Using fault injection attacks for digital forensics
0 likes217 views
The document discusses the challenges and methods in digital forensics, particularly concerning encrypted devices and fault injection techniques. It highlights the increasing reliance on digital evidence in legal contexts and various methods to bypass encryption, including hardware vulnerabilities and fault injection. The presentation emphasizes the need for secure practices and countermeasures against such attacks in digital security.
Using fault injection attacks for digital forensics
- 1. 1 Using Fault Injection For Forensics 30 mins October 4, 2018 c0c0n Yashin Mehaboobe
- 2. 2 #whoami INTRODUCTION • Security Analyst, Riscure • Working on • Embedded Security • Fault Injection • Side Channel Analysis • Conference speaker • Caffeine enthusiast • NOT A LAWYER/LEO
- 3. 3 Digital Forensics INTRODUCTION • Recovery and subsequent investigation of data from digital devices • Sub discipline within forensics science • Increasingly more digital evidence being used in courts. • Allows for breakthroughs in otherwise difficult cases (BTK)
- 4. 4 The need for Digital Forensics INTRODUCTION http://www.pewinternet.org/fact-sheet/mobile/
- 5. 5 The need for Digital Forensics INTRODUCTION External drive, 84 Cell Phones, 228 Computers, 73 Video, 27 http://www.mshp.dps.missouri.gov/MSHPWeb/PatrolDivisions/DD CC/Units/ComputerForensicUnit/index.html
- 6. 6 Hurdle: Encrypted Devices INTRODUCTION • With rise of easy to use smartphones came easily encrypted devices • A large number of smartphones support disk encryption • Other encrypted devices such as encrypted HDDs and USB mass storage devices are also increasing in number • Termed as ‘warrant-proof’ by US DoJ (Due to 5th amendment issues)
- 7. 7 Hurdle: Encrypted Devices INTRODUCTION Source: Manhattan DA report on Report on Smartphone Encryption & Public Safety
- 8. 8 Overview of Encrypted Devices INTRODUCTION Controller w/ crypto Storage USB/SATA INPUT
- 9. 9 How do Encrypted Devices work INTRODUCTION • Storage usually encrypted with with AES-XTS • User input used as • Authentication • one of the inputs to the key derivation process • Issue with PIN based PBKDF only = Bruteforce • Also possible to store a seed and use it along with the PIN to derive the encryption key. • Most devices also have an auto erase function after n attempts
- 10. 10 Assets within an encrypted device INTRODUCTION • Core asset within an encrypted device = encryption key/stored data • If encryption key is the same across multiple devices = Scalable attack • Firmware = RE of encryption and key derivation process
- 11. 11 Example 1 : 2015 San Bernadino attack • Terror attack in California • Perpetrator had an encrypted iPhone 5C • Apple was subpoenaed but refused to decrypt • FBI found other ways to bypass encryption INTRODUCTION Photo courtesy: Kārlis Dambrāns
- 12. 12 Example 2: Paytsar Bkhchadzhyan INTRODUCTION • Suspect in Paris Hilton hacking case • Suspect had an encryption iPhone device protected by TouchID • An LA judge ruled that 5th amendment doesn’t cover biometrics • Suspect’s fingerprints were then used to unlock the device.
- 13. 13 Bypass 1 : Debug Ports • Serial port exposed • Unlock command identified • Replay allows access • Repeatable scalable attack INTRODUCTION https://elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way
- 14. 14 Bypass 2: Debug commands INTRODUCTION • Another device tested by Google researchers had debug commands enabled • Allowed them to dump the master password over USB • This was a scalable repeatable attack https://elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way
- 15. 15 Bypass 3: Outdated crypto INTRODUCTION • Some devices still use outdated cryptography like RC4 and RSA-512 • Vulnerable to various cryptographic attacks • Encrypting is not Securely encrypting https://elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way
- 16. 16INTRODUCTION
- 17. 17 Fault Injection INTRODUCTION • Fault injection is ‘altering the intended behavior of a chip by manipulating its environmental conditions’* • Can be used in various scenarios to bypass otherwise robust checks • Various types of fault injection: • EM • VCC • Clock • Optical * Timmers, Spruyt – Bypassing Secure Boot using Fault Injection
- 19. 19 Fault Injection INTRODUCTION Initialization Function 1 Security Function Function 2 Password=wrongpass1
- 20. 20 Fault Injection INTRODUCTION Initialization Function 1 Security Function Function 2 Password = wrongpass1
- 21. 21 Disabling modules Chip Destruction CMP R0,R1 BNE ERROR ... Skipping instructions Preventing R/W Flipping bits Effect of Glitching
- 22. 22 Bypass 4: Fault injection • FI is getting more viable for forensics • Multiple ways to accomplish this: • bypass authentication • extract the key from memory • extract the firmware to be analyzed later • prevent the attempts counter being incremented.
- 25. 25 DEMO
- 26. 26 Why Fault Injection + Forensics INTRODUCTION • Device might be immune to other attacks • Bruteforce++ via counter reset • FI firmware extraction = easier RE of firmware • Cross-device encryption key extraction
- 28. 28 Prevention INTRODUCTION • Fault injection attacks are not unstoppable • Countermeasures exist and have for a while • Smart cards have been reasonably secure against FI for a while • Ensure devices have hardware countermeasures • FI vulnerabilities are not always easy to identify. • Training developers allow for early detection
- 29. 29 Scalability INTRODUCTION • How scalable are these attacks? • Depends on implementation • Is the root key reused? • Is the firmware contents available? • Any usable attack vector found?
- 30. 30 Recap INTRODUCTION • Encrypted devices are rising in number • Multiple methods to bypass the security provided by these • Fault injection can be a valid attack path when others fail • Countermeasures can help mitigate fault injection
- 31. 31 Questions?
- 32. 32 Challenge your security Riscure B.V. Frontier Building, Delftechpark 49 2628 XJ Delft The Netherlands Phone: +31 15 251 40 90 www.riscure.com Riscure North America 550 Kearny St., Suite 330 San Francisco, CA 94108 USA Phone: +1 650 646 99 79 inforequest@riscure.com Riscure China Room 2030-31, No. 989, Changle Road Shanghai 200031, China Phone: +86 21 5117 5435 inforcn@riscure.com Yashin Mehaboobe Security Analyst mehaboobe@riscure.com