6.857 Lecture 13: Physical Attacks (aka “LosingSecrets”)October 31, 2005Readings:• “Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations,” byRoss Anderson and Markus Kuhn• “Optical Time-Domain Eavesdropping Risks of CRT Displays,” by Markus Kuhn• Optical Emission Security FAQ, by Markus Kuhn:http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html• “Low Cost Attacks on Tamper Resistant Devices,” by Ross Anderson and MarkusKuhn• “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Sys-tems,” by Paul Kocher• “Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies,”by Adi ShamirIn this lecture:• Hard disk storage• Tempest eavesdropping• Smartcards and other tamper-resistant devices:– (passive) power analysis — simple and differential– (active) power glitches– timing analysis– tamper (non)resistance1Today we’ll be looking at security in the physical, material “real world.” In contrastwith the many of the very important natural physical security risks (e.g., fire, flood, powerinterruption, storms, earthquakes, war, . . . ), we will be examining risks due to maliciousattackers. These risks are typically less obvious and more devastating than their naturalcounterparts.So far, all the cryptography we’ve seen has assumed that the machine storing the secretkeys and performing the cryptographic calculations is a perfect “black-box:” input comes in(i.e., a message to be encrypted), and output comes out (i.e., the ciphertext). The attackerhas no access to the internals of the machine and cannot observe it operating. Today we’llsee just how far from this ideal “black-box” model the real world is — there are many“side channels” that one can monitor passively, and sometimes one can even perform activeattacks on the machine. The moral of the story is that one must exercise great care in storingand computing with se crets. If possible, avoid trusting hardware to keep secrets for you,especially if it can fall into an attacker’s hands.1 Hard Disk StorageThere are a few levels at which data can be recovered from hard disks. There are dozensof firms (e.g., DriveSavers; Google “hard drive recovery” for many more) that offer varyinglevels of recovery, costing from hundred to tens of thousands of dollars, depending on damageto the data and physical media.1.1 “Deleted” files that aren’tFirst, the information in a “deleted” file is almost never immediately destroyed. When a fileis deleted, the operating system merely marks the file’s location on disk as overwritable —however, the actual data remains magnetically encoded on the physical medium. The datais not overwritten until the operating system writes a new file at the location. This cantake an indefinite amount of time, depending on usage patterns. Simple software filesystemanalysis tools can reconstruct “deleted” files, in part or in full, using the data that remainson the disk.[If Simson Garfinkel is not schedule d to guest lecture, elaborate more on what tends toget found and how.]Countermeasures: software utilities like Unix’s shred, which not only deletes a file butoverwrites its contents (many times). However, certain kinds of filesystems (e.g., journaling)don’t provide access to the physical location where a file is stored, so shred is of limitedvalue.1.2 Swap filesOperating systems often temp orarily move memory contents onto a special disk locationcalled a “swap file,” in order to increase the amount of working memory. The user typicallyhas little control over what is written to swap and when it is overwritten — anything from2web pages, sensitive documents, passwords, or cryptographic keys could be written andstored indefinitely. Software tools can search the swap file for goodies.Countermeasures: many operating systems allow programmers to designate memoryareas as “non-swappable.” If you are writing cryptographic software, any memory locationcontaining secret keys or passwords should absolutely be declared non-swappable. If this isnot possible, the software should overwrite sensitive memory locations as soon as they aredone being used by the program.Another solution is to use an encrypted swap file. It works as follows: on startup, theoperating system chooses a random key, and encrypts everything written to swap with thatkey (decrypting it when it is accessed). When the machine is shut down (or the swap fileis disabled), the key is erased from memory, rendering the contents of the swap file useless.This approach works because the swap file does not need to store any persistent data — itonly needs to serve as a temporary placeholder for data in memory.1.3 “Spraypaint” recoveryHard disks store bits by setting the magnetic polarity of tiny regions of a metallic plate inthe drive. While bits are digital, the physical storage method is analog. When overwriting aregion of the disk, the old magnetic polarity is not completely obliterated — it still residesaround the “edges” of the region. Think of it as spray-painting a wall many times withdifferent colors: the most recent color appears on top, but previous colors show through dueto the “fuzziness” of the spraying. Expensive, specialized hardware is needed to recover theold data, but some adversaries may be able to read back the most recent 20 writes to alocation.Countermeasures: using shred properly can overwrite the data enough times to com-pletely destroy the original data. The military has been known to take apart disks andsandblast the platters, wiping all the magnetic material off of them before disposal. Dippingthe platters in strong acid can also strip the magnetic coating.1.4 A silver bullet?It is best simply not to let sensitive data be stored “in the clear” on the disk in the firstplace. Instead, set up an encrypted disk partition or filesystem. (See Figure 1.)In such a setup, all data is encrypted with a secret key before it touches the physical disk.Of course, this raises several questions: e.g., “where is the secret key stored (in the long-term,and short-term)?” and “where are the encryption/decryption operations performed?”The secret key could be stored for the long-term in several places: on a separate tamper-resistant device, or in the “user’s head” (the key would be derived from some memorablepassphrase). In the short-term, the operating system would keep the secret key in
View Full Document
Unlocking...