Hardware Insecurity Module | TechSNAP 232

Posted on: September 17, 2015

Posted in: Featured, TechSNAP, Video

Comment on This Video

Share This Video

Embed This Video

Hardware Insecurity Module | TechSNAP 232

How Groupon made the switch to FreeBSD & why. Researches extract keys from a hardware module & Intel’s new CPU backed malware protection.

Plus your questions, a great roundup & more!

Thanks to:


DigitalOcean

Ting

iXsystems

Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Foo

— Show Notes: —

Researchers manage to exfiltrate keys from an HSM

  • “The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition.”
  • An HSM (hardware security module) is a dedicated device that is meant to safely store private encryption keys. They usually also provide crypto processing
  • Rather than allowing a user to have access to a secret key, the user instead passes the file, message, certificate or whatever to the HSM, and it then signs or encrypts the payload and returns it to the user
  • The idea is that the user never has access to the keys this way
  • This is how all Certificate Authorities work
  • “HSMs may possess controls that provide tamper evidence such as logging and alerting and tamper resistance such as deleting keys upon tamper detection.”
  • Researchers found a flaw in the SafeNet HSMs
  • “PKCS#11 is a very complex standard with dozens of APIs and wide-range of cryptographic operations, called “mechanisms” for everything from encryption to random number generation. Safenet vulnerability involves the key derivation mechanisms. These are used to create a cryptographic key as a function of another key”
  • “For example BIP-32 for Bitcoin proposes the notion of hierarchical-deterministic wallets where a family of Bitcoin addresses are derived from a single “seed” secret. Designed properly, key-derivation provides such an amplification effect while protecting the primary secret. Even if a derived key is compromised, the damage is limited. One can not work their way back to the seed. But when designed improperly, the derived key has a simple relationship to the original secret and leaks information about it.”
  • “Related-key cryptanalysis is the specific branch specializing in these attacks. It turns out that for Safenet HSMs, we do not need to dig very deep into cryptanalytic results. There are at least two mechanisms that are easy to exploit and work generically against a wide-class of algorithms: extract-key-from-key and XOR-base-and-data.”
  • “Extract-key-from-key is defined in section 6.27.7 of PKCS#11 standard version 2.30. It may as well have been renamed “extract-substring” as the analog of standard operation on strings. This derivation scheme creates a new key by taking a contiguous sequence of bits at desired offset and length from an existing key.”
  • So, with access to the HSM, you can define a new key, as a sub-string of the secret key. In the case of the example here, they used the first 2 bytes of the AES256 key as a new key
  • They then used that key in a SHA256-HMAC to encrypt a chosen plaintext
  • They were then able to take that plaintext, and brute force the key offline (knowing that it was only 2 bytes)
  • Repeat this 16 times, for all 32 bytes, and you have now recovered the entire AES256 key
  • “Surprisingly this works not only against symmetric keys such as AES or generic HMAC secrets but also against elliptic-curve private keys (RSA, plain DSA and Diffie-Hellman were not affected.) This is an implementation quirk: these mechanisms are typically intended for symmetric-keys only. For elliptic-curve keys, the byte array being truncated is the secret scalar part of the key. For example the “secret” component for a Bitcoin ECDSA key is a discrete logarithm in secp256k1. Internally that discrete logarithms is just stored as 32-byte scalar value, and extract-key-from-key can be used to successively reveal chunks of that scalar value.”
  • “XOR-base-and-data suffers from a very similar problem. This operation derives a new key by XORing user-chosen data with original secret key. While there are cryptographic attacks exploiting that against specific algorithms such as 3DES, a design choice made by Safenet leads to simpler key recovery attack that works identically against any algorithm: when the size of data is less than size of the key, result is truncated to data size. XORing 256-bit AES key with one-byte data results in one-byte output. That provides another avenue for recovering a key incrementally: we derive new HMAC key by XORing with successively longer sequences of zero bytes, with only the last segment of new key left to brute-force at each step.”
  • “Regardless of the authentication mode, the client must have a logged in session with HSM to use existing keys. It is enough then for an attacker to compromise the client machine in order to extract keys. That may sound like a high barrier or even tautological- “if your machine is compromised, then your keys are also compromised.” But protecting against that outcome is precisely the reason for using cryptographic hardware in the first place. We offload key management to special-purpose, tamper-resistant HSMs because we do not trust our off-the-shelf PC to sufficiently resist attacks. The assumption is that even if the plain PC were compromised, attackers only have a limited window for using HSM keys and only as long as they retain persistence on the box, where they risk detection. They can not exfiltrate keys to continue using them after their access has been cut off. That property both limits damage and gives defenders time to detect/respond. A key extraction vulnerability such as this breaks that model. With a vulnerable HSM, temporary control over client (or HSM credentials, for that matter) allows permanent access to key outside the HSM.”
  • “The vulnerability applies to all symmetric keys, along with elliptic curve private-keys. There is one additional criteria required for exploitation: the key we are trying to extract must permit key-derivation operations. PKCS#11 defines a set of boolean attributes associated with stored objects that describe usage restrictions. In particular CKA_DERIVE determines whether a key can be used for derivation. A meta-attribute CKA_MODIFIABLE determines whether other attributes (but not all of them) can be modified. Accordingly an object that has CKA_DERIVE true or CKA_MODIFIABLE true— which allows arbitrarily changing the former attribute— is vulnerable.”
  • “Latest firmware update from Safenet addresses the vulnerability by removing weak key-derivation schemes. This is the more cautious approach. It is preferable to incremental tweaks such as attempting to set a minimum key-length, which would not be effective.”
  • Very interesting research, there is much more detail in the blog post

Operations at Group On, dealing with bit rot

  • In this free sample article from the latest edition of the “FreeBSD Journal”, Sean Chittenden of GroupOn tells the story of how the company dealt with switching from Linux to FreeBSD to have ZFS protect their important databases backed by SSDs
  • It turns out, if your organization is already supporting more than one flavour of Linux, supporting FreeBSD is not any more work
  • FreeBSD brought a lot of new things to the table, not just ZFS, but DTrace, easy custom kernels, fast custom package sets with poudriere, but also, never having to fsck again.
  • “now it’s one of the bigger items that no one missed or even talks about anymore. Imagine running a fsck(1) on a near line backup server with 288TB of storage.”
  • “One of the challenges of organizational change: personal anxiety from either learning something new, or trusting something new in production”
  • GroupOn used a number of 30 minute video call sessions to ease their database team into FreeBSD, with short demonstrations and open Q&A sessions
  • They filled in the missing bits by hiring external trainers to come in and give a one week crash course on FreeBSD to the entire operations team
  • In the end, the article is a good guide to adopting any technical change at a moderately sized organization, and talks about both the technical and personal challenges of such a change
  • Video from BayLISA on same topic

CheckPoint unveils new CPU-level malware protection called SandBlast

  • “The new software monitors CPU activity looking for anomalies that indicate that attackers are using sophisticated methods that would go unnoticed with traditional sandboxing technology”
  • “Traditional sandboxes, including Check Point’s, determine whether files are legitimate by opening them in a virtual environment to see what they do. To get past the sandboxes attackers have devised evasion techniques, such as delaying execution until the sandbox has given up or lying dormant until the machine it’s trying to infect reboots”
  • “SandBlast thwarts the evasion technique called Return Oriented Programming (ROP), which enables running malicious executable code on top of data files despite protection offered by Data Execution Prevention (DEP), a widespread operating system feature whose function is to block executable code from being added to data files.”
  • “ROP does this by grabbing legitimate pieces of code called gadgets and running them to force the file to create new memory page where malicious shell code can be uploaded to gain execution privileges. This process has the CPU responding to calls that return to addresses different from where they started.”
  • “SandBlast has a CPU-level detection engine that picks up on this anomaly and blocks the activity. The engine is available either on an appliance in customers’ data centers or as a cloud service running out of Check Point’s cloud. The engine relies on features of Intel’s Haswell CPU architecture”
  • It is interesting to see this new processor feature being used to detect attacks, but I wonder if it can also be used the other way around, to monitor a system for regular activity
  • “Check Point is also introducing a feature called Threat Extraction which makes it safe to open documents quickly before they can be run through the sandbox. It converts Word documents do PDF files, which neutralizes malware they may contain. It can convert PDF files to PDF files as well to reach the same end.”
  • A way to ‘cleanse’ common over-featured file formats of unwanted features like macros, embedded javascript, etc seems like a very useful way to combat malicious files

Feedback

Round Up:

Question? Comments? Contact us here!