Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Hardware YOU Can Trust
Transcript
Hardware YOU Can Trust Benedikt Stockebrand Stepladder IT Training+Consulting GmbH c 2015 Benedikt Stockebrand Copyright March 18, 2015 Troopers 15 Heidelberg, Germany 1/49 Hardware YOU Can Audit and Then Trust Benedikt Stockebrand Stepladder IT Training+Consulting GmbH c 2015 Benedikt Stockebrand Copyright March 18, 2015 Troopers 15 Heidelberg, Germany 2/49 About Me • Diplom-Informatiker (Uni Dortmund) • Specialized in IT operations, TCP/IP networks, Unix • Even more specialized on IPv6 since mid 2003 • Co-author of an IPv6 related security study for the BSI (Federal Office for IT Security) • Actively working on microcontrollers and hardware random number generators since 2012 (or so) c 2015 Benedikt Stockebrand Copyright 3/49 Part I The Current Situation c 2015 Benedikt Stockebrand Copyright 4/49 So-called “IT Security” c 2015 Benedikt Stockebrand Copyright The Current Situation 5/49 So-called “IT Security” The Current Situation • Do we have to prove IT systems to be insecure? c 2015 Benedikt Stockebrand Copyright 5/49 So-called “IT Security” The Current Situation • Do we have to prove IT systems to be insecure? • . . . or should the vendor demonstrate their security instead? c 2015 Benedikt Stockebrand Copyright 5/49 So-called “IT Security” The Current Situation • Do we have to prove IT systems to be insecure? • . . . or should the vendor demonstrate their security instead? • For more on this: “The Limits of Cryptography”, EasterHegg 2014 http://www.youtube.com/watch?v=7bTaKSZQKhc c 2015 Benedikt Stockebrand Copyright 5/49 “Secure Hardware” The Current Situation • Do we blindly want to trust all the • designers/developers • vendors • manufacturers • component suppliers • logistics operators • distributors • dealers • customs authorities • investigative authorities • so-called “intelligence” agencies • standard issuing bodies • . . . and whoever else involved? c 2015 Benedikt Stockebrand Copyright 6/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant c 2015 Benedikt Stockebrand Copyright 7/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant • But in other cases this is c 2015 Benedikt Stockebrand Copyright 7/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant • But in other cases this is • unnecessary c 2015 Benedikt Stockebrand Copyright 7/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant • But in other cases this is • unnecessary • exceedingly difficult c 2015 Benedikt Stockebrand Copyright 7/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant • But in other cases this is • unnecessary • exceedingly difficult • or a convenient excuse to peddle snake oil. c 2015 Benedikt Stockebrand Copyright 7/49 Auditability I The Current Situation • Can I audit a TPM module or the crypto features of a CPU. . . • . . . without destroying it? • . . . with affordable and available tools? • . . . with available know-how? • . . . and with a reasonable amount of effort? c 2015 Benedikt Stockebrand Copyright 8/49 Auditability II The Current Situation • Is auditability possible? c 2015 Benedikt Stockebrand Copyright 9/49 Auditability II The Current Situation • Is auditability possible? • Not with attackers, who • have unlimited resources • have unlimited technical skills • have unlimited insider knowledge • have unlimited political and judicial backing • nonchalantly ignore applicable laws (not to talk about “decency”) • have support from the manufacturers • don’t make mistakes c 2015 Benedikt Stockebrand Copyright 9/49 Auditability II The Current Situation • Is auditability possible? • Not with attackers, who • have unlimited resources • have unlimited technical skills • have unlimited insider knowledge • have unlimited political and judicial backing • nonchalantly ignore applicable laws (not to talk about “decency”) • have support from the manufacturers • don’t make mistakes • But what about real world attackers? c 2015 Benedikt Stockebrand Copyright 9/49 Risk Assessment of Attacks • Risk of discovery • Personal risk for attacker c 2015 Benedikt Stockebrand Copyright 10/49 The Current Situation Risk Assessment of Attacks • Risk of discovery • Personal risk for attacker • Economic risk for attacker c 2015 Benedikt Stockebrand Copyright 10/49 The Current Situation Scope of Attacks The Current Situation • Targeted attacks • Untargeted, large scale attacks c 2015 Benedikt Stockebrand Copyright 11/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices • Targeted distribution of manipulated devices c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices • Targeted distribution of manipulated devices • Manipulation of entire product series or product families c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices • Targeted distribution of manipulated devices • Manipulation of entire product series or product families • Manipulation of standards and specifications c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices • Targeted distribution of manipulated devices • Manipulation of entire product series or product families • Manipulation of standards and specifications • Attacks at the political level c 2015 Benedikt Stockebrand Copyright 12/49 c 2015 Benedikt Stockebrand Copyright Part II Fighting Back 13/49 Defense Strategies I Fighting Back • Technical c 2015 Benedikt Stockebrand Copyright 14/49 Defense Strategies I Fighting Back • Technical • Economic c 2015 Benedikt Stockebrand Copyright 14/49 Defense Strategies I Fighting Back • Technical • Economic • Political c 2015 Benedikt Stockebrand Copyright 14/49 Defense Strategies II Fighting Back • Diversity • Auditability • Modularity c 2015 Benedikt Stockebrand Copyright 15/49 Development Criteria Fighting Back • Designs must be • easy to understand • easy to modify • easy to reproduce (and build yourself) • Development tools must be • auditable • generally available • affordable • available in multiple implementations c 2015 Benedikt Stockebrand Copyright 16/49 Usable Hardware Components Components should be • cheap • mass produced for multiple purposes • available from multiple manufacturers • simple (i.e. no highly integrated ICs if possible) • widely available • easily replaceable by similar components • easy to use for custom builds c 2015 Benedikt Stockebrand Copyright 17/49 Fighting Back PCB Technology Fighting Back • Through-hole (THT) only • Surface mount (SMT) for home assembly • Surface mount for industrial assembly c 2015 Benedikt Stockebrand Copyright 18/49 Part III A Random Self-Experiment c 2015 Benedikt Stockebrand Copyright 19/49 Choosing the External Interface • Raw analog output • UART (5V) • RS-232 • USB • PCIe c 2015 Benedikt Stockebrand Copyright 20/49 A Random Self-Experiment Choosing the Microcontroller and Interface • Atmel ATtiny2313 and FTDI FT232RL • Various MSP430 and FTDI FT232RL • PIC 16F 1454/1455/1459 • PIC 18F 13K50/14K50 • Various Atmel ATxmega with on-chip USB • Various STM32 c 2015 Benedikt Stockebrand Copyright 21/49 A Random Self-Experiment FTDIgate A Random Self-Experiment • FT232’s can be configured via USB interface • In September 2014, FTDI released a driver update. . . c 2015 Benedikt Stockebrand Copyright 22/49 FTDIgate A Random Self-Experiment • FT232’s can be configured via USB interface • In September 2014, FTDI released a driver update. . . • . . . which bricked fake FTDI chips • (and no warning given) c 2015 Benedikt Stockebrand Copyright 22/49 FTDIgate A Random Self-Experiment • FT232’s can be configured via USB interface • In September 2014, FTDI released a driver update. . . • . . . which bricked fake FTDI chips • (and no warning given) • That chip must go c 2015 Benedikt Stockebrand Copyright 22/49 Choosing the Noise Source • Radioactive decay • Radio static • Noise from blackened CCD chip • Thermal noise in a resistor • Ring oscillator • Microphone at Kindergarten playground • ... c 2015 Benedikt Stockebrand Copyright 23/49 A Random Self-Experiment Choosing the Noise Source • Radioactive decay • Radio static • Noise from blackened CCD chip • Thermal noise in a resistor • Ring oscillator • Microphone at Kindergarten playground • ... • Avalanche effect in “Zener” diodes c 2015 Benedikt Stockebrand Copyright 23/49 A Random Self-Experiment Generating 12V A Random Self-Experiment • Fredrik Thulin’s choice: Charge pump • Depends on input voltage • Doesn’t need inductances c 2015 Benedikt Stockebrand Copyright 24/49 Generating 12V A Random Self-Experiment • Fredrik Thulin’s choice: Charge pump • Depends on input voltage • Doesn’t need inductances • My choice: Step-up converter (MC34063) • Needs inductances • Ultra cheap • Huge variety of vendors • Widely known • General purpose chip c 2015 Benedikt Stockebrand Copyright 24/49 Block Schematic A Random Self-Experiment Microcontroller UART↔USB Interface USB Connector Amplifier Noise Generator Step-Up Converter c 2015 Benedikt Stockebrand Copyright 25/49 Noise Specifications A Random Self-Experiment • Noise is undesirable. . . c 2015 Benedikt Stockebrand Copyright 26/49 Noise Specifications A Random Self-Experiment • Noise is undesirable. . . • . . . and generally specified as upper limit only c 2015 Benedikt Stockebrand Copyright 26/49 Noise Specifications A Random Self-Experiment • Noise is undesirable. . . • . . . and generally specified as upper limit only • This is a fundamental problem. c 2015 Benedikt Stockebrand Copyright 26/49 “Magic Zener Diodes” c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 27/49 “Magic Zener Diodes” A Random Self-Experiment Source: http://www.conrad.de/ce/de/product/179001 c 2015 Benedikt Stockebrand Copyright 27/49 Getting Reliable Noise A Random Self-Experiment • More magic? • BE junction in bipolar junction transistors (BJTs) c 2015 Benedikt Stockebrand Copyright 28/49 Getting Reliable Noise A Random Self-Experiment • More magic? • BE junction in bipolar junction transistors (BJTs) • This is still a fundamental problem. c 2015 Benedikt Stockebrand Copyright 28/49 Building for Auditability A Random Self-Experiment • Minimized circuit design • Test pins • Auditable PCB layout • DIY compatibility c 2015 Benedikt Stockebrand Copyright 29/49 Minimizing the Circuit Design A Random Self-Experiment 2 1 TP4 10uH L3 10uH D1.A R5 6.8V 100nF D2 R7 D3 TP8 OUTPUT T2.B Q1 BC547C Q2 BC547C C5 GND GND Amplifier Stage Generator Core c 2015 Benedikt Stockebrand Copyright GND GND GND 30/49 1 JP6 2 27K BAT85 TP3 T1.B 1k C7 TP5 RAW_OUT TP6 100uF R8 + 470 C6 1 JP4 2 1k TP2 R6 + C4 100uF TP7 VCC_AMP_STABLE +HIGH_V_STABLE 100nF L2 1 JP3 2 JP5 My Very First Real PCB c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 31/49 Analog Output I c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 32/49 Analog Output II c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 33/49 Analog Output III c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 34/49 Analog Output IV c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 35/49 Amplified Output I c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 36/49 Amplified Output II c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 37/49 Amplified Output III c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 38/49 Amplified Output IV c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 39/49 Amplified Output V c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 40/49 Digitizing Noise A Random Self-Experiment • Trivial approach: XOR n readings • Fast • Constant speed • Not adapting to quality of analog source • Not failsafe c 2015 Benedikt Stockebrand Copyright 41/49 Digitizing Noise A Random Self-Experiment • Trivial approach: XOR n readings • Fast • Constant speed • Not adapting to quality of analog source • Not failsafe • Measure (LSB of) time between rising edges • Slightly slower • Variable speed • Adapts to quality of analog source • Failsafe behaviour • Automatically removing correlation c 2015 Benedikt Stockebrand Copyright 41/49 From Noise to Entropy A Random Self-Experiment • Correlation • Removed via rising edge algorithm • Analog circuit is too simple to store much information, ⇒ No correlation between bits possible c 2015 Benedikt Stockebrand Copyright 42/49 From Noise to Entropy A Random Self-Experiment • Correlation • Removed via rising edge algorithm • Analog circuit is too simple to store much information, ⇒ No correlation between bits possible • (Bitwise) bias • Follow up with a von Neumann extractor: • Read two bits • If the same, discard both • Else return the first • Rinse and repeat as needed c 2015 Benedikt Stockebrand Copyright 42/49 Why the “ARRGH” board? A Random Self-Experiment • It’s the Auditable Real Random Number Generator Hardware • It has nothing to do with a Makefile bug that made me generate four weeks worth of test data using the XOR extraction on a less-than-magic Zener diode. . . c 2015 Benedikt Stockebrand Copyright 43/49 c 2015 Benedikt Stockebrand Copyright Part IV Preliminary Finale 44/49 Conclusions Preliminary Finale • ICs suck (especially from FTDI) • THT components suck • SMD/SMT-only components suck • USB sucks even worse c 2015 Benedikt Stockebrand Copyright 45/49 Conclusions Preliminary Finale • ICs suck (especially from FTDI) • THT components suck • SMD/SMT-only components suck • USB sucks even worse • Auditable hardware is difficult • . . . but apparently possible c 2015 Benedikt Stockebrand Copyright 45/49 Conclusions Preliminary Finale • ICs suck (especially from FTDI) • THT components suck • SMD/SMT-only components suck • USB sucks even worse • Auditable hardware is difficult • . . . but apparently possible • Complexity is a problem, not a solution c 2015 Benedikt Stockebrand Copyright 45/49 Conclusions Preliminary Finale • ICs suck (especially from FTDI) • THT components suck • SMD/SMT-only components suck • USB sucks even worse • Auditable hardware is difficult • . . . but apparently possible • Complexity is a problem, not a solution • Randomness looks really simple • . . . until you really take a look c 2015 Benedikt Stockebrand Copyright 45/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools c 2015 Benedikt Stockebrand Copyright 46/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools • Testing for pseudo randomness is much better known • . . . but largely unrelated c 2015 Benedikt Stockebrand Copyright 46/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools • Testing for pseudo randomness is much better known • . . . but largely unrelated • Testing for randomness is “the wrong way ’round” • Best starting point is still Knuth’s ACP Vol. 2 c 2015 Benedikt Stockebrand Copyright 46/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools • Testing for pseudo randomness is much better known • . . . but largely unrelated • Testing for randomness is “the wrong way ’round” • Best starting point is still Knuth’s ACP Vol. 2 • The NIST screwed this up again. Big time. c 2015 Benedikt Stockebrand Copyright 46/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools • Testing for pseudo randomness is much better known • . . . but largely unrelated • Testing for randomness is “the wrong way ’round” • Best starting point is still Knuth’s ACP Vol. 2 • The NIST screwed this up again. Big time. • But this is enough for another year of research. . . • . . . and hopefully another talk c 2015 Benedikt Stockebrand Copyright 46/49 c 2015 Benedikt Stockebrand Copyright Part V Appendix 47/49 Resources Appendix The Limits of Cryptography EasterHegg 2014, Stuttgart http://www.youtube.com/watch?v=7bTaKSZQKhc BIVBlog: Benedikt’s IT Video Blog http://www.stepladder-it.com/bivblog/ Video Blog on IT in general and crypto hardware (and IPv6) in particular The Cryptech project https://cryptech.is/ c 2015 Benedikt Stockebrand Copyright 48/49 Appendix Contact Information c 2015 Benedikt Stockebrand Copyright Stepladder IT Training+Consulting GmbH Benedikt Stockebrand Fichardstr. 38 D-60322 Frankfurt/Main [email protected] Webseiten: http://www.stepladder-it.com/ http://www.benedikt-stockebrand.de/ Video Blog: http://www.stepladder-it.com/bivblog/ 49/49
