Schneier on Security

Clive Robinson • September 6, 2024 2:37 PM

Well as has been noted in the past,

“Attacks only get better with time”

And I suspect that some did not realise that “time” is what some “side channel” attacks are all about.

For those who’ve not downloaded the paper, it’s 88pages and quite a read…

So you might want to wait for the “Students Notes” version…

The question that many will have to ponder is,

“Is there any single security system that is secure?”

To which the answer these days appears to be “No” for a multitude of reasons.

Thus the second question that will come to mind is,

“Can layering up security with systems that work on entirely different principles work?”

To which I suspect the answer will be “No” due to two reasons,

Firstly, the fact that the independent system layers will have to in effect “reduce down to a single channel” at some point where vulnerabilities will probably appear due to amongst other things “increasing complexity / attack surface”.

Secondly, the laws of nature. That is “all work” requires an energy differential and has losses.

The second point is important because such losses get modulated / imprinted with “information” that can carry other “sensitive information” with it.

I’ve talked about this off and on since the 1990’s and the issues which came to general view with “Smart Cards” and the various side channel attacks such as “Simple Power Analysis”(SPA) and “Differential Power Analysis”(DPA) that could be used on EM radiation (I also noted that Paul Kocher patenting the general attack methodology that had been known since the 1980’s would have detrimental effects on security…).

Any way I shall read more into the “attack methodology” and mull over what further risks it will “bring to the game” as such things never work in isolation.

Clive Robinson • September 6, 2024 6:12 PM

When it comes to EM signals used in Power Analysis, one of the suggestions almost always made is,

“Make the ‘Signal to noise ratio’ worse by ‘randomly adding noise’.”

Whilst in theory it appears like a good idea, in practice for various reasons it’s nowhere near as effective as it is thought to be.

Part of that is the ‘Async vs Sync’ issue. It is assumed that the observer is using time based synchronisation to align waveforms to average the noise out. So if you make your signal asynchronous to time the attacker can not average out the noise by averaging up the signal.

In practice all the attacker needs is some form of synchronising signal to re-aline time so they can average up the signal.

There are a number of ways to do this “Fourier Transforms”(FTs), that in effect are a frequency based “matched filter” similar to those used to synchronize “Spread Spectrum”(SS) “Low Probability of Intercept”(LPI) systems. A variation on FTs using sequency rather than frequency known as “Walsh Transforms”(WT) and more recently the use of “Wavelets”.

There is a paper (PDF) that is reasonably readable,

https://web.archive.org/web/20160304061330/http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-3/physec/papers/physecpaper14.pdf

That explains using both Wavelets and ‘Simulated Annealing” to pull the signal out of the noise way more effectively.

However things have moved on and “Matched Filters” of all forms can be folded into Machine Learning thus different types of filters can effectively be used not additively but multiplically getting ever more powerful “distinguishers” to synchronise with.

Put simply adding random noise can be difficult and gain you very little.

On another note, in the attack they carried out they used a single H-Field “Pico-Probe” which is in effect a very tiny coil of hair thin or less wire that has been wound on a submillimeter former.

As I’ve mentioned before these were being used not just for passive attacks in the 1990’s but also active or “Fault Injection” attacks.

Since then the world has moved on and we now routinely use “phased array antennas” in various forms that have become part of “Multiple Input, Multiple Output”(MIMO) technology,

https://en.m.wikipedia.org/wiki/MIMO

The simplest forms of antenna arrays are like “Very Long Baseline”(VLB) radio telescopes giving fine resolution.

The “signal source” radiates isotropically as do noise sources, but from different locations. If you arrange the antennas to be physically or phased spherically around the signal source you average up the signal, as they antennas are not spherical around a noise source they tend to average the noise down/out. Thus the use of several pico-probes that are phase adjusted can allow the pickup of the EM signal without having to de-case the “Device Under Test”(DUT).

Also as I’ve mentioned before you can “inject a carrier” at low level that gets modulated by the signals you are looking for –see crosstalk– as they pass through the device. So no need to de-case the DUT. all you do on the other side is “direct convert” the carrier and modulated carrier to get the baseband signal by quadrature demodulation,

https://wirelesspi.com/direct-conversion-zero-if-receiver/

(Though other issues arise so not entirely a free-lunch solution).

Back in the 1980s and into the 1990’s I was doing personal research into this and successfully attacked both “Electronic wallets” and “Pocket Gambling Machines”. Thereby making myself quite unpopular with various people who thought they were onto a really neat way to make money (NatWest Bank – Mondex later EVM being but one, several Smart Card companies being others, and as for the HongKong gamblers…).

Clive Robinson • September 7, 2024 5:41 AM

@ Az,

Re : Attack Classes and Instants.

“This looks to me like a rather big deal. It doesn’t just undermine trust in Infineon, but IMO also in the certification evaluation process.”

There is a saying attributed to several people of,

“There are known knowns, unknown knowns, and unknown unknowns.”

With regards threats, attacks, and what someone once called “Black Swans”[1] and similar[2].

That is all vulnerabilities and any attacks using them fall into “instances” of attack in “classes” of attack/vulnerability only some of which are known at any time. And as a general rule you should try to protect against classes not instances.

It’s also said,

“You can only test what you are looking for.”

So logically,

“If you don’t know where or what to look for, then you won’t find it, but it might find you to your detriment.”

Such is the nature of apex predators and the like[2].

The “publicly known” history of this sort of side channels goes back to at least the 1980’s and was well known in the 1990’s with “Smart Card” issues. And much further back to “The Great War” when it was found that barbed wire in-between trenches could pick up the “ground currents” of field telephones using “Phantom Circuits”. But even earlier attempts to make long distance communications had been beset with “cross talk” and it was in part why early underwater cables became unusable at more than a few miles even using dangerously high voltages.

So arguably this was an instance of a well known class of attack going back well over a half century.

But just like the same problem that beset AES before it was “The Chosen Algorithm” it was known to be a practical issue, but broadly considered “improbable” to many, so was not tested for.

But there is another issue, testing takes time and thus it is both expensive and impossible to do completely. Thus any testing for certification is either highly specific to just one thing or necessarily incomplete.

One thing that used to be done is “known parts”. If something is “tested and passed” then it can in general be struck off the list to be tested in new products using it in approved ways. You can see this with “Self Certification” based on “Constructor Files” used in some approvals processes.

But if you read the document you will find that it took the researchers two years to go from an idea to showing it was exploitable. It also cost quite a lot in very high end test equipment.

However there is the truism of,

“Attacks get better with time.”

And as I’ve indicated in the past there are well known ways amongst engineers to not just improve upon these attacks but using much less expensive equipment. So give it about a year and undergraduates will be doing this as “lab experiments” with laptops and inexpensive USB based test instruments like “Software Defined Radios” and hand crafted front end circuitry that makes “phased array sensors” so that uncasing a “Device Under Test”(DUT) will not be necessary.

[1] Historically “Black Swans” were theoretical and used as what we might call a philosophical argument tool in medieval Europe. Whilst there were apparently wild tales coming back along the “Spice Route” and later by sailors who were not immediately believed (think classed along with other things like mermaids and dragons[2]) Then some were brought back and they went from theoretical to practical.

[2] Mermaids and dragons don’t exist right? Well yes and no… Look up for mermaids the beluga whales, manatees, and even the now probably extinct Chinese Yangtze River dolphin. At even a small distance they can look like people swimming. As for dragons the large lizards found on the Indonesian islands of Komodo, they may not fly or breath fire, but they are certainly deadly at 10ft/3m in length and 14stn/150Kg with bacteria in their mouths that can cause bite wounds to never heal.

Clive Robinson • September 10, 2024 9:00 AM

@ Somebody Anon, ALL,

Re : Moving charges give rise to EM radiation.

Yet another golden oldie reworked by Ben Gurion University…

As I’ve mentioned in the past this is not exactly new…

Back in the 1960’s when clock speeds were down around 1MHz or less computer operators would often have a “Medium-wave Radio” tuned in so they could hear the computer programs running. It was not unknown for smart operators to write programs that would play Xmas tunes for fun.

Later back in the 1980’s electronic engineers were independently researching it for various reasons. This was outside of the “classified” TEMPEST and EmSec stuff carious SigInt agencies were upto and a few decades before “the ICTsec industry” existed, or academics did open research.

I took it quite a few steps further forward, using EM carriers to not only get “cross modulated” with information that they carried around 10x further, but also modulated the carrier at higher power such that it would cause “faults” in the computer.

Back in the 1990’s I spoke to Prof Ross Anderson about it with regards some research he was doing with Smart Cards.

Back then they were a real issue with regards leaking information in various ways by EM signals. He was investigating using “self clocking logic” to in effect make things random.

As I pointed out he needed to consider “lose locked oscillators” like the Colour Burst signals in TV’s and the 19kHz pilot tone used in FM Stereo.

I also mentioned the problem with “illuminating” cables from keyboards etc.

Put simply a wire with a high logic level on it has quite a different impedance to when it has a low level level logic on it. If you direct an unmodulated EM carrier at a frequency near a harmonic relationship to the wire length at it, the carrier gets modulated by the logic level for various reasons.

But… the reason Ben Gurion University gets away with “reboiling the cabbage” is that as I frequently note,

“The ICTsec industry appears incapable of learning from lessons well within living memory.”

It’s something we really should address but for some reason do not.

Clive Robinson • September 10, 2024 11:46 PM

@ Somebody Anon,

Re : Another Side Channel Attack.

I forgot to add another “oldie but goldie” that was long ago discussed on this blog, that has very recently just got reboiled,

https://arxiv.org/abs/2409.04930

“In this paper, we present PIXHELL, a new type of [Acoustic] covert channel attack allowing hackers to leak information via noise generated by the pixels on the screen. No audio hardware or loudspeakers is required. Malware in the air-gap and audio-gap computers generates crafted pixel patterns that produce noise in the frequency range of 0 – 22 kHz. The malicious code exploits the sound generated by coils and capacitors to control the frequencies emanating from the screen.”

As has been mentioned long ago on this blog, all “coils” suffer from a form of

https://en.m.wikipedia.org/wiki/Magnetostriction

But even without the usual ferrite, soft iron, etc core, all that is required is a magnetic field for the coils themselves to act like tiny motors or speaker coils as you would expect.

Likewise,

https://en.m.wikipedia.org/wiki/Electrostriction

Basically physical substances are effected by the movement of electrical charge and this is a form of “loss” which occurs when all work is done. Usually such losses are seen by a “heating effect” but mechanical movement also results.

The hard part is working out how to “intentionally” get a sufficient wide band acoustic signal from such mechanical movements capable of carrying useful “information”. However in modern “Switch Mode PSU”(SMPSU) systems to get high efficiency much higher frequencies are used thus various forms of “modulation” can be used.

As a very rough rule of thumb starting point, component Q effects limit the available information bandwidth to 10% or less of the resonator or carrier frequency. This then gets reduced further by coupling effects or “matching” into the environment that acts as a “load” or “transmission channel”. Obviously these effects are reciprocal, effecting both transducers (TX/RX) at either end of the “channel”.

Have a look back on this blog to where I describe why we should stop thinking of the old fashioned notion of “air gaps” and instead talk of the more accurate “energy gaps”. Also look back to “BadBIOS” where I describe with @RobertT how I built a system “over the weekend” using junk-box computer parts from last century to demonstrate it was more than possible. Something that I and other engineers and what we would now xall “Makers” had done back in the 1980’s as a way to network “home computers” and later “hand held organisers” / “Personal Digital Assistants”(PDAs).