Posts Tagged ‘decrypt

Execute-Only Memory (XOM)

The XOM approach, which provides memory protection, is based on a complex key management. The main XOM features are: data ciphering, data hashing, data partitioning, interruption and context switching protection. Figure 1.0 and 1.1 give an overview of the XOM architecture and mechanisms. All the security primitives are included in the trusted zone. The only security information which are not in the trusted zone are the session keys. That is why XOM owns a complex key management to guarantee a secure architecture.

Figure 1.0: XOM architecture for write request

Figure 1.1: XOM architecture for read request

In order to guarantee the data confidentiality and integrity, each memory partitionis associated with a session key which is needed to decrypt its content. Encrypted session keys are stored in main memory and can be decrypted using an asymmetric cipher algorithm (RSA in XOM case). Decrypted session keys are stored in the XOM key table (in the secure zone). The private key required for the asymmetric decryption is stored in the secure zone of the architecture (RSA key in Figures 1.0 & 1.1). The algorithm used for the symmetric deciphering is an AES 256 (256 bits key and 256 bits data input). For write requests, a hash value of the data and its address are concatenated with the data before ciphering with AES. The use of the address in the hash value is there to prevent the relocation attacks. When the core produces a cache miss for a read request, the 256 bits read from the memory need to be decrypted (Figure 1.1). Data integrity is ensured by a hash value relying on a MD5 computation. The hash of the deciphered data and its address are compared with deciphered hash value. If the new computed hash value matches with the deciphered one the data is considered secure and can be used by the processor.

In addition, the data stored in cache memory are associated with an identifier or tag in order to guarantee the data partitioning at a cache level. When a task needs to usea data, the task identifier must be the same as the data, in that case it means the task is allowed to access the data. The tag value are provided by the XOM key table which also manages this part.

All the protections added by this solution have a cost. The first one concerns the XOM implementation in an existing OS. A work is necessary on the OS kernel to add the instructions which help for the hardware security primitives use. All this work is transparent for the kernel user. According to the figures from, a real overhead appears in the cache management (cache miss raises from 10 to 40% depending on the application). This raise is mainly due to the information added into the cache to secure the data. Indeed, by adding some data tagging, some space in the cache memory is lost compared with a non protected solution. Moreover, all the security features are bringing some latency in the system to obtain the data in clear (data de/ciphering, hashing, tag checking). Even if these security primitives are done in hardware, the general architecture performances are slowed down. The decryption needs to be done before the integrity checking. These two operations are not done in parallel, so some more latency is added. Some latency is also added to the software execution because of some software security primitive (secure context switching add some specific instruction for example).

The first proposed version of XOM is known to have security holes like noprotection against replay attacks. In, the authors extended the proposition and replaced the AES-based ciphering scheme with a system based on OTP to guarantee protection against replay attacks and also to increase the performances of the system. Concerning the global security level of the XOM architecture, the attack possibilities are fully dependent on the integrity checking capabilities. To succeed, the attacker mustbe able to pass through the integrity checking in order to execute his own program or use his own data. He may exploit some collisions in the hash algorithm used. For example, with MD5 the signature is 128 bits long. If he wishes to attack the system, he needs to find two inputs which will produce the same result with MD5.

Tags : , , , , , , , , , , , , , ,

Hardware Attacks on Embedded Systems

The main goal of hardware attacks depends on the wish of the attacker. Two main opportunities can be targeted. The first one is trying to get secret information like cipher keys.The second one is to attack the system to turn it out of order (i.e. denial of service attack). Below attacks which aimto catch secrets are presented, then denial of service attacks are detailed. Some attacks are difficult to classify, hardware modification of the main memory is one of them. The goal of this attack is to insert a malicious program. A similar attack targets FPGAs through bit stream alteration.

When the attacker wants to decrypt information, he needs to have the cipher key. A solution to get cipher keys is to listen to side channels. This kind of attack is called side channel attack and is declined in several forms. The most known relies on the power signature of the algorithm. By analyzing the algorithm signature it is possible to infer the round of the algorithm. Moreover, a differential analysis combined with a statistic study of the power signature can lead to an extraction of the cipher key. However it is necessary to make assumptions on the value of the key to obtain a correct result. These two methods are called SAP: Simple Power Analysis and DPA: Differential Power Analysis. Similar solutions also work with electromagnetic emissions (Differential Electromagnetic Analysis). Instead of analyzing the power signature, the electromagnetic signature of the chip is analyzed. A significant remark concerns the cost of such attacks. It is especially cheaper than reverse engineering attack which needs an electronic microscope to study the structure.

Temporal analysis or timing attack is another way to catch cipher keys. Temporal reaction of the system leaks information which enables the extraction of cipher key or password. Like with the DPA, it is necessary to make assumptions concerning the information to be extracted. The knowledge of the algorithm, so the branch instructions in the program can also help to find a secret since a timing model of the algorithm can be established. Indeed, timing hypotheses can be done as the program running on the target is often known. Thus, thanks to statistic studies, information can be extracted. Fault injection is the last way to obtain secrets through side channel. However, like reverse engineering, the need of material is more important than previous attacks. The injectionof a fault into a system through a memory corresponds to a modification of a bit (laser or electromagnetic waves). The knowledge of the implementation of  the algorithm isan important point to determine a secret. In most cases the injection of a fault is done in the last round of an algorithm. The reason is that the mark of the fault is more visiblein the ciphered result.

The goal of the hardware attacks presented above, is to get secret information from the chip. Denial of service attacks are different and aim to put the system out of order. In autonomous embedded systems, power is an essential concern. It is one of the most important constraints on the system. As an example with a cell phone or a PDA, the attacker can perform a large number of requests which aim to activate the battery and to reduce the system lifetime. In wireless communication systems, another attack leads to solicit the transmitter antenna in order to have the same result as previously (lifetime reduction). Increasing the workload of a processor is also anissue to consume more battery. Indeed the workload is related to power consumption, so an assailant may try to force the processor to work harder. As a consequence the lifetime will be affected. Other ways can be used to put a system out of order. Taking the control of the temperature regulation system is a solution. Through the control of the regulation it is possible to increase the temperature and then to activate the overheat security mechanisms.The panel of attacks against a system is important and depends according to several parameters: goal, budget and nature of the system. Hardware attacks represent an important threat against embedded systems but software attacks are also becoming critical.


Tags : , , , , , , , , , , , ,