Differential Protocol Analysis & API Level Attacks
description
Transcript of Differential Protocol Analysis & API Level Attacks
Differential Protocol Analysis
& API Level Attacks
Mike BondComputer Security Group
Security and Protection of Information 30th Apr ‘03
Summary
• Security APIs• Hardware Security Modules• Introduction to Banking Security• Conventional Protocol Attacks• API-Level Attacks• Differential Protocol Analysis• Solution: Formal Methods & Evaluation ?• Conclusions
What is a Security API ?• A command set that uses cryptography to control
processing of and access to sensitive data, according to a certain policy
HostPC or Mainframe
Security ProcessorPCI Card or Separate Module
Security API
VDU
I/O Devs
Network
Example Security API Commands
U->C : { A }KM , { B }KM
C->U : { A+B }KM
U->C : GUESS , { ANS }KM
C->U : YES (if GUESS=ANS else NO)
U->C : { X }K1 , { K1 }KM , { K2 }KM
C->U : { X }K2
Research into API Attacks• Some work in early 90’s using prolog style search to
find attacks, but few documented atttacks• Work started in 2000 at University of Cambridge with
analysis of hardware security modules used in banks to protect PINs for ATMs
• New work found many more attacks, and produced first significant catalogue of API failures
• Scope has been broadened to include security modules used by certification authorities and also general purpose crypto libraries (eg MSCAPI, PKCS#11)
• Latest work revisiting financial APIs examining PIN generation and verification procedures…
Hardware Security Modules
• An instantiation of a security API• Often physically tamper-resistant
(epoxy potting, temperature & xray sensors)
• May have hardware crypto acceleration(not so important with speed of modern PC)
• May have special ‘trusted’ peripherals(key switches, smartcard readers, key pads)
(referred to as HSMs subsequently)
Hardware Security Modules
Who Needs Security Modules ?
• Those who need to enforce access policies to sensitive informationExamples: Granting signing permission at a Certification Authority
Enforcing split control policies on nuclear weapons & arming codes
• Those who need to protect mission critical sensitive dataExample: Protecting PIN generation keys at banks
• Those who need to protect data in hostile environmentsExamples: Protecting Token Vending Machines (Electricity, Lottery etc…)
Protecting communications keys in battlefield radios
• Those with high crypto throughput requirementsExample: SSL acceleration for webservers
Financial HSMs & API Attacks
• Attacks discovered at Cambridge– VSM Type System attack
– XOR to Null key attack
– Meet in the Middle attack
• Newly discovered attacks:– Decimalisation table attack
– PAN modification attack
• Prerequisites:– Financial security 101
– Conventional Protocol Attacks review
Why Financial Security?• Concrete and simple security policy for APIs
“Only the customer should know her PIN.”
“Keys protecting PINs may only be manipulated when authorised by two different employees.”
• API manuals are often publicly available– IBM put 4758 CCA manual on its website
– Diversity: many manufacturers have APIs performing same broad functionality – good for comparison
• ATM security was the “killer-app” that brought cryptography into the commercial mainstream – so long history of financial API development
Introduction to ATM Security
• The crucial secret is the customer PIN. The customer should be the only person that knows the value of this PIN
• PINs need to be protected from malicious insiders and outsiders
• PINs must be protected when generated, in storage, when issued to customers, when travelling via the international ATM network, and when being verified
• To this end, banks use Hardware Security Modules (HSMs) to perform cryptography and implement a policy which prevents both insiders and outsiders from gaining unauthorised access to PINS.
Security Modules in Banks
Issuing BankRegional HQ
HSM
ATM
AcquiringBank
IssuingBank
ATM Network
HSM
HSM
HSM
HSM
HSM withkeypad HSM
HSM
HSM
Start with your bank account number (PAN)
5641 8203 3428 2218
Encrypt with PIN Derivation Key(aka PMK – Pin Master Key)
22BD 4677 F1FF 34AC
Chop off the (B->1)End 2213 (D->3)
How are PINs Generated ?
decimalise
What’s a Decimalisation Table ?
• Remember encrypted result was in hexadecimal?• Encryption produces output that looks uniformly
distributed, so 0-F are all equally likely• Decimalisation Table used to map 0-F back to 0-9
digit in 0123456789ABCDEFdigit out 0123456789012345
e.g. 22BD -> 2213
• Because some numbers have several hexadecimal digits mapped to them, they are more likely to occur in issued PINs than others
0
2
4
6
8
10
12
14
16
18
20
22
24
0 1 2 3 4 5 6 7 8 9
Example Distribution : HSBC
(Sample size: 45 people)
Conventional Protocol Attacks
• The starting point for the study of API attacks• The protocol world has attacks similar to each of
those found on APIs• Each example demonstrates a different aspect of
protocol attack:– Needham Schroder Public Key
• attacker knows how to encrypt/decrypt
– TMN Protocol• attacker knows algebra of RSA
– Bleichenbacher PKCS#1 Attack• attacker knows protocol data structures & understands RSA
crypto
Protocol Attacks
ManipulationAttacks
MathematicalAttacks
Needham SchroederPublic KeyTMN Attack
Bleichenbacher Attack
Needham-Schroeder Public Key Protocol
A -> B : { NA , A}KB
B -> A : { NA , NB }KA
A -> B : { NB }KB
A -> B : { NA , A}KB
B -> D : { NA , A}KD
D -> B : { NA , ND }KA
B -> A : { NA , ND }KA
A -> B : { ND }KB
B -> D : { ND }KD
attackers abilities:Construct messages,Encrypt & decrypt
TMN Protocol
A->S: RA3 mod N
B->S: RB3 mod N
S->A: RA xor RB
C->S: RA3 * X3 mod N
D->S: RD3 mod N
S->A: RA*X xor RD
Explanation:
Cubing modulo N represents RSA encryption under public key of server S
Explanation:
Server will not accept same random number twice, so C cannot
simply replay RA3
Bleichenbacher PKCS#1 Attack
A->S: Ke mod N
S->A: {data}K
C->S: Ke * Xe mod N
S->A: {data}K*X
or
S->A: decryption error
S->A: format error
Explanation:
Alice sends key K encrypted using RSA with PKCS#1 v1.5 padding
Explanation:
Server tries to decrypt message from Charlie, and leaks information as to whether the decrypted message satisfied PKCS#1 format requirement
API Attacks & Protocol Attacks
• API Attacks already found in each category– Manipulation (VSM Type System)– Mathematical (XOR to null key)– Cryptographic (MIM attack)
(both manipulative and mathematical)
• Differences between API and Protocol Attacks:– API is a ‘dumb adversary’
– APIs are more complex – contain many protocols
– APIs (usually) have only two principals, HSM and User
XOR to Null Key Attack• Top-level crypto keys exchanged between banks in several
parts carried by separate couriers, which are recombined using the exclusive-OR function
• A single operator could feed in the same part twice, which cancels out to produce an ‘all zeroes’ test key. PINs could be extracted in the clear using this key
U->C : {KP1}KM , {KP2}KM
C->U : {KP1 xor KP2}KM
U->C : {KP1}KM , {KP1}KM
C->U : {KP1 xor KP1}KM ( = {0}KM )
(Anderson 2000)
VSM Type System Attack
• Encrypting communication keys for transfer to an ATMs used exactly the same process as calculating a customer PIN
• Customer PINs could be generated by re-labelling an account number as a communications key, and using the same encryption process
(Bond 2000)
The Visa Security Module
VSM Type Diagram
VSM Type System Attack
Type System Attack (Protocol Notation)
U->C : 5641 8203 3428 2218
C->U : {5641 8203 3428 2218}TC
U->C : {5641 8203 3428 2218}TC , { PMK }TMK
C->U : {5641 8203 3428 2218}PMK
{5641 8203 3428 2218}PMK = 22BD 4677 F1FF 34AC
So customer PIN is 22BD i.e. 2213
Car Park Analogy
• A thief walks into a car park and tries to steal a car...
• How many keys must he try?
Car Park Analogy 1900
Car Park Analogy 2000
The Meet in the Middle Attack
• Common sense statistics• Attack multiple keys in parallel • Need the same plaintext under each key• Encrypt this plaintext to get a ‘test vector’• Typical case: A 256 search for one key becomes a
240 search for 216 keys• Poor implementations of 3DES key storage allow
3DES key halves to be attacked individually
MIM Attack on DES Security Modules
40 bits16 bits
• Generate 216 keys• Encrypt test vectors
U->C : { KEY1 }KM
C->U : { 0000000000000000 }KEY1
• Do 240 searchCryptoprocessor’s Effort Search Machine’s Effort
56 bit key space
Protocol Attacks
ManipulationAttacks
DifferentialAttacks
MathematicalAttacks
Needham SchroederPublic Key
TMN Attack
Bleichenbacher Attack
Decimalisation TableAttack
PAN ModificationAttack
Decimalisation Table Attack
• Remember PINs derived from account numbers• Hexadecimal raw PIN is converted to decimal using
decimalisation table• Most APIs allow the decimalisation table to be specified
with each PIN verification command• A normal verification command eliminates one of
10,000 combinations of PIN for the attacker.• If the table is altered, whether or not the alteration
affects correct verification leaks much more information about the PIN
examples…
(Bond/Clulow 2002)
Decimalisation Table Attack (1)
PIN_Verify
Yes/No(eliminates 1 combination)
0123456789ABCDEF
0123456789012345
Trial PIN0000
PAN5641820334282218
Encrypted PMK48CCA975F4B2C8A5
1. Encrypt PANRaw PIN = 22BD2. DecimaliseNatural PIN = 22133. Verify0000 != 2213
Decimalisation Table Attack (2)
PIN_Verify
Yes/No(eliminates all PINs containing digit 7)
0123456789ABCDEF
0000000100000000
Trial PIN0000
PAN5641820334282218
Encrypted PMK48CCA975F4B2C8A5
1. Encrypt PANRaw PIN = 22BD2. DecimaliseNatural PIN = 00003. Verify0000 = 0000
Decimalisation Table Attack (3)
PIN_Verify
Yes/No(shows PIN contains digit 2)
0123456789ABCDEF
0010000000000000
Trial PIN0000
PAN5641820334282218
Encrypted PMK48CCA975F4B2C8A5
1. Encrypt PANRaw PIN = 22BD2. DecimaliseNatural PIN = 11003. Verify0000 != 1100
Decimalisation Table Attack (4)
PIN_Verify
Yes/No(no information)
0123456789ABCDEF
0123456789012345
Encrypted Trial PIN{2213}KM
PAN5641820334282218
Encrypted PMK48CCA975F4B2C8A5
1. Encrypt PANRaw PIN = 22BD2. DecimaliseNatural PIN = 22133. Verify2213 = 2213
Decimalisation Table Attack (5)
PIN_Verify
Yes/No(eliminates PINs containing digit 7)
0123456789ABCDEF
0123456089012345
Encrypted Trial PIN{2213}KM
PAN5641820334282218
Encrypted PMK48CCA975F4B2C8A5
1. Encrypt PANRaw PIN = 22BD2. DecimaliseNatural PIN = 22133. Verify2213 = 2213
PAN Modification Attack (1)
• Encrypted PINs transferred from ATM to issuing bank via ATM network using point to point encryption
• At each node PIN block must be decrypted with incoming key, and re-encrypted with outgoing key
• Common ISO standard “binds” PIN to particular customer by exclusive-ORing PAN with PIN before encryption
• Attack: specifying incorrect PAN may make deduced PIN contain hexadecimal digit ‘A’-’F’, which causes formatting error. Conditions under which formatting error arises leaks information about PIN.
(Clulow 2002)
PIN Block Formats
041234FFFFFFFFFF
xor
0000820363452239
=0412A6FC9CBADDC6
Primary Account Number (PAN)5461 8203 6345 2239
IS0-0
IS0-2
padding
PINPIN length
241234FFFFFFFFFF
Format ID
PAN Modification Attack (2)
PIN_Translate
{PIN Block}AWK (or FORMAT ERROR)
Format
InfoPAN{IWK}KM
{AWK}KM {PIN Block}IWK
PAN Modification Attack (3)
041234FFFFFFFFFF
xor
0000820363452239
=
0412B6FC9CBADDC6
0 1 2 3 4 5 6 7 8 9
0 0 1 2 3 4 5 6 7 8 9
1 1 0 3 2 5 4 7 6 9 8
2 2 3 0 1 6 7 4 5 A B
3 3 2 1 0 7 6 5 4 B A
4 4 5 6 7 0 1 2 3 C D
5 5 4 7 6 1 0 3 2 D C
6 6 7 4 5 2 3 0 1 E F
7 7 6 5 4 3 2 1 0 F E
8 8 9 A B C D E F 0 1
9 9 8 B A D C F E 1 0
A A B 8 9 E F C D 2 3
B B A 9 8 F E D C 3 2
C C D E F 8 9 A B 4 5
D D C F E 9 8 B A 5 4
E E F C D A B 8 9 6 7
F F E D C B A 9 8 7 6
PIN
PAN
0412B6FC9CBADDC6
xor
0000820363452239
=
041234FFFFFFFFFF
0412B6FC9CBADDC6
xor
0000720363452239
=
0412C4FFFFFFFFFF
constructionof PIN block
correct PANremoved
modified PANRemoved – PINcontains ‘C’ –error
Differential Protocol Analysis
• Phrase coined by Anderson & Bond in “Protocol Analysis, Composability and Computation” in Feb 2003
• Differential Protocol Analysis refers to attacks which use multiple runs of a protocol to gradually discover a secret key protected by the protocol
• Input differentials (pairs of inputs) are carefully chosen such that a difference in output will be observed dependent upon some secret key material
• Before this work, such attacks were rare – dumb adversaries were thought unlikely
Dectab Attack during PIN Generation
PIN_Generate
FD29DA10029726DC
0123456789ABCDEF
0123456089012345
PAN5641820334282218
Encrypted PMK48CCA975F4B2C8A5
1. Encrypt PANRaw PIN = 22BD2. DecimaliseNatural PIN = 22133. Store as ISO PIN Block042213FFFFFFFFFF
“DPA” - Decimalisation Table
PAN Dectab PMK Output5641820364352239
5641820364352239
0123 4567 8901 2345
1123 4567 8901 2345
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
5641820364352239
5641820364352239
0123 4567 8901 2345
0023 4567 8901 2345
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
08F8E3983E3BDF26
5641820364352239
5641820364352239
0123 4567 8901 2345
0103 4567 8901 2345
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
3BDF08F8E3E26983
5641820364352239
5641820364352239
0123 4567 8901 2345
0120 4567 8901 2345
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
726F0FD293E26F67
5641820364352239
5641820364352239
0123 4567 8901 2345
0123 0567 8901 2345
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
5641820364352239
5641820364352239
0123 4567 8901 2345
0123 4067 8901 2345
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
5641820364352239
5641820364352239
0123 4567 8901 2345
0123 4507 8901 2345
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
5641820364352239
5641820364352239
0123 4567 8901 2345
0123 4560 8901 2345
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
“DPA” – PAN ModificationPAN IWK AWK Output820364352239
830364352239
0D7604EBA10AC7F3
0D7604EBA10AC7F3
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
820364352239
840364352239
0D7604EBA10AC7F3
0D7604EBA10AC7F3
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
08F8E3983E3BDF26
820364352239
850364352239
0D7604EBA10AC7F3
0D7604EBA10AC7F3
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
3BDF08F8E3E26983
820364352239
860364352239
0D7604EBA10AC7F3
0D7604EBA10AC7F3
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
820364352239
870364352239
0D7604EBA10AC7F3
0D7604EBA10AC7F3
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
820364352239
880364352239
0D7604EBA10AC7F3
0D7604EBA10AC7F3
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
726F0FD293E26F67
820364352239
890364352239
0D7604EBA10AC7F3
0D7604EBA10AC7F3
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
820364352239
8A0364352239
0D7604EBA10AC7F3
0D7604EBA10AC7F3
E92F67BFEADF91D9
E92F67BFEADF91D9
FD29DA10029726DC
FD29DA10029726DC
Protecting against API Attacks: Formal Methods
and Evaluation?• New protocol attacks show formal methods now cover just one of
many aspects of protocol attacks• Automated information-theoretic reasoning about protocols and
APIs could be an interesting new direction for research and evaluation tools, but is years away
• API attacks are already having an effect on the real world – especially in financial security, yet evaluation standards e.g. FIPS 140 series are not keeping up
• API attacks have defeated many different modules certified FIPS 140-1 Level 4 – why? Because the evaluation does not cover the whole system, just a few components.
• Be careful when buying entire systems to establish what has been evaluated, and what has not.
Conclusions• Protocol Analysis is far from dead• API security complements and extends the study of security
protocols• “Differential Protocol Analysis” attacks were previously
novelties, but may become important against ‘dumb adversaries’ as Security APIs become more common
• API analysis used to only be relevant to a few specialist applications such as banking security and certification authorities; TCPA and Palladium APIs when deployed will bring targets into everybody’s homes
• Formal methods tools have a long way to go to provide assurance for using systems
• Independent evaluation can protect against these attacks, but it must cover the whole system.
More Info• Academic Papers
“Decimalisation Table Attacks for PIN Cracking”Bond, Zielinski, Mar 2003
“API-Level Attacks on Embedded Systems”Bond, Anderson, Oct 2001
“The Design and Analysis of Cryptographic APIs for Security Devices”Clulow, Jan 2003
• My Webpagehttp://www.cl.cam.ac.uk/~mkb23/research.html