s2_offline_study
Instrumenting a device ● Samsung Galaxy S2, Android 4.1.2 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets s2_offline_study
Instrumenting a device ● Samsung Galaxy S2, Android 4.1.2 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets ● Fixed the seeds to see catch some bias in the order of extractions – find bias in conc. s2_offline_study
Instrumenting a device ● Samsung Galaxy S2, Android 4.1.2 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets ● Fixed the seeds to see catch some bias in the order of extractions – find bias in conc. ● In total, we rebooted(script) the device more than 2000 times, each time we dumped the kernel ring buffer to a file. s2_offline_study
Details s2_attack_leak Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on Kernel Boot-time Leak/Target
Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. s2_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. ● IPv6 packet fragment identifier is computed by a deterministic function. s2_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target f(rand, ipv6_dst_addr)=ipv6_frag_id
Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. ● IPv6 packet fragment identifier is computed by a deterministic function. ● The pair (ipv6_dst_addr,ipv6_frag_id) is our leak. Why? s2_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target f(rand, ipv6_dst_addr)=ipv6_frag_id
Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. ● IPv6 packet fragment identifier is computed by a deterministic function. ● The pair (ipv6_dst_addr,ipv6_frag_id) is our leak. Why? ● We simulate PRNGs up to rand, and feed it to the deterministic function f s2_attack_leak REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target f(rand, ipv6_dst_addr)=ipv6_frag_id
Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. ● IPv6 packet fragment identifier is computed by a deterministic function. ● The pair (ipv6_dst_addr,ipv6_frag_id) is our leak. Why? ● We simulate PRNGs up to rand, and feed it to the deterministic function f ● OK, fine, but how did you get ipv6_dst_addr? s2_attack_leak REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target f(rand, ipv6_dst_addr)=ipv6_frag_id
IPv6 fragmentation & ICMPv6 Echo Req. ● IP packets that exceed the path MTU, are divided into fragments which are sent and then reassembled by receiver. s2_attack_leak leak/target
IPv6 fragmentation & ICMPv6 Echo Req. ● IP packets that exceed the path MTU, are divided into fragments which are sent and then reassembled by receiver. ● Each fragment of the packet contains the same fragment id. Which is used by the receiver to identify fragments of a packet. s2_attack_leak leak/target
IPv6 fragmentation & ICMPv6 Echo Req. ● IP packets that exceed the path MTU, are divided into fragments which are sent and then reassembled by receiver. ● Each fragment of the packet contains the same fragment id. Which is used by the receiver to identify fragments of a packet. ● IPv6 fragmentation doesn't happen very often. How do we make it happen ? s2_attack_leak leak/target
IPv6 fragmentation & ICMPv6 Echo Req. ● Ping6 – a utility for sending ICMPv6 Echo Requests which requires the target to send an ICMPv6 Echo Replay with the exactly the same data. s2_attack_leak leak/target
IPv6 fragmentation & ICMPv6 Echo Req. ● Ping6 – a utility for sending ICMPv6 Echo Requests which requires the target to send an ICMPv6 Echo Replay with the exactly the same data. ● Result: Sending ICMPv6 Echo Request with data > MTU will make the receiver send a fragmented reply s2_attack_leak leak/target
s2_attack_get_leak Amsterdam Schiphol Airport REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
s2_attack_get_leak Amsterdam Schiphol Airport A REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
s2_attack_get_leak Amsterdam Schiphol Airport SSID= Schiphol Free A REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
s2_attack_get_leak Amsterdam Schiphol Airport SSID= Schiphol Free A V REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
s2_attack_get_leak Amsterdam Schiphol Airport SSID= Schiphol Free Fragmented ICMPv6 Echo Request A V REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
s2_attack_get_leak Amsterdam Schiphol Airport SSID= Schiphol Free Fragmented ICMPv6 Echo Request Fragmented ICMPv6 Echo Reply A V REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
s2_attack_get_leak Amsterdam Schiphol Airport SSID= Schiphol Free Fragmented ICMPv6 Echo Request Fragmented ICMPv6 Echo Reply Attacker got the leak: ● V computed ipv6_frag_id with A's ipv6_src_addr ● A knows ipv6_frag_id and ipv6_dst_addr. REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target A V
s2_attack_finding_seed REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n Given the leak we find the seed H (snb)=18.4bits leak/target
s2_attack_targets REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n Given the seed what can we attack ? ● IPv6 Fragment injection – We can derive the exact fragment id V will use for any destination address. leak/target
s2_attack_targets REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n Given the seed what can we attack ? ● IPv6 Fragment injection – We can derive the exact fragment id V will use for any destination address. ● Canary value of early boot services. For instance, with a probability of 1/20 we can compute Keystore's canary value, given the seed. targetleak
= ipv6_frag_id ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n SIM. PRNG seed_t_k RANDOM VALUE s2_attack_targets Probabilities of finding the canary of early boot services leak target
Mitigations
mitigations Current mitigations ● Save entropy across boots INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
mitigations Current mitigations ● Save entropy across boots ● Trusted external entropy injection – web service / HWRNG INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
mitigations Problem with those mitigations Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on Injecting Entropy to Pools Entropy
mitigations Problem with those mitigations Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on Kernel Boot-time Leak/Target Injecting Entropy to Pools Entropy Entropy injection occurs after the kernel boots up
mitigations Current mitigations ● Initialize the seeds using a hardware RNG ● RDRAND,RDSEED Intel's ISA ● Early random, Qualcomm INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
mitigations Current mitigations ● Initialize the seeds using a hardware RNG ● RDRAND,RDSEED Intel's ISA ● Early random, Qualcomm ● Mix device-specific data to nonblocking and blocking pools INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
mitigations Current mitigations ● Initialize the seeds using a hardware RNG ● RDRAND,RDSEED Intel's ISA ● Early random, Qualcomm ● Mix device-specific data to nonblocking and blocking pools ● Changes to newer kernels allow for more boot time entropy INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
talk_wrap_up • Linux-based devices with low boot time entropy may allow a practical, low-cost attack on the PRNG • The attack requires an offline study of a device and an online leak • Allows the attacker to predict a random number which is generated by the victim's PRNG • Two manifestations - Local/Remote Atk. • Mitigations
? Thank you Thanks Nadja Kahan for the illustrations ! http://www.nadjakahan.com

More Related Content

PPTX
Secure coding for developers
sluge
 
PDF
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...
CODE BLUE
 
PDF
Can We Prevent Use-after-free Attacks?
inaz2
 
PDF
Take a Jailbreak -Stunning Guards for iOS Jailbreak- by Kaoru Otsuka
CODE BLUE
 
PDF
Advanced Evasion Techniques by Win32/Gapz
Alex Matrosov
 
PDF
DeathNote of Microsoft Windows Kernel
Peter Hlavaty
 
PPTX
ShinoBOT Suite
Shota Shinogi
 
PDF
Использование KASan для автономного гипервизора
Positive Hack Days
 
Secure coding for developers
sluge
 
For the Greater Good: Leveraging VMware's RPC Interface for fun and profit by...
CODE BLUE
 
Can We Prevent Use-after-free Attacks?
inaz2
 
Take a Jailbreak -Stunning Guards for iOS Jailbreak- by Kaoru Otsuka
CODE BLUE
 
Advanced Evasion Techniques by Win32/Gapz
Alex Matrosov
 
DeathNote of Microsoft Windows Kernel
Peter Hlavaty
 
ShinoBOT Suite
Shota Shinogi
 
Использование KASan для автономного гипервизора
Positive Hack Days
 

What's hot (20)

PDF
How to Root 10 Million Phones with One Exploit
Jiahong Fang
 
PDF
syzbot and the tale of million kernel bugs
Dmitry Vyukov
 
PDF
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Maksim Shudrak
 
PDF
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Maksim Shudrak
 
PPTX
Memory Corruption: from sandbox to SMM
Positive Hack Days
 
PDF
john-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types Later
Positive Hack Days
 
PDF
Introduction to Memory Exploitation (CppEurope 2021)
Patricia Aas
 
PPT
OWASP Much ado about randomness
Aleksandr Yampolskiy
 
PDF
Chromium Sandbox on Linux (BlackHoodie 2018)
Patricia Aas
 
PDF
Статический анализ кода в контексте SSDL
Positive Hack Days
 
PDF
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
RootedCON
 
PDF
Specializing the Data Path - Hooking into the Linux Network Stack
Kernel TLV
 
PDF
One Shellcode to Rule Them All: Cross-Platform Exploitation
Quinn Wilton
 
PDF
Reconstructing Gapz: Position-Independent Code Analysis Problem
Alex Matrosov
 
PDF
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CanSecWest
 
PDF
Kernel Recipes 2014 - Writing Code: Keep It Short, Stupid!
Anne Nicolas
 
PPTX
08 - Return Oriented Programming, the chosen one
Alexandre Moneger
 
PDF
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
CODE BLUE
 
PDF
Linux: the first second
Alison Chaiken
 
PPTX
PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...
CODE BLUE
 
How to Root 10 Million Phones with One Exploit
Jiahong Fang
 
syzbot and the tale of million kernel bugs
Dmitry Vyukov
 
Fuzzing malware for fun & profit. Applying Coverage-Guided Fuzzing to Find Bu...
Maksim Shudrak
 
Zero bugs found? Hold my beer AFL! how to improve coverage-guided fuzzing and...
Maksim Shudrak
 
Memory Corruption: from sandbox to SMM
Positive Hack Days
 
john-devkit: 100 типов хешей спустя / john-devkit: 100 Hash Types Later
Positive Hack Days
 
Introduction to Memory Exploitation (CppEurope 2021)
Patricia Aas
 
OWASP Much ado about randomness
Aleksandr Yampolskiy
 
Chromium Sandbox on Linux (BlackHoodie 2018)
Patricia Aas
 
Статический анализ кода в контексте SSDL
Positive Hack Days
 
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...
RootedCON
 
Specializing the Data Path - Hooking into the Linux Network Stack
Kernel TLV
 
One Shellcode to Rule Them All: Cross-Platform Exploitation
Quinn Wilton
 
Reconstructing Gapz: Position-Independent Code Analysis Problem
Alex Matrosov
 
CSW2017 Amanda rousseau cansecwest2017_net_hijacking_powershell
CanSecWest
 
Kernel Recipes 2014 - Writing Code: Keep It Short, Stupid!
Anne Nicolas
 
08 - Return Oriented Programming, the chosen one
Alexandre Moneger
 
[CB17] Trueseeing: Effective Dataflow Analysis over Dalvik Opcodes
CODE BLUE
 
Linux: the first second
Alison Chaiken
 
PowerShell Inside Out: Applied .NET Hacking for Enhanced Visibility by Satosh...
CODE BLUE
 
Ad

Similar to [Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices (20)

PDF
[Usenix's WOOT'14] Attacking the Linux PRNG and Android - Weaknesses in Seedi...
srkedmi
 
PDF
CNIT 141: 2. Randomness
Sam Bowne
 
PDF
How to exploit rand()?
Dharmalingam Ganesan
 
PDF
Linux randomnumbergenerator
jhonce
 
PDF
inside-linux-kernel-rng-presentation-sept-13-2022.pdf
xiso
 
PDF
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Aaron Zauner
 
PDF
Sullivan randomness-infiltrate 2014
Cloudflare
 
PPT
Much ado about randomness. What is really a random number?
Aleksandr Yampolskiy
 
PDF
Filippo, Plain simple reality of entropy
PacSecJP
 
PPTX
Linux binary analysis and exploitation
Dharmalingam Ganesan
 
PDF
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
eurobsdcon
 
PDF
Trust boundaries - Confidence 2015
Logicaltrust pl
 
PDF
Intel Random Number Generator
XequeMateShannon
 
PDF
Master Canary Forging by Yuki Koike - CODE BLUE 2015
CODE BLUE
 
PDF
What is pseudo random number
Akshay Tikekar
 
PDF
Erlang, random numbers, and the security: London Erlang User Group Talk Slide...
Kenji Rikitake
 
PPTX
Information and network security 30 random numbers
Vaibhav Khanna
 
PDF
J45015460
IJERA Editor
 
PDF
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
iphonepentest
 
PDF
When Crypto Attacks! (Yahoo 2009)
Nate Lawson
 
[Usenix's WOOT'14] Attacking the Linux PRNG and Android - Weaknesses in Seedi...
srkedmi
 
CNIT 141: 2. Randomness
Sam Bowne
 
How to exploit rand()?
Dharmalingam Ganesan
 
Linux randomnumbergenerator
jhonce
 
inside-linux-kernel-rng-presentation-sept-13-2022.pdf
xiso
 
Because "use urandom" isn't everything: a deep dive into CSPRNGs in Operating...
Aaron Zauner
 
Sullivan randomness-infiltrate 2014
Cloudflare
 
Much ado about randomness. What is really a random number?
Aleksandr Yampolskiy
 
Filippo, Plain simple reality of entropy
PacSecJP
 
Linux binary analysis and exploitation
Dharmalingam Ganesan
 
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
eurobsdcon
 
Trust boundaries - Confidence 2015
Logicaltrust pl
 
Intel Random Number Generator
XequeMateShannon
 
Master Canary Forging by Yuki Koike - CODE BLUE 2015
CODE BLUE
 
What is pseudo random number
Akshay Tikekar
 
Erlang, random numbers, and the security: London Erlang User Group Talk Slide...
Kenji Rikitake
 
Information and network security 30 random numbers
Vaibhav Khanna
 
J45015460
IJERA Editor
 
Breaking Secure Mobile Applications - Hack In The Box 2014 KL
iphonepentest
 
When Crypto Attacks! (Yahoo 2009)
Nate Lawson
 
Ad

Recently uploaded (20)

PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPT
Teaching material agriculture food technology
LiaRayya
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Approach and Philosophy of On baking technology
30anthuong17
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Teaching material agriculture food technology
LiaRayya
 

[Blackhat EU'14] Attacking the Linux PRNG on Android and Embedded Devices

  • 1. Attacking the Linux PRNG on Android & Embedded Devices David Kaplan, Sagi Kedmi, Roee Hay & Avi Dayan IBM Security Systems
  • 2. agenda • Motivation and Introduction • Linux Random Number Generator
  • 3. agenda • Motivation and Introduction • Linux Random Number Generator • Our Attack • 1st Attack Vector – Local Atk. • Demo • 2nd Attack Vector – Remote Atk.
  • 4. agenda • Motivation and Introduction • Linux Random Number Generator • Our Attack • 1st Attack Vector – Local Atk. • Demo • 2nd Attack Vector – Remote Atk. • Mitigations
  • 6. motivation_keystore_buffer_overflow • We discovered CVE-2014-3100, a stack-based Buffer Overflow in Keystore • Service responsible for securely storing crypto related data • We had privately reported to Google and they provided a patch available in KITKAT. Whitepaper. • Exploit must overcome various defense mechanisms, including Stack Canaries. /* KeyStore is a secured storage for key-value pairs. In this implementation, * each file stores one key-value pair. Keys are encoded in file names, and * values are encrypted with checksums. The encryption key is protected by a * user-defined password. To keep things simple, buffers are always larger than * the maximum space we needed, so boundary checks on buffers are omitted. */
  • 7. motivation_keystore_buffer_overflow Stack canaries and their enforcement LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits • On libbionic load: __stack_chk_guard = *(uintptr_t *)getauxval(AT_RANDOM)); • Function Prologue: ● Place __stack_chk_guard on the stack (before ret). • Function Epilogue: ● Compare saved stack canary with __stack_chk_guard; → Crash if mismatch
  • 8. motivation_keystore_buffer_overflow Stack canaries and their enforcement LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits • On libbionic load: __stack_chk_guard = *(uintptr_t *)getauxval(AT_RANDOM)); • Function Prologue: ● Place __stack_chk_guard on the stack (before ret). • Function Epilogue: ● Compare saved stack canary with __stack_chk_guard; → Crash if mismatch ● fork() → execve(). ● execve() → Auxiliary vector (AUXV) ● AUXV[AT_RANDOM] = 16 Random bytes from the PRNG ● libbionic assigns canary = first 4 bytes of AT_RANDOM Canary origins; *nix process creation model
  • 9. motivation_keystore_buffer_overflow Stack canaries and their enforcement LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits • On libbionic load: __stack_chk_guard = *(uintptr_t *)getauxval(AT_RANDOM)); • Function Prologue: ● Place __stack_chk_guard on the stack (before ret). • Function Epilogue: ● Compare saved stack canary with __stack_chk_guard; → Crash if mismatch ● fork() → execve(). ● execve() → Auxiliary vector (AUXV) ● AUXV[AT_RANDOM] = 16 Random bytes from the PRNG ● libbionic assigns canary = first 4 bytes of AT_RANDOM Canary origins; *nix process creation model Remember this; We'll get back to it
  • 10. motivation_keystore_buffer_overflow LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits Attacks on the Stack-Smashing Protection: • Naive Online Bruteforce of the Canary Value • Impractical: 2^32 attempts on average.
  • 11. motivation_keystore_buffer_overflow LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) __stack_chk_guard Stack Guard initialization 32 bits 128 bits Attacks on the Stack-Smashing Protection: • Naive Online Bruteforce of the Canary Value • Impractical: 2^32 attempts on average. • Online Learning of the Canary Value • By another info leak issue • Re-forking server: • Very efficient: 514 attempts until success on average
  • 12. motivation_keystore_buffer_overflow LR Saved Registers Canary (32 bits) Buffer Stack layout Linux PRNG AUXV(AT_RANDOM) Stack Guard initialization 32 bits 128 bits __stack_chk_guard Attacks on the Stack-Smashing Protection: • Naive Online Bruteforce of the Canary Value • Impractical: 2^32 attempts on average. • Online Learning of the Canary Value • By another info leak issue • Re-forking server: • Very efficient: 514 attempts until success on average • Overwrite __stack_chk_guard • By overwriting some pointer
  • 13. motivation_keystore_buffer_overflow LR Saved Registers Canary (32 bits) Buffer Attacks on the Stack-Smashing Protection: • Naive Online Bruteforce of the Canary Value • Impractical: 2^32 attempts on average. • Online Learning of the Canary Value • By another info leak issue • Re-forking server: • Very efficient: 514 attempts until success on average • Overwrite __stack_chk_guard • By overwriting some pointer • Our attack: Offline reconstruction of the PRNG’s internal state Stack layout Linux PRNG AUXV(AT_RANDOM) Stack Guard initialization 32 bits 128 bits __stack_chk_guard__stack_chk_guard__stack_chk_guard
  • 14. motivation_wrap_up LR Saved Registers Canary (32 bits) Buffer Wrap things up: • We found a vulnerability in a critical service in Android 4.3. • In an effort to exploit it, we had to overcome a stack canary, we couldn't do so using known techniques. • Canaries are 4 random bytes that are extracted from the Linux PRNG. • Aimed to find a weakness in the PRNG that will allow us to intelligently guess the canary. • End up with a full-fledged attack on the Linux PRNG. Stack layout Linux PRNG AUXV(AT_RANDOM) Stack Guard initialization 32 bits 128 bits __stack_chk_guard__stack_chk_guard__stack_chk_guard
  • 16. INPUT POOL BLOCKING POOL NON-BLOCKING POOL /dev/urandom /dev/random get_random_bytes() lprng_overview Bird's eye view • Output is hashed twice using SHA1 • Extracts in blocks of 10 bytes and truncates if necessary.
  • 17. INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) INTERRUPT DISK INPUT T I M E R time if KEC >= 192 bits *KEC = Kernel Entropy Count entropy_sources 63 31 0 seconds nanoseconds
  • 18. INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) INTERRUPT DISK INPUT T I M E R time if KEC < 192 bits *KEC = Kernel Entropy Count boot_time_vulnerability 63 31 0 seconds nanoseconds
  • 20. boot_timeline Device powers on Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready May occur In different order
  • 22. Prior art on weakness in early boot * Present practical run-time attack Formalize attack Demonstrate PoC against current mobile platforms contribution * Heninger et al. 2012, Becherer et al. 2009, Ding et al. 2014
  • 23. Given a LEAK of a value extracted from the non-blocking pool and LOW ENTROPY AT BOOT, the STATE of the PRNG can be determined until external entropy is too high attack_outcome
  • 24. NON-BLOCKING-POOL seed_t1 EXTRACTION (PULL) 63 31 0 seconds nseconds Using the PRNG against itself ● Recall: Low boot-time entropy degenerates the PRNG and that the output of the PRNG is hashed twice using SHA1. ● Fact: Crypto. hash functions are designed to be collision resistant. attack_leak NON-BLOCKING-POOL EXTRACTION (PULL) ≠ seed_t2 seed_t1 63 31 0 seconds nseconds
  • 25. NON-BLOCKING-POOL seed_t1 EXTRACTION (PULL) 63 31 0 seconds nseconds Using the PRNG against itself ● Recall: Low boot-time entropy degenerates the PRNG and that the output of the PRNG is hashed twice using SHA1. ● Fact: Crypto. hash functions are designed to be collision resistant. ● It is highly unlikely that PRNGs that are seeded with different seeds will result in the same output. Regardless of the order of extractions. attack_leak NON-BLOCKING-POOL EXTRACTION (PULL) ≠ seed_t2 seed_t1 63 31 0 seconds nseconds
  • 26. NON-BLOCKING-POOL seed_t1 EXTRACTION (PULL) 63 31 0 seconds nseconds Using the PRNG against itself ● Recall: Low boot-time entropy degenerates the PRNG and that the output of the PRNG is hashed twice using SHA1. ● Fact: Crypto. hash functions are designed to be collision resistant. ● It is highly unlikely that PRNGs that are seeded with different seeds will result in the same output. Regardless of the order of extractions. ● Result: Every leak(sequence of random bytes) from the non blocking pool is almost certainly the offspring of one specific seed. attack_leak NON-BLOCKING-POOL EXTRACTION (PULL) ≠ seed_t2 seed_t1 63 31 0 seconds nseconds
  • 27. Using the PRNG against itself ● Given a leak from the nonblocking pool of a “Real” PRNG we could simulate offline PRNGs with different seeds and compare extractions with the online leak. attack_overview REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
  • 28. Using the PRNG against itself ● Given a leak from the nonblocking pool of a “Real” PRNG we could simulate offline PRNGs with different seeds and compare extractions with the online leak. ● Due to SHA1's collision resistance, if one of the simulated PRNGs produces a sequence of random bytes that is the same as the leak value – we almost certainly found the seed. attack_overview REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
  • 29. Using the PRNG against itself ● Given a leak from the nonblocking pool of a “Real” PRNG we could simulate offline PRNGs with different seeds and compare extractions with the online leak. ● Due to SHA1's collision resistance, if one of the simulated PRNGs produces a sequence of random bytes that is the same as the leak value – we almost certainly found the seed. ● Once we have the seed we can produce the same outputs of the “Real” PRNG until noise from the Input pool is mixed to the Nonblocking pool attack_overview REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
  • 30. Even After the mixing, the PRNG is vulnerable ● Note: in the whitepaper we demonstrated a more intricate attack flow attack_overview REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
  • 31. Problems we faced: ● The Nonblocking pool seed is 8 bytes long, Say we consider only the nanoseconds and assuming uniform distribution attack_overview 10 9 =2 log2 (10 9 ) ≃2 30 63 31 0 seconds nanoseconds REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
  • 32. Problems we faced: ● The Nonblocking pool seed is 8 bytes long, Say we consider only the nanoseconds and assuming uniform distribution ● Hidden entropy source – Concurrency attack_overview 10 9 =2 log2 (10 9 ) ≃2 30 REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE 1 2 3 4 3 4 POOL STATE Yellow Path - Process A: extract from pool - Process A: mix into pool - Process B: extract from pool - Process B: mix into pool Green Path - Process A: extract from pool - Process B: extract from pool - Process A: mix into pool - Process B: mix into pool
  • 33. Problems we faced: ● The Nonblocking pool seed is 8 bytes long, Say we consider only the nanoseconds and assuming uniform distribution ● Hidden entropy source – Concurrency ● What can be attacked? ● Where can we get the leak value? attack_overview 10 9 =2 log2 (10 9 ) ≃2 30 REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE
  • 34. Where can we find leaks and attack targets ? attack_overview Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on
  • 35. Terminology attack_overview Device powers on Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Kernel Boot-time Leak/Target Platform Boot-time Leak/Target Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target
  • 36. 1st Attack Vector Malware → PRNG Seed → Keystore's Canary
  • 37. Instrumenting a device ● Samsung Galaxy S4, Android 4.3 s4_offline_study
  • 38. Instrumenting a device ● Samsung Galaxy S4, Android 4.3 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets s4_offline_study
  • 39. Instrumenting a device ● Samsung Galaxy S4, Android 4.3 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets ● Fixed the seeds to see catch some bias in the order of extractions – find bias in conc. s4_offline_study
  • 40. Instrumenting a device ● Samsung Galaxy S4, Android 4.3 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets ● Fixed the seeds to see catch some bias in the order of extractions – find bias in conc. ● In total, we rebooted(script) the device more than 2000 times, each time we dumped the kernel ring buffer to a file. s4_offline_study
  • 41. Details s4_attack_leak Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on Platform Boot-time Leak/Target
  • 42. Details ● Android designers chose to spawn every app process by forking a master process – Zygote s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
  • 43. Details ● Android designers chose to spawn every app process by forking a master process – Zygote ● Zygote(app_process) is fork'ed and exec'ed by init at platform boot-time s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
  • 44. Details ● Android designers chose to spawn every app process by forking a master process – Zygote ● Zygote(app_process) is fork'ed and exec'ed by init at platform boot-time ● *nix-like vs. App process creation model. Exec() ? s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
  • 45. Details ● Android designers chose to spawn every app process by forking a master process – Zygote ● Zygote(app_process) is fork'ed and exec'ed by init at platform boot-time ● *nix-like vs. App process creation model. Exec() ? ● Recall: exec() enforces ASLR and assigns the AT_RANDOM s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
  • 46. Details ● Result: All Applications in Android has the same Canary value (AT_RANDOM) and largely the same address space layout s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... fork() AUXV(AT_RANDOM) Zygote Linux PRNG AUXV(AT_RANDOM) – Zygote's WhatsApp AUXV(AT_RANDOM) – Zygote's Contacts AUXV(AT_RANDOM) – Zygote's MALWARE fork() leak/target
  • 47. Details ● Result: All Applications in Android has the same Canary value (AT_RANDOM) and largely the same address space layout s4_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... fork() AUXV(AT_RANDOM) Zygote Linux PRNG AUXV(AT_RANDOM) – Zygote's WhatsApp AUXV(AT_RANDOM) – Zygote's Contacts AUXV(AT_RANDOM) – Zygote's MALWARE fork() fork() leak/target
  • 48. s4_attack_leak_concurrency REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a leak, what's the probability of finding the original seed ? ● Zygote's AT_RANDOM is our leak It's a platform boot-time leak, which means It occurs in the 'Concurrency Hell' phase leak/target
  • 49. s4_attack_leak_concurrency REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a leak, what's the probability of finding the original seed ? ● Zygote's AT_RANDOM is our leak It's a platform boot-time leak, which means It occurs in the 'Concurrency Hell' phase ● An offline study of the samples revealed bias towards a specific extraction path from the nonblocking pool leak/target
  • 50. s4_attack_leak_concurrency REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a leak, what's the probability of finding the original seed ? ● Zygote's AT_RANDOM is our leak It's a platform boot-time leak, which means It occurs in the 'Concurrency Hell' phase ● An offline study of the samples revealed bias towards a specific extraction path from the nonblocking pool ● 20% of the samples had Zygote's AT_RANDOM bytes somewhere in the extraction path leak/target
  • 51. s4_attack_leak_concurrency REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a leak, what's the probability of finding the original seed ? ● Given a leak and assuming we try all 230 possible seeds the chance is leak/target 1 5
  • 52. H (snb)=23.5bits s4_non-blocking_seed REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
  • 53. = LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE s4_attack_targets leak/target Given a seed, Probabilities of finding the canary of early boot services
  • 54. = LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given a seed, Probabilities of finding the canary of early boot services SIM. PRNG seed_t_k RANDOM VALUE s4_attack_targets leak/target 6 100
  • 55. = LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given Zygote's AT_RANDOM, the probability of guessing the Keystore's canary value is: SIM. PRNG seed_t_k RANDOM VALUE s4_attack_targets leak/target 1 5 ⋅ 6 100 ≃0.01→1% Remember where we came from... we needed to guess 32 random bits
  • 56. = LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... Given Zygote's AT_RANDOM, the probability of guessing the Keystore's canary value is: SIM. PRNG seed_t_k RANDOM VALUE s4_attack_targets leak/target 1 5 ⋅ 6 100 ≃0.01→1% 1 232 ≃0.00000000023→0.000000023%
  • 57. DEMO s4_demo = LEAK ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... SIM. PRNG seed_t_k RANDOM VALUE leak/target
  • 58. 2nd Attack Vector Ping6 → PRNG Seed → IPv6 Fragment Injection & Getting Keystore's Canary
  • 59. Instrumenting a device ● Samsung Galaxy S2, Android 4.1.2 s2_offline_study
  • 60. Instrumenting a device ● Samsung Galaxy S2, Android 4.1.2 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets s2_offline_study
  • 61. Instrumenting a device ● Samsung Galaxy S2, Android 4.1.2 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets ● Fixed the seeds to see catch some bias in the order of extractions – find bias in conc. s2_offline_study
  • 62. Instrumenting a device ● Samsung Galaxy S2, Android 4.1.2 ● printk() input and nonblocking pool seeds - find a bias in the seed value ● printk() get_random_bytes() callers and amount of random bytes requested – find leak and attack targets ● Fixed the seeds to see catch some bias in the order of extractions – find bias in conc. ● In total, we rebooted(script) the device more than 2000 times, each time we dumped the kernel ring buffer to a file. s2_offline_study
  • 63. Details s2_attack_leak Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on Kernel Boot-time Leak/Target
  • 64. Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. s2_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target
  • 65. Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. ● IPv6 packet fragment identifier is computed by a deterministic function. s2_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target f(rand, ipv6_dst_addr)=ipv6_frag_id
  • 66. Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. ● IPv6 packet fragment identifier is computed by a deterministic function. ● The pair (ipv6_dst_addr,ipv6_frag_id) is our leak. Why? s2_attack_leak REAL PRNG = LEAK ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... leak/target f(rand, ipv6_dst_addr)=ipv6_frag_id
  • 67. Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. ● IPv6 packet fragment identifier is computed by a deterministic function. ● The pair (ipv6_dst_addr,ipv6_frag_id) is our leak. Why? ● We simulate PRNGs up to rand, and feed it to the deterministic function f s2_attack_leak REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target f(rand, ipv6_dst_addr)=ipv6_frag_id
  • 68. Details ● While the kernel is brought up, an IPv6 module initializes and extracts 4 random bytes. Lets call them rand. ● IPv6 packet fragment identifier is computed by a deterministic function. ● The pair (ipv6_dst_addr,ipv6_frag_id) is our leak. Why? ● We simulate PRNGs up to rand, and feed it to the deterministic function f ● OK, fine, but how did you get ipv6_dst_addr? s2_attack_leak REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target f(rand, ipv6_dst_addr)=ipv6_frag_id
  • 69. IPv6 fragmentation & ICMPv6 Echo Req. ● IP packets that exceed the path MTU, are divided into fragments which are sent and then reassembled by receiver. s2_attack_leak leak/target
  • 70. IPv6 fragmentation & ICMPv6 Echo Req. ● IP packets that exceed the path MTU, are divided into fragments which are sent and then reassembled by receiver. ● Each fragment of the packet contains the same fragment id. Which is used by the receiver to identify fragments of a packet. s2_attack_leak leak/target
  • 71. IPv6 fragmentation & ICMPv6 Echo Req. ● IP packets that exceed the path MTU, are divided into fragments which are sent and then reassembled by receiver. ● Each fragment of the packet contains the same fragment id. Which is used by the receiver to identify fragments of a packet. ● IPv6 fragmentation doesn't happen very often. How do we make it happen ? s2_attack_leak leak/target
  • 72. IPv6 fragmentation & ICMPv6 Echo Req. ● Ping6 – a utility for sending ICMPv6 Echo Requests which requires the target to send an ICMPv6 Echo Replay with the exactly the same data. s2_attack_leak leak/target
  • 73. IPv6 fragmentation & ICMPv6 Echo Req. ● Ping6 – a utility for sending ICMPv6 Echo Requests which requires the target to send an ICMPv6 Echo Replay with the exactly the same data. ● Result: Sending ICMPv6 Echo Request with data > MTU will make the receiver send a fragmented reply s2_attack_leak leak/target
  • 74. s2_attack_get_leak Amsterdam Schiphol Airport REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
  • 75. s2_attack_get_leak Amsterdam Schiphol Airport A REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
  • 77. s2_attack_get_leak Amsterdam Schiphol Airport SSID= Schiphol Free A V REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
  • 78. s2_attack_get_leak Amsterdam Schiphol Airport SSID= Schiphol Free Fragmented ICMPv6 Echo Request A V REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
  • 79. s2_attack_get_leak Amsterdam Schiphol Airport SSID= Schiphol Free Fragmented ICMPv6 Echo Request Fragmented ICMPv6 Echo Reply A V REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target
  • 80. s2_attack_get_leak Amsterdam Schiphol Airport SSID= Schiphol Free Fragmented ICMPv6 Echo Request Fragmented ICMPv6 Echo Reply Attacker got the leak: ● V computed ipv6_frag_id with A's ipv6_src_addr ● A knows ipv6_frag_id and ipv6_dst_addr. REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n leak/target A V
  • 81. s2_attack_finding_seed REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n Given the leak we find the seed H (snb)=18.4bits leak/target
  • 82. s2_attack_targets REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n Given the seed what can we attack ? ● IPv6 Fragment injection – We can derive the exact fragment id V will use for any destination address. leak/target
  • 83. s2_attack_targets REAL PRNG = ipv6_frag_id ? seed_t_k LEAK SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n Given the seed what can we attack ? ● IPv6 Fragment injection – We can derive the exact fragment id V will use for any destination address. ● Canary value of early boot services. For instance, with a probability of 1/20 we can compute Keystore's canary value, given the seed. targetleak
  • 84. = ipv6_frag_id ? SIM. PRNG seed_t_1 SIM. PRNG seed_t_k SIM . PRNG seed_t_n ... ... rand_t_1 rand_t_k f(rnd,dst) f(rnd,dst) f(rnd,dst) rand_t_n SIM. PRNG seed_t_k RANDOM VALUE s2_attack_targets Probabilities of finding the canary of early boot services leak target
  • 86. mitigations Current mitigations ● Save entropy across boots INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
  • 87. mitigations Current mitigations ● Save entropy across boots ● Trusted external entropy injection – web service / HWRNG INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
  • 88. mitigations Problem with those mitigations Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on Injecting Entropy to Pools Entropy
  • 89. mitigations Problem with those mitigations Kernel starts booting PRNG is initialized Kernel boot Finished & Platform starts booting Input Pool mixed into Nonblocking Pool :( Phone is ready Concurrency Hell Best Leak/Target Good Leak/Target Bad Leak/Target Device powers on Kernel Boot-time Leak/Target Injecting Entropy to Pools Entropy Entropy injection occurs after the kernel boots up
  • 90. mitigations Current mitigations ● Initialize the seeds using a hardware RNG ● RDRAND,RDSEED Intel's ISA ● Early random, Qualcomm INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
  • 91. mitigations Current mitigations ● Initialize the seeds using a hardware RNG ● RDRAND,RDSEED Intel's ISA ● Early random, Qualcomm ● Mix device-specific data to nonblocking and blocking pools INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
  • 92. mitigations Current mitigations ● Initialize the seeds using a hardware RNG ● RDRAND,RDSEED Intel's ISA ● Early random, Qualcomm ● Mix device-specific data to nonblocking and blocking pools ● Changes to newer kernels allow for more boot time entropy INPUT POOL NON-BLOCKING-POOL ktime_t ktime_t EXTRACTION (PULL) T I M E R INTERRUPT DISK INPUT time if KEC >= 192 bits
  • 93. talk_wrap_up • Linux-based devices with low boot time entropy may allow a practical, low-cost attack on the PRNG • The attack requires an offline study of a device and an online leak • Allows the attacker to predict a random number which is generated by the victim's PRNG • Two manifestations - Local/Remote Atk. • Mitigations
  • 94. ? Thank you Thanks Nadja Kahan for the illustrations ! http://www.nadjakahan.com