S´ ecurit´ e des cartes ` a puce:
advertisement
Introduction
Background
Towards a high level model of attacks
Using the model
Sécurité des cartes à puce:
des attaques physiques aux protections logicielles
P. Berthomé, K. Heydemann,
X. Kauffmann-Tourkestansky, J.-F. Lalande
Journée Risques - 5 juin 2012
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Introduction
Context:
Smart card are subject to physical attacks
Security is of main importance for the card industry
Adding security countermeasures
is not so obvious. . .
is an expensive and time consuming process
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Introduction - physical attacks
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Introduction - physical attacks
See this - Do this
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Introduction - attacks
Two types of attacks to consider:
Side channel attacks
Fault injection attacks
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Authentication for smart card
Buffers
Terminal
Vcc
1 2 3
CLK
4 5 6
IO
B
U
F
1
CPU BUS
7 8 9
B
U
F
2
RAM
ROM
EPROM
Circuit
Memories
SMART CARD Internals
- Information Flow Smart Card Internals
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Authentication for smart card
Buffers
1234
Vcc
1 2 3
CLK
4 5 6
IO
B
U
F
1
CPU BUS
7 8 9
B
U
F
2
RAM
ROM
EPROM
0000
Circuit
Memories
SMART CARD Internals
- Information Flow Terminal
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Authentication for smart card
Buffers
1234
1234
Vcc
1 2 3
CLK
4 5 6
IO
B
U
F
1
CPU BUS
7 8 9
B
U
F
2
RAM
ROM
EPROM
Circuit
Memories
SMART CARD Internals
- Information Flow Sent to card’s circuit
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Authentication for smart card
Buffers
1234
Terminal
Vcc
1 2 3
CLK
4 5 6
IO
1
2
3
4
CPU BUS
7 8 9
B
U
F
2
RAM
ROM
EPROM
Circuit
Memories
SMART CARD Internals
- Information Flow ROM code tells CPU to load value in a RAM buffer
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Authentication for smart card
Buffers
Terminal
Vcc
1 2 3
CLK
4 5 6
IO
1
R
2
E
3
G
1
4
CPU BUS
7 8 9
0
0
0
0
RAM
ROM
EPROM
0000
Circuit
Memories
SMART CARD Internals
- Information Flow ROM code tells CPU to load key in a RAM buffer
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Authentication for smart card
Buffers
Terminal
Vcc
1 2 3
CLK
4 5 6
IO
1
2
3
4
CPU BUS
7 8 9
0
0
0
0
RAM
ROM
EPROM
Circuit
Memories
SMART CARD Internals
- Information Flow ROM function compares buffers
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Example of attacks
Let us consider such an authentication code:
uint user tries = 0; // initialization of the number of tries for this session
uint max tries = 3; // max number of tries
while (...) /∗ card life cycle: ∗/
{
incr tries(user tries);
res = get pin from terminal(); // receives 1234
pin = read secret pin(); // read real pin: 0000
if (compare(res, pin))
{ dec tries(user tries); }
if (user tries < max tries)
{ everything is fine(); }
else
{ killcard(); }
}
Simplified authentication code with pin check
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Example of attacks
Let us consider such an authentication code:
uint user tries = 0; // initialization of the number of tries for this session
uint max tries = 3; // max number of tries
while (...) /∗ card life cycle: ∗/
{
incr tries(user tries); → NOP ... NOP
res = get pin from terminal(); // receives 1234
pin = read secret pin(); // read real pin: 0000
if (compare(res, pin))
{ dec tries(user tries); }
if (user tries < max tries) // always true
{ everything is fine(); }
else
{ killcard(); }
}
Simplified authentication code with pin check
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Example of attacks
Let us consider such an authentication code:
uint user tries = 0; // initialization of the number of tries for this session
uint max tries = 3; // max number of tries
while (...) /∗ card life cycle: ∗/
{
incr tries(user tries);
res = get pin from terminal(); // receives 1234
pin = read secret pin(); // read real pin: 0000
if (compare(res, pin))
{ dec tries(user tries); }
if (user tries < max tries)
{ everything is fine(); }
else
{ killcard(); } → NOP ... NOP
}
Simplified authentication code with pin check
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Example of attacks
Let us consider such an authentication code:
uint user tries = 0; // initialization of the number of tries for this session
uint max tries = 3; // max number of tries
while (...) /∗ card life cycle: ∗/
{
incr tries(user tries);
res = get pin from terminal(); // receives 1234
pin = read secret pin(); // read real pin: 0000 pin ← ”1234”
if (compare(res, pin)) // always true
{ dec tries(user tries); }
if (user tries < max tries)
{ everything is fine(); }
else
{ killcard(); }
}
Simplified authentication code with pin check
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Attack vectors
Buffers
Terminal
Vcc
1 2 3
CLK
4 5 6
IO
B
U
F
1
CPU BUS
7 8 9
B
U
F
2
RAM
ROM
EPROM
Circuit
Memories
SMART CARD Internals
Example: attack on card bus!
What about security?
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Security problems
Several questions appear:
How to explain low level attacks at source code level?
How to identifiy harmfull attacks?
How to implement countermeasures?
How to evalute the efficiency of countermeasures?
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Physical attacks
Authentication for smart card
Security problems
Several questions appear:
How to explain low level attacks at source code level?
How to identifiy harmfull attacks?
How to implement countermeasures?
How to evalute the efficiency of countermeasures?
Two goals
Create a high level model of attacks (developer level)
Provide a security test methodology
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Outline
1
Introduction
2
Background
Smart Card Development Process
Attack hypothesis
3
Towards a high level model of attacks
4
Using the model
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
Software
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
Hardware
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
SOFTWARE
TEST
CARD READY
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
SOFTWARE
TEST
CARD READY
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
SOFTWARE
TEST
CARD READY
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
SOFTWARE
TEST
CARD READY
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
SOFTWARE
TEST
CARD READY
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
SOFTWARE
TEST
CARD READY
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
SOFTWARE
TEST
CARD READY
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
SOFTWARE
TEST
CARD READY
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
SOFTWARE
TEST
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
SOFTWARE
DEVELOPMENT
EMBED SOFTWARE
ON CHIP
HARDWARE
SECURITY
TEST
SOFTWARE
TEST
CARD READY
Objectives:
Simulate hardware attacks at software level
Move some security hardware tests to software level
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
EMBED SOFTWARE
ON CHIP
SOFTWARE
DEVELOPMENT
SOFTWARE
TEST
HARDWARE
SECURITY
TEST
CARD READY
Objectives:
Simulate hardware attacks at software level
Move some security hardware tests to software level
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Smart Card Development Process
SOFTWARE
SPECIFICATIONS
EMBED SOFTWARE
ON CHIP
SOFTWARE
DEVELOPMENT
SOFTWARE
TEST
HARDWARE
SECURITY
TEST
CARD READY
Objectives:
Simulate hardware attacks at software level
Move some security hardware tests to software level
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Attack hypothesis
Attacks on smart cards in Common Criteria [1]:
modifying a value read from memory;
changing the quality of random numbers generated;
modifying the program flow.
Attack model in the literature [2]:
precise bit error;
precise byte error;
unknown byte error;
unknown error.
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Attack hypothesis
One or several consecutive bytes are overwritten:
bytes encode operations that are opcodes or operands
for example, one opcode and its operands may be deleted:
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Smart Card Development Process
Attack hypothesis
Hypothesis and difficulties
Hypothesis:
One attack during one execution
One attack on one or several consecutive bytes
Difficulties:
What happens when an opcode is deleted?
What happens when an operand is deleted?
What happens when an opcode is replaced?
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Outline
1
2
3
4
Introduction
Physical attacks
Authentication for smart card
Background
Smart Card Development Process
Attack hypothesis
Towards a high level model of attacks
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example of high level model of a low level consequence
compilation
+ deployment
C code
execution
Assembly
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Smart card
Chip
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example of high level model of a low level consequence
compilation
+ deployment
C code
execution
Assembly
Smart card
Chip
Attack
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example of high level model of a low level consequence
compilation
+ deployment
C code
execution
Assembly
Attack model
Smart card
Chip
Attack impact
Attack
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example of high level model of a low level consequence
compilation
+ deployment
execution
Assembly
Attack model
Berthomé - Heydemann - Kauffman - Lalande
Smart card
Chip
Attack impact
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example of high level model of a low level consequence
compilation
+ deployment
execution
Smart card
Chip
Attack model
Berthomé - Heydemann - Kauffman - Lalande
Attack impact
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example of high level model of a low level consequence
compilation
+ deployment
execution
Smart card
Chip
Attack model
Berthomé - Heydemann - Kauffman - Lalande
Attack impact
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example of high level model of a low level consequence
compilation
+ deployment
execution
Smart card
Chip
Attack model
Berthomé - Heydemann - Kauffman - Lalande
Attack impact
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Flow shifting for opcode replacement
Opcode X becomes opcode Y
X arg1 arg2 ; → Y arg1 ; arg2
arg2 is viewed as an opcode and the instruction flow is shifted
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Flow shifting for opcode replacement
Opcode X becomes opcode Y
X arg1 arg2 ; → Y arg1 ; arg2
arg2 is viewed as an opcode and the instruction flow is shifted
X arg1 arg2 ; → Y ; arg1 arg2
arg1 is viewed as an opcode. Depending on the number of
bytes needed by arg1, arg2 is then either an operand or an
opcode. The instruction flow has also shifted.
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Flow shifting for opcode replacement
Opcode X becomes opcode Y
X arg1 arg2 ; → Y arg1 ; arg2
arg2 is viewed as an opcode and the instruction flow is shifted
X arg1 arg2 ; → Y ; arg1 arg2
arg1 is viewed as an opcode. Depending on the number of
bytes needed by arg1, arg2 is then either an operand or an
opcode. The instruction flow has also shifted.
X arg1 arg2 ; → Y arg1 arg2 ;
the instruction flow has not shifted.
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
But... shifted flows quickly recover
Lemma: A shifted flow recovers to the normal flow in 1/p
operations, with p the probability that a random byte is an opcode
in the original flow.
Using the 8051 assembly code, p = 0.64.
The flow recovers in 1.56 steps...
Are attacks always successful ?
new opcodes may crash the program
the original opcodes may suffer from missing opcodes
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Assembly attack consequences
Let us take the following example:
1
2
3
4
5
6
7
8
c = u + 5;
b = c < 10;
if (b){
res = c + 1;
}
else{
res = 0;
}
mov r2,dpl // load the parameter in r2
mov a,#0x05 // put 5 into a
add a,r2
// compute u + 5 in a
mov c,a
// store c into RAM from a
clr c
// clear the carry
subb a,#0x0A // computes b i. e. c−10
jnc 00102$ // jumps to 102
// if carry is not set
mov a, c
// load c into a
inc a
// a++ i.e c + 1
mov r2,a
// r2 stores a (res = c + 1)
sjmp 00103$ // jump over else
00102$:
mov r2,#0x00 // r2 stores 0 (res = 0)
00103$:
mov dpl,r2
// push r2 on the stack
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example 1: NOP insertion
mov r2,dpl
mov a,#0x05
add a,r2
mov c,a
clr c
subb a,#0x0A → NOP
jnc 00102$
mov a, c
inc a
mov r2,a
sjmp 00103$
00102$:
mov r2,#0x00
00103$:
mov dpl,r2
Berthomé - Heydemann - Kauffman - Lalande
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
1
2
3
4
5
6
7
8
9
c = u + 5;
b = c < 10;
if (b){ → if(false)
res = c + 1;
}
else{
res = 0;
}
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example 1: NOP insertion
mov r2,dpl
mov a,#0x05
add a,r2
mov c,a
clr c
subb a,#0x0A → NOP
jnc 00102$
mov a, c
inc a
mov r2,a
sjmp 00103$
00102$:
mov r2,#0x00
00103$:
mov dpl,r2
Berthomé - Heydemann - Kauffman - Lalande
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
1
2
3
4
5
6
7
8
9
c = u + 5;
b = c < 10; goto label;
if (b){
res = c + 1;
}
else{ label :
res = 0;
}
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example 2: NOP insertion (again !)
mov r2,dpl
mov a,#0x05 → NOP
add a,r2
mov c,a
clr c
subb a,#0x0A
jnc 00102$
mov a, c
inc a
mov r2,a
sjmp 00103$
00102$:
mov r2,#0x00
00103$:
mov dpl,r2
Berthomé - Heydemann - Kauffman - Lalande
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
1
2
3
4
5
6
7
8
9
c = u + 5;→ c = u+?
b = c < 10;
if (b){
res = c + 1;
}
else{
res = 0;
}
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example 2: NOP insertion (again !)
mov r2,dpl
mov a,#0x05 → NOP
add a,r2
mov c,a
clr c
subb a,#0x0A
jnc 00102$
mov a, c
inc a
mov r2,a
sjmp 00103$
00102$:
mov r2,#0x00
00103$:
mov dpl,r2
Berthomé - Heydemann - Kauffman - Lalande
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
1
2
3
4
5
6
7
8
9
c = attack();
b = c < 10;
if (b){
res = c + 1;
}
else{
res = 0;
}
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
Example 3: instruction override
mov r2,dpl
mov a,#0x05
add a,r2
mov c,a
clr c
subb a,#0x0A
jnc 00102$
mov a, c
inc a
mov r2,a
sjmp 00103$
00102$:
mov r2,#0x00
00103$:
mov dpl,r2 → jmp 102
Berthomé - Heydemann - Kauffman - Lalande
1
2
3
1
4
2
5
3
6
4
7
5
8
6
9
7
10
8
11
9
12
10
13
14
15
c = u + 5;
b = c < 10;
if (b){
res = c + 1;
}
else{
label:
res = 0;
}
goto label;
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Studying low level attacks consequences
Flow shifting
Assembly attack analysis
Jump attack model
High level attack model
The examples show that
the variables may be affected
the flow control may be changed
arbitrary jumps may be introduced
The high level attack model proposed is based on:
perturbating variables: a = attack();
introducing inconditional jumps: goto label;
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Outline
1
Introduction
2
Background
3
Towards a high level model of attacks
4
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Principles of experiments
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Principles of experiments
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Principles of experiments
Principles:
Generate high-level attacks: new C source codes
Test exhaustively the resulting programs
How to classify attack effects ?
Good: the execution gives the expected output
Bad: the ouput is wrong or an error occured
Crash: the program crashed
Signal: a signal has been received (SIGSEGV)
Killed: an infinite loop occured
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Good candidates
Candidates:
Pure C programs with measurable input/output
⇒ SPEC 2006 benchmark suite
Jump attacks stay into a function
Bzip2:
107 functions, 8 643 C statements
assembly code: 26 103 instructions
Bzip2
Source code size (lines)
Nb generated attacked codes
Assembly code
26 103
3 531 954
High level C
8 643
117 802
n2 attacks for each bzip2 function of size n
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Coverage
Statistics
Code size
Simu. time
Nb of BADs
Uniq BADs
ASM coverage
ASM
26 103
2d 18h
273 129
2 326
100%
C
8 643
8h
14 050
1245
21%
gdb
8 643
2h
5 417
852
21%
Statistics for simulated attacks on bzip2
Berthomé - Heydemann - Kauffman - Lalande
Coverage of uniq
bads
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
BZ2 compressBlock profile
kill
Destination line number
5561
good
bad
5551
5541
5531
5521
5511
5501
5491
5481
5484
5494
5504
5514
5524
5534
5544
5554
Source line number
Spatial classification of good/bad/kill attacks according to source/dest.
lines, simulated in C against BZ2 compressBlock
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
BZ2 blockSort profile
Destination line number
4156
kill
good
bad
4146
4136
4126
4116
4106
4096
4086
4087
4097
4107
4117
4127
4137
Source line number
Spatial classification of good/bad/kill attacks according to
source/destination lines, simulated in C against BZ2 blockSort
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
4147
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Implementing countermeasures
4085
4086
4087
4088
4140
4141
4142
4143
4144
4145
4146
4147
4148
4149
4150
4151
Original code
/∗∗ Countermeasure ∗∗/
/∗∗ kc(); = {perror(”KILLCARD”);exit(−1);} ∗∗/
int security = 48;
...
security++;
s−>origPtr = −1;
if (security != 49) kc(); security++;
for (i = 0; i < s−>nblock; i++)
{
if (security != 50+2∗i) kc(); security++;
if (ptr[i] == 0) {
s−>origPtr = i;
break;
};
if (security != 51+2∗i) kc(); security++;
}
if (security < 50) kc();
AssertH(s−>origPtr != −1, 1003);
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Implementing countermeasures: before
Destination line number
4156
kill
good
bad
4146
4136
4126
4116
4106
4096
4086
4087
4097
4107
4117
4127
Source line number
BZ2 blockSort: before
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
4137
4147
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Implementing countermeasures: after
Destination line number
4156
kill
good
bad
4146
4136
4126
4116
4106
4096
4086
4087
4097
4107
4117
4127
Source line number
BZ2 blockSort: after
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
4137
4147
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Results for an sensitive function of a smart card
killed
bad
good
error
killcard
not_triggered
Destination line number
270
250
230
210
190
170
150
130
110
90
90
110
130
150
170
190
210
230
250
270
Source line number
Spatial classification for a sensitive function of a smart card code
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Conclusion
Problems
How to model physical attacks at software level?
How to inject jump attacks?
How to classify the impact of attacks?
Contributions
Attack injection platform for C programs
Experimental results on bzip2 and smart card codes
Profiling of attacks
Identification of weak points in functions
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
Introduction
Background
Towards a high level model of attacks
Using the model
Experimental setup
Experimental results
Results on smart card codes
Conclusion
Questions
Common Criteria.
Application of Attack Potential to Smartcards.
Technical Report March, BSI, 2009.
A. A. Sere, J. Iguchi-Cartigny, and J.-L. Lanet.
Automatic detection of fault attack and countermeasures.
In 4th Workshop on Embedded Systems Security, pages 1–7, New York
city, New York state, USA, 2009. ACM Press.
Berthomé - Heydemann - Kauffman - Lalande
Sécurité des cartes à puce
