وبلاگ بلیان

EUCLeak: Side-Channel Attack on the YubiKey 5 Series (Revealing and Breaking Infineon ECDSA Implementation on the Way)

معرفی کتاب «EUCLeak: Side-Channel Attack on the YubiKey 5 Series (Revealing and Breaking Infineon ECDSA Implementation on the Way)» نوشتهٔ Thomas Roche، منتشرشده توسط نشر NinjaLab در سال 2024. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest level of security evalua-tions that exists (Common Criteria) and are often considered inviolable, even in the worst-case attack scenarios. Hence, complex secure systems build their security upon them. FIDO hardware tokens are strong authentication factors to sign in to applications (any web service supporting FIDO); they often embed a secure element and the FIDO protocol uses El-liptic Curve Digital Signature Algorithm (ECDSA for short) as its core cryptographic primitive. YubiKey 5 Series are certainly the most widespread FIDO hardware tokens, their secure ele-ment is an Infineon SLE78. This document shows how – finding a JavaCard open platform (the Feitian A22) based on a similar Infineon SLE78 – we understood the Infineon ECDSA implementation, found a side-channel vulnerability and designed a practical side-channel attack. The attack is then demon-strated on a YubiKey 5Ci. Finally, we show that the vulnerability extends to the more recent Infineon Optiga Trust M and Infineon Optiga TPM security microcontrollers. Our work unearths a side-channel vulnerability in the cryptographic library of Infineon Tech-nologies, one of the biggest secure element manufacturers. This vulnerability – that went unno-ticed for 14 years and about 80 highest-level Common Criteria certification evaluations – is due to a non constant-time modular inversion. The attack requires physical access to the secure element (few local electromagnetic side-channel acquisitions, i.e. few minutes, are enough) in order to extract the ECDSA secret key. In the case of the FIDO protocol, this allows to create a clone of the FIDO device. All YubiKey 5 Series (with firmware version below 5.7) are impacted by the attack and in fact all Infineon security microcontrollers (including TPMs) that run the In-fineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack. These security microcontrollers are present in a vast variety of secure systems – often relying on ECDSA – like electronic passports and crypto-currency hardware wallets but also smart cars or homes. However, we did not check (yet) that the EUCLEAK attack applies to any of these products. Cautionary Note: Authentication tokens (like FIDO hardware devices) primary goal is to fight the scourge of phishing attacks. The EUCLEAK attack requires physical access to the device, expensive equipment, custom software and technical skills. Thus, as far as the work presented here goes, it is still safer to use your YubiKey or other impacted products as FIDO hardware authentication token to sign in to applications rather than not using one. Introduction Context FIDO Hardware Tokens Infineon SLE78 Feitian A22 JavaCard Elliptic Curve Digital Signature Algorithm ECDSA Signature Scheme ECDSA Signature Verification Scheme Side-Channel Setup and First Observations Side-Channel Setup YubiKey 5Ci Feitian A22 JavaCard Focus on the Nonce Modular Inversion Reverse-Engineering of the Modular Inversion ECDSA Signature Traces Acquisition Campaign Side-Channel Analysis First Hypothesis: Extended Euclidean Algorithm ECDSA Signature Verification Traces Acquisition Campaign Side-Channel Analysis A Timing Leakage Reverse-Engineering of the Modular Inversion Countermeasure Hypothesis Brute-force Experiments Conclusions Input-Recovery Attack on the Extended Euclidean Algorithm First Observations Building a Generic Attack Algorithm Simulation Experiments Conclusions Full Reverse-Engineering of Infineon EEA More Timing Leakages A Deep Dive into Euclidean Division Algorithms First Steps Failed Attempts Perseverance is the Key Infineon Euclidean Division Algorithm Summary of the Timing Leakages Key-Recovery Attack on ECDSA Input-Recovery Attack on the EEA Simulation Experiments From Blinded Nonce to ECDSA Long Term Private Key Application to Feitian A22 JavaCard Leakage Extraction Attack Results Application to YubiKey 5Ci Side-Channel Acquisitions Leakage Extraction Attack Results Conclusions Beyond SLE78 Infineon Security Microcontrollers Infineon Optiga Trust M Side-Channel Acquisitions Leakage Observation Infineon Optiga TPM Side-Channel Acquisitions Conclusions Impact on Infineon Security Microcontrollers Confirmed Vulnerable End-User Products YubiKey 5 Series Feitian A22 JavaCard Infineon TPMs Potentially Vulnerable Products Attack Mitigations Hardening the Infineon Cryptographic Library High-Level Mitigations Avenues of Research Project Timeline Acknowledgements YubiKey 5C Case Opening Infineon Security Microcontrollers
دانلود کتاب EUCLeak: Side-Channel Attack on the YubiKey 5 Series (Revealing and Breaking Infineon ECDSA Implementation on the Way)