Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Hardware YOU Can Trust Benedikt Stockebrand Stepladder IT Training+Consulting GmbH c 2015 Benedikt Stockebrand Copyright March 18, 2015 Troopers 15 Heidelberg, Germany 1/49 Hardware YOU Can Audit and Then Trust Benedikt Stockebrand Stepladder IT Training+Consulting GmbH c 2015 Benedikt Stockebrand Copyright March 18, 2015 Troopers 15 Heidelberg, Germany 2/49 About Me • Diplom-Informatiker (Uni Dortmund) • Specialized in IT operations, TCP/IP networks, Unix • Even more specialized on IPv6 since mid 2003 • Co-author of an IPv6 related security study for the BSI (Federal Office for IT Security) • Actively working on microcontrollers and hardware random number generators since 2012 (or so) c 2015 Benedikt Stockebrand Copyright 3/49 Part I The Current Situation c 2015 Benedikt Stockebrand Copyright 4/49 So-called “IT Security” c 2015 Benedikt Stockebrand Copyright The Current Situation 5/49 So-called “IT Security” The Current Situation • Do we have to prove IT systems to be insecure? c 2015 Benedikt Stockebrand Copyright 5/49 So-called “IT Security” The Current Situation • Do we have to prove IT systems to be insecure? • . . . or should the vendor demonstrate their security instead? c 2015 Benedikt Stockebrand Copyright 5/49 So-called “IT Security” The Current Situation • Do we have to prove IT systems to be insecure? • . . . or should the vendor demonstrate their security instead? • For more on this: “The Limits of Cryptography”, EasterHegg 2014 http://www.youtube.com/watch?v=7bTaKSZQKhc c 2015 Benedikt Stockebrand Copyright 5/49 “Secure Hardware” The Current Situation • Do we blindly want to trust all the • designers/developers • vendors • manufacturers • component suppliers • logistics operators • distributors • dealers • customs authorities • investigative authorities • so-called “intelligence” agencies • standard issuing bodies • . . . and whoever else involved? c 2015 Benedikt Stockebrand Copyright 6/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant c 2015 Benedikt Stockebrand Copyright 7/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant • But in other cases this is c 2015 Benedikt Stockebrand Copyright 7/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant • But in other cases this is • unnecessary c 2015 Benedikt Stockebrand Copyright 7/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant • But in other cases this is • unnecessary • exceedingly difficult c 2015 Benedikt Stockebrand Copyright 7/49 “Tamper Protection”? The Current Situation • In some cases, this is imporant • But in other cases this is • unnecessary • exceedingly difficult • or a convenient excuse to peddle snake oil. c 2015 Benedikt Stockebrand Copyright 7/49 Auditability I The Current Situation • Can I audit a TPM module or the crypto features of a CPU. . . • . . . without destroying it? • . . . with affordable and available tools? • . . . with available know-how? • . . . and with a reasonable amount of effort? c 2015 Benedikt Stockebrand Copyright 8/49 Auditability II The Current Situation • Is auditability possible? c 2015 Benedikt Stockebrand Copyright 9/49 Auditability II The Current Situation • Is auditability possible? • Not with attackers, who • have unlimited resources • have unlimited technical skills • have unlimited insider knowledge • have unlimited political and judicial backing • nonchalantly ignore applicable laws (not to talk about “decency”) • have support from the manufacturers • don’t make mistakes c 2015 Benedikt Stockebrand Copyright 9/49 Auditability II The Current Situation • Is auditability possible? • Not with attackers, who • have unlimited resources • have unlimited technical skills • have unlimited insider knowledge • have unlimited political and judicial backing • nonchalantly ignore applicable laws (not to talk about “decency”) • have support from the manufacturers • don’t make mistakes • But what about real world attackers? c 2015 Benedikt Stockebrand Copyright 9/49 Risk Assessment of Attacks • Risk of discovery • Personal risk for attacker c 2015 Benedikt Stockebrand Copyright 10/49 The Current Situation Risk Assessment of Attacks • Risk of discovery • Personal risk for attacker • Economic risk for attacker c 2015 Benedikt Stockebrand Copyright 10/49 The Current Situation Scope of Attacks The Current Situation • Targeted attacks • Untargeted, large scale attacks c 2015 Benedikt Stockebrand Copyright 11/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices • Targeted distribution of manipulated devices c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices • Targeted distribution of manipulated devices • Manipulation of entire product series or product families c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices • Targeted distribution of manipulated devices • Manipulation of entire product series or product families • Manipulation of standards and specifications c 2015 Benedikt Stockebrand Copyright 12/49 Attack Types The Current Situation • Passive snooping • Active manipulation/injection of fake data • Installation of backdoors in operational devices • Replacement of operational devices • Targeted distribution of manipulated devices • Manipulation of entire product series or product families • Manipulation of standards and specifications • Attacks at the political level c 2015 Benedikt Stockebrand Copyright 12/49 c 2015 Benedikt Stockebrand Copyright Part II Fighting Back 13/49 Defense Strategies I Fighting Back • Technical c 2015 Benedikt Stockebrand Copyright 14/49 Defense Strategies I Fighting Back • Technical • Economic c 2015 Benedikt Stockebrand Copyright 14/49 Defense Strategies I Fighting Back • Technical • Economic • Political c 2015 Benedikt Stockebrand Copyright 14/49 Defense Strategies II Fighting Back • Diversity • Auditability • Modularity c 2015 Benedikt Stockebrand Copyright 15/49 Development Criteria Fighting Back • Designs must be • easy to understand • easy to modify • easy to reproduce (and build yourself) • Development tools must be • auditable • generally available • affordable • available in multiple implementations c 2015 Benedikt Stockebrand Copyright 16/49 Usable Hardware Components Components should be • cheap • mass produced for multiple purposes • available from multiple manufacturers • simple (i.e. no highly integrated ICs if possible) • widely available • easily replaceable by similar components • easy to use for custom builds c 2015 Benedikt Stockebrand Copyright 17/49 Fighting Back PCB Technology Fighting Back • Through-hole (THT) only • Surface mount (SMT) for home assembly • Surface mount for industrial assembly c 2015 Benedikt Stockebrand Copyright 18/49 Part III A Random Self-Experiment c 2015 Benedikt Stockebrand Copyright 19/49 Choosing the External Interface • Raw analog output • UART (5V) • RS-232 • USB • PCIe c 2015 Benedikt Stockebrand Copyright 20/49 A Random Self-Experiment Choosing the Microcontroller and Interface • Atmel ATtiny2313 and FTDI FT232RL • Various MSP430 and FTDI FT232RL • PIC 16F 1454/1455/1459 • PIC 18F 13K50/14K50 • Various Atmel ATxmega with on-chip USB • Various STM32 c 2015 Benedikt Stockebrand Copyright 21/49 A Random Self-Experiment FTDIgate A Random Self-Experiment • FT232’s can be configured via USB interface • In September 2014, FTDI released a driver update. . . c 2015 Benedikt Stockebrand Copyright 22/49 FTDIgate A Random Self-Experiment • FT232’s can be configured via USB interface • In September 2014, FTDI released a driver update. . . • . . . which bricked fake FTDI chips • (and no warning given) c 2015 Benedikt Stockebrand Copyright 22/49 FTDIgate A Random Self-Experiment • FT232’s can be configured via USB interface • In September 2014, FTDI released a driver update. . . • . . . which bricked fake FTDI chips • (and no warning given) • That chip must go c 2015 Benedikt Stockebrand Copyright 22/49 Choosing the Noise Source • Radioactive decay • Radio static • Noise from blackened CCD chip • Thermal noise in a resistor • Ring oscillator • Microphone at Kindergarten playground • ... c 2015 Benedikt Stockebrand Copyright 23/49 A Random Self-Experiment Choosing the Noise Source • Radioactive decay • Radio static • Noise from blackened CCD chip • Thermal noise in a resistor • Ring oscillator • Microphone at Kindergarten playground • ... • Avalanche effect in “Zener” diodes c 2015 Benedikt Stockebrand Copyright 23/49 A Random Self-Experiment Generating 12V A Random Self-Experiment • Fredrik Thulin’s choice: Charge pump • Depends on input voltage • Doesn’t need inductances c 2015 Benedikt Stockebrand Copyright 24/49 Generating 12V A Random Self-Experiment • Fredrik Thulin’s choice: Charge pump • Depends on input voltage • Doesn’t need inductances • My choice: Step-up converter (MC34063) • Needs inductances • Ultra cheap • Huge variety of vendors • Widely known • General purpose chip c 2015 Benedikt Stockebrand Copyright 24/49 Block Schematic A Random Self-Experiment Microcontroller UART↔USB Interface USB Connector Amplifier Noise Generator Step-Up Converter c 2015 Benedikt Stockebrand Copyright 25/49 Noise Specifications A Random Self-Experiment • Noise is undesirable. . . c 2015 Benedikt Stockebrand Copyright 26/49 Noise Specifications A Random Self-Experiment • Noise is undesirable. . . • . . . and generally specified as upper limit only c 2015 Benedikt Stockebrand Copyright 26/49 Noise Specifications A Random Self-Experiment • Noise is undesirable. . . • . . . and generally specified as upper limit only • This is a fundamental problem. c 2015 Benedikt Stockebrand Copyright 26/49 “Magic Zener Diodes” c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 27/49 “Magic Zener Diodes” A Random Self-Experiment Source: http://www.conrad.de/ce/de/product/179001 c 2015 Benedikt Stockebrand Copyright 27/49 Getting Reliable Noise A Random Self-Experiment • More magic? • BE junction in bipolar junction transistors (BJTs) c 2015 Benedikt Stockebrand Copyright 28/49 Getting Reliable Noise A Random Self-Experiment • More magic? • BE junction in bipolar junction transistors (BJTs) • This is still a fundamental problem. c 2015 Benedikt Stockebrand Copyright 28/49 Building for Auditability A Random Self-Experiment • Minimized circuit design • Test pins • Auditable PCB layout • DIY compatibility c 2015 Benedikt Stockebrand Copyright 29/49 Minimizing the Circuit Design A Random Self-Experiment 2 1 TP4 10uH L3 10uH D1.A R5 6.8V 100nF D2 R7 D3 TP8 OUTPUT T2.B Q1 BC547C Q2 BC547C C5 GND GND Amplifier Stage Generator Core c 2015 Benedikt Stockebrand Copyright GND GND GND 30/49 1 JP6 2 27K BAT85 TP3 T1.B 1k C7 TP5 RAW_OUT TP6 100uF R8 + 470 C6 1 JP4 2 1k TP2 R6 + C4 100uF TP7 VCC_AMP_STABLE +HIGH_V_STABLE 100nF L2 1 JP3 2 JP5 My Very First Real PCB c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 31/49 Analog Output I c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 32/49 Analog Output II c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 33/49 Analog Output III c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 34/49 Analog Output IV c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 35/49 Amplified Output I c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 36/49 Amplified Output II c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 37/49 Amplified Output III c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 38/49 Amplified Output IV c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 39/49 Amplified Output V c 2015 Benedikt Stockebrand Copyright A Random Self-Experiment 40/49 Digitizing Noise A Random Self-Experiment • Trivial approach: XOR n readings • Fast • Constant speed • Not adapting to quality of analog source • Not failsafe c 2015 Benedikt Stockebrand Copyright 41/49 Digitizing Noise A Random Self-Experiment • Trivial approach: XOR n readings • Fast • Constant speed • Not adapting to quality of analog source • Not failsafe • Measure (LSB of) time between rising edges • Slightly slower • Variable speed • Adapts to quality of analog source • Failsafe behaviour • Automatically removing correlation c 2015 Benedikt Stockebrand Copyright 41/49 From Noise to Entropy A Random Self-Experiment • Correlation • Removed via rising edge algorithm • Analog circuit is too simple to store much information, ⇒ No correlation between bits possible c 2015 Benedikt Stockebrand Copyright 42/49 From Noise to Entropy A Random Self-Experiment • Correlation • Removed via rising edge algorithm • Analog circuit is too simple to store much information, ⇒ No correlation between bits possible • (Bitwise) bias • Follow up with a von Neumann extractor: • Read two bits • If the same, discard both • Else return the first • Rinse and repeat as needed c 2015 Benedikt Stockebrand Copyright 42/49 Why the “ARRGH” board? A Random Self-Experiment • It’s the Auditable Real Random Number Generator Hardware • It has nothing to do with a Makefile bug that made me generate four weeks worth of test data using the XOR extraction on a less-than-magic Zener diode. . . c 2015 Benedikt Stockebrand Copyright 43/49 c 2015 Benedikt Stockebrand Copyright Part IV Preliminary Finale 44/49 Conclusions Preliminary Finale • ICs suck (especially from FTDI) • THT components suck • SMD/SMT-only components suck • USB sucks even worse c 2015 Benedikt Stockebrand Copyright 45/49 Conclusions Preliminary Finale • ICs suck (especially from FTDI) • THT components suck • SMD/SMT-only components suck • USB sucks even worse • Auditable hardware is difficult • . . . but apparently possible c 2015 Benedikt Stockebrand Copyright 45/49 Conclusions Preliminary Finale • ICs suck (especially from FTDI) • THT components suck • SMD/SMT-only components suck • USB sucks even worse • Auditable hardware is difficult • . . . but apparently possible • Complexity is a problem, not a solution c 2015 Benedikt Stockebrand Copyright 45/49 Conclusions Preliminary Finale • ICs suck (especially from FTDI) • THT components suck • SMD/SMT-only components suck • USB sucks even worse • Auditable hardware is difficult • . . . but apparently possible • Complexity is a problem, not a solution • Randomness looks really simple • . . . until you really take a look c 2015 Benedikt Stockebrand Copyright 45/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools c 2015 Benedikt Stockebrand Copyright 46/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools • Testing for pseudo randomness is much better known • . . . but largely unrelated c 2015 Benedikt Stockebrand Copyright 46/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools • Testing for pseudo randomness is much better known • . . . but largely unrelated • Testing for randomness is “the wrong way ’round” • Best starting point is still Knuth’s ACP Vol. 2 c 2015 Benedikt Stockebrand Copyright 46/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools • Testing for pseudo randomness is much better known • . . . but largely unrelated • Testing for randomness is “the wrong way ’round” • Best starting point is still Knuth’s ACP Vol. 2 • The NIST screwed this up again. Big time. c 2015 Benedikt Stockebrand Copyright 46/49 Outlook: Testing Preliminary Finale • There are no proper test methods • . . . let alone ready-to-use tools • Testing for pseudo randomness is much better known • . . . but largely unrelated • Testing for randomness is “the wrong way ’round” • Best starting point is still Knuth’s ACP Vol. 2 • The NIST screwed this up again. Big time. • But this is enough for another year of research. . . • . . . and hopefully another talk c 2015 Benedikt Stockebrand Copyright 46/49 c 2015 Benedikt Stockebrand Copyright Part V Appendix 47/49 Resources Appendix The Limits of Cryptography EasterHegg 2014, Stuttgart http://www.youtube.com/watch?v=7bTaKSZQKhc BIVBlog: Benedikt’s IT Video Blog http://www.stepladder-it.com/bivblog/ Video Blog on IT in general and crypto hardware (and IPv6) in particular The Cryptech project https://cryptech.is/ c 2015 Benedikt Stockebrand Copyright 48/49 Appendix Contact Information c 2015 Benedikt Stockebrand Copyright Stepladder IT Training+Consulting GmbH Benedikt Stockebrand Fichardstr. 38 D-60322 Frankfurt/Main [email protected] Webseiten: http://www.stepladder-it.com/ http://www.benedikt-stockebrand.de/ Video Blog: http://www.stepladder-it.com/bivblog/ 49/49