Security Research News in Brief – May 2017 Edition

Welcome back to our monthly review of some of the most interesting security research publications. This month, let's do a bit of crypto…

Past editions:

• April 2017
• March 2017

P. Carru, Attack TrustZone with Rowhammer

Rowhammer is an attack on DRAM, which consists in repeatedly accessing given rows of the DRAM to cause random bit flips in adjacent rows.

Until now, the attack hadn't been demonstrated on ARM's TrustZone: but that's what the author implemented. He demonstrated that, using Rowhammer, it is possible to leak a private RSA key stored in TrustZone's secure side.

His attack is implemented as follows:

• On the TrustZone non-secure side lies a Linux OS.
• On TrustZone's secure side, there is Trusty. Trusty is an open source secure kernel implemented by Google.
• Generate the RSA key on the secure side, sign a message, and retrieve a valid signature.
• Perform Rowhammer to cause a fault in one of the pre-computed integers used in an RSA implementation based on CRT (Chinese Remainder Theorem).
• Sign the same message again, and retrieve an invalid signature (as one pre-computed integer has been faulted).
• Using the valid and the invalid signature of the same message, recover a factor of the modulus. (This flaw is explained very well in a paper by D. Boneh, et al. which dates back to 1997). From there, the attacker is able to compute the private key.

This illustration is taken from P. Carru's presentation.

See also: D. Gruss, et al., Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript, 2015. In this paper, the authors show how a low level attack such as Rowhammer can be executed from a high level software implementation in JavaScript.

The slides show an interesting implementation of Rowhammer over TrustZone, and demonstrate that it can break an RSA key in practice. There are, however, conditions to this, which need to be highlighted: (a) the attack will only work over RSA implementations that are based on CRT (true, those are frequent, but nevertheless, not in every case), and (b) the attack only works correctly if the fault occurs on one of the pre-computed integers. If the attack occurs on two of the pre-computed integers, or elsewhere (e.g. modulus), it won't work.

D. J. Bernstein, et al, Post Quantum RSA

This paper proposes RSA parameters and a prime generation algorithm so that an attack, even if implemented on a theoretical quantum computer, would be of quadratic cost compared to its usage.

The settings consist in a 1-terabyte key, which is huge. However, the authors managed to demonstrate that generating such a key was feasible: they generated one on a (big) computer with terabytes of RAM and swap. They also managed to compute RSA encryption / decryption; however, with slightly smaller keys (256GB instead of 1T).

So what? This paper looks far ahead of our time. It does not focus on whether quantum computers are feasible or not, but simply assumes they will be. What’s interesting is that the authors debunk the claims which say quantum computers would kill RSA. And this is interesting.

There’s been a lot of speculation about quantum crypto (personally, I doubt it will ever work out – or not exactly the way we initially thought). The hype that quantum crypto will be capable of anything is, I believe, a misunderstanding of cryptography. Of course, it is true that the implementation described by the authors has a high cost (they do mention it themselves: $1 per encryption / decryption), but we're defending against something that does not even exist yet…

Miscellaneous

• Hack in the Box presentation materials, Amsterdam, 2017

— the Crypto Girl

"If you think research is expensive, try disease!" – Mary Lasker (1900-1994)