keys 2
TRANSCRIPT
-
8/6/2019 Keys 2
1/9
1
Playing h ide an d seek with stored keys
Adi Shamir* and Nicko van Someren
September 22, 1998
Abstract
In t his pa per we consider t he pr oblem of efficient ly locat ing
cryptographic keys hidden in gigabytes of data, such as the
complete file system of a typical P C. We descr ibe efficient al-
gebraic attacks which can locate secret RSA keys in long bitstrings, and more general statistical attacks which can find
arbitrary cryptographic keys embedded in large programs.
These techn iques can be used to apply luncht ime at ta cks on
signature keys used by financial institutes, or to defeat au-
th ent icode type mechanism s in softwa re pa cka ges.
Keywords: Cryptanalysis, lun chtim e attacks, R S A, au then-
ticode, key hid ing.
1 Introduction
In th is paper we consider th e pr oblem of efficiently locat ing cryptograph ic
keys in large amoun ts of dat a. As a m otivat ing exam ple, consider a financia l
institut e which uses the man ager s PC t o digita lly sign wire tr an sfers. In our
lunchtime at ta ck scenario, the at ta cker (who can be a secretar y, techn ician,
cust omer , etc.) can snea k in to th e man ager s office for a few minut es while
he or she is away for lun ch. We as sum e th at th e PC is off line, an d can not be
directly us ed to sign u na ut horized wire tr an sfers. The goal of th e at ta cker is
to quickly scan th e gigabytes of dat a on t he h ar d disk in order to find th e se-
cret signat ur e key. This key ma y be kept as a separ at e data file on t he P C(due t o overconfidence), or perm an ent ly embedded in t he crypt ograph ic ap-
plication itself (due to poor design). Even worse, the key may be stored on
th e PC u nint ent iona lly an d without th e kn owledge of its securit y conscious
*. Applied Math Dept., The Weizmann Institute of Science, Rehovot 76100, Israel.
Email: [email protected] .
. nCipher Corporation Limited, Cambridge, England.
Email: [email protected] .
-
8/6/2019 Keys 2
2/9
2
user. For example, the key may appear in a Windows swap file which con-
ta ins th e inter mediate st at e of a previous signing session, or it m ay a ppear
in a backup file created automatically by the operating system at fixed in-
tervals, or it m ay a ppear on th e disk in a dam aged sector which is not con-
sidered par t of th e file system. We assu me th at th e at ta cker can u se a dis-
kett e to bring in a short pr ogram an d to bring out th e discovered key, but he
does not have enough storage to copy the whole contents of the hard disk,
an d does not ha ve enough t ime to try each subsequence of bits from th e ha rd
disk as a possible signa tu re genera tion key.
Another example in which an a tt acker m ay wish t o locat e crypt ographic
keys in lar ge files is in "au th ent icode" type a pplicat ions. In ma ny system s a
softwa re producer wishes to exercise some cont rol over wh at code is r un on
a u sers compu ter . There a re m an y reas ons for wa nt ing to do th is. A vendor
might wan t t o ensur e th at files ha ve not been corr upt ed when being used in
a m ission critical system or th at vendor might wan t t o limit t hird pa rt y add-ons to ones it has authorised. If the application is a security sensitive one
th en it m ight be necessary to ensure t ha t n one of th e secur ity feat ur es ha ve
been subverted. If the application allows cryptographic extensions to be
added, a govern men t m ight insist tha t a ny extensions a re a ut horised before
th ey can be used. Clearly th ere a re a nu mber of reasons, both good an d bad,
for want ing code au th ent ica tion.
As well as reasons for authenticating code there are also reasons, both
good and bad, for wanting to bypass the authentication. A third party
software producer might want to try to break the monopoly of the originalauthor by providing add-ons that have not been authorised, or they may
want to develop cryptographic extensions for use when they might not
otherwise be available. A hacker might maliciously want to subvert the
secur ity of a secur e system or da ma ge the code in a safety critical system.
2 Finding Secret RSA Keys
In t his section we assum e tha t t he at ta cker kn ows the pu blic key n and e of
an RSA[2] scheme used by his victim, and has temporary access to a longstring ofu bits (representing the full contents of the hard disk) which is
known t o cont ain t he corr esponding secret key d as a cont iguous substr ing
ofv bits. A typical value ofu can be 1010 , while a typical va lue ofv can be 103.
The simplest solution to the problem (which is applicable to any
cryptosystem) is to obtain a cleartext/ciphertext pair, and then to scan the
long bit str ing an d perform tr ial decrypt ion with each subsequence of length
v as a possible key. Rar e false ala rm s can be discarded by tr ying additiona l
-
8/6/2019 Keys 2
3/9
3
pairs. Ciphertext only attacks are also possible, but typically require more
decryptions with each candidate key to identify the expected cleartext
sta tist ics. In public key cryptosystem s, it su ffices t o know the victim s pu blic
key, since the attacker can generate by himself the required cleartext/
ciphertext pa irs.
The ma in problem in applying th is techn ique to th e RSA schem e is th at
each modular exponentiation is very expensive, and its time complexity
grows cubically with the size v of the modulus. If we have to try about u
possible substrings as candidate values for the decryption exponent d, we
get a total complexity ofO(uv3), which is polynomial but impractical (about
1019 for t he typical par am eter s men tioned above).
A faster algorithm is based on the observation that consecutive
can didat es for dha ve a hu ge overlap. When we move a window of size v over
a st rin g of size u , th e cont en ts of two cons ecutive windows can differ on ly in
their first and last bits, and in the fact that their other bits are shifted byone bit position. When the contents of the two windows are interpreted as
bina ry integers d and d", we can rela te t hem via:
d" = 2d + c1 - c2 2v
where c1 and c2 ar e either 0 or 1. Given a value of th e form md(mod n ),
we can compute the value of m d"(m od n) by performing one modular
squaring, and 0, 1, or 2 additional modular multiplications with
precompu ted n um bers. Since the complexity of each m odula r m ult iplicat ion
is O(v2
), the total complexity drops from O(uv3
) to O(uv2
), or about 1016
inour typical scena r io.
Our next observation is that when the public exponent e is small, this
resu lt can be grea tly impr oved. Sma ll e such a s 3 and 216+1 ar e very common
in software implementations of RSA, since they make the encryption and
signature verification operations 2-3 orders of magnitude faster than full
size exponen ts.
Consider the case of e=3. The secret exponent d is known to satisfy
3d=1(m od(n )), where (n )=(p-1)(q-1)=n -(p+q-1). We can th us conclude th a t
3d=1+cn-c(p+q-1) wher e c is either 1 or 2. The value of (p+q-1) is u nknown,
but it contains only half as many bits as n . We can thus perform
approximate division by 3, and get for each one of the two choices of c a
can didat e value for t he t op ha lf ofd. For t he t ypical par am eters, th is implies
that we can easily compute two candidate values for the top 500 bits ofd.
Such a large nu mber of ra ndom bits m akes it extr emely un likely th at we will
encounter false alarms, and thus we can use a straightforward string
ma tching algorit hm to search for t he kn own half ofd, and r ecover th e oth er
-
8/6/2019 Keys 2
4/9
4
ha lf from a ny su ccessful m at ch. The t ime complexity of such a n a tt ack is just
O(u), and for all practical purposes it is only limited by the maximal data
tra nsfer ra te of th e har d disk.
This t echn ique can be used for la rger va lues ofe, but its efficiency drops
rapidly since the number of candidate values for the top half of d grows
exponentially in the size ofe. We now describe an alternative technique,
which remains reasonably efficient for values of e whose binary size is
smaller than half the size of n . The basic idea is to compute for each
candidate substring d th e value ofde-1. For th e corr ect va lue d, the result
is zero modulo (n ). In other words, it is equal to c.(n ) in which the
multiplier c is smaller t ha n h alf th e size ofn . When we redu ce de-1 modu lo
th e known n instea d of modulo th e unknown (n ), we get zero minu s an er ror
term which is somewha t sm aller th an n , i.e., a sma ll negative value.
To use th is obser vat ion , we consider two windows of lengt h v in t he given
bit st ring of length u , which ar e shifted by a single bit position with r espectto each other. Denote their numeric values by d and d", which are related
by d"=2d +c1-c2 2v. Assume that we have already computed de-1(mod n ),
and would like to compute d"e-1(mod n ). Since c1 and c2 are single bit
quan tities, we need a const an t nu mber of additions/subtra ctions to car ry out
th is compu ta tion. The algorith m can th us scan th e whole bit str ing in t ime
O(vu ), and an nounce an y locat ion which m akes t he compu ted r esult a sma ll
negative num ber, a can didat e value for d. Ife is sufficient ly sma ll (compared
to half the size ofn ), there are likely to be no false alarms. This technique
can be optimized fur th er in a var iety of ways, such as u pda ting only the mostsignificant bits ofde-1(mod n ) dur ing the scan, an d recompu ting its precise
value only infrequently in order to prevent excessive buildup of
comput at iona l err ors.
A completely different approach is to look for the secret primes p and q
whose product is t he k nown value ofn . The signat ur e genera tion procedur e
does not have to know these values in order to compute m d(mod n ), but in
almost all th e pra ctical implementa tions of the RSA scheme th e signa tu re
generation process uses these factors to speed up the computation by a
factor of 4 by using the Ch inese Rema inder Th eorem .We make th e reasonable assumption tha tp and q occur next to each other
on t he long bit st ring, and t hu s th e distan ce between t heir least significan t
bits is about v/2. We can th us t ry t o mu ltiply an y pair of substr ings of length
v/2 in which th e second subst ring is sh ifted with respect t o th e first by v/2+i
bits for i=0,32,64, an d compa re t he r esult t o n . The t otal complexity of th is
approach is O(uv2). However, it can be r educed to just O(u ) by performing
th e test modulo 232 , i.e., by multiplying the least significant words ofp and
-
8/6/2019 Keys 2
5/9
5
q, and compa ring the bottom half of t he r esult to the least significan t word
of n . Since multiplication of 32 bit numbers on a PC is a very fast basic
operation, and the probability of false alarm is sufficiently small, the
algorit hm is quite practical.
3 Finding public keys
In th e previous section we looked a t finding t he secret keys in t he cont ext of
some sort of "lunchtime attack" . In this section we look at finding public
keys (usu ally signa tu re ver ificat ion k eys) with a view to subvertin g a pu blic
key infrastructure.
Consider the case of an "authenticode" system. While it is usually
possible to completely disable all signature checking on code, it is rarely
desirable to do so. If all checking is rem oved it may leave a system wide open
to na ve at ta cks. A bett er m eth od of bypassing code signat ur e checking is t o
replace t he signa tu re verificat ion key with a key of your own choosing. Of
cour se if you can do this, someone else can too, but it can protect against a
less able att acker.
The usual process for locating anything is to try to identify some
characteristic of what is being located and then to look for that
characteristic. One characteristic of cryptographic keys is that they are
usua lly chosen a t r an dom. Most code and dat a is not chosen a t r an dom a nd
it tu rn s out th at th is different iation is significan t. When dat a is ran dom it
has higher entropy than patterned information that is not random. This
mea ns t ha t we should be able to locat e crypt ogra phic keys among oth er da ta
by loca ting sections with un usu ally high en tr opy.
Dur ing our work we cons idered one pa rt icula r syst em which we knew to
contain an RSA signature verification key. The system is a modular
cryptographic application programming interface produced by a major
softwa re vendor an d it is widely used in comm ercial applicat ions. The file we
suspected of holding the key was approximately 300 kilobytes and we had
no inform at ion a s to where th e key might be.
3.1 Visual identification of high entropy regions
The hum an eye and h um an br ain between them a re very good at picking up
on pa tt ern s. Since the ma jority of th e dat a in pr ogram s ha ve some str uctur e,
while we expect t o see very little st ru ctu re in k ey data we can pick out t he
location of the keys s imply by looking at the da ta in some suitable represen-
tation. Figure 1 is a one bit per p ixel ima ge from pa rt of th e progra m da ta in
-
8/6/2019 Keys 2
6/9
6
the code authentication system. The middle section of the image contains
th e signa tu re verificat ion key an d it is visibly more noisy tha n t he su rr oun d-
ing data .
While visua l inspection of th e program da ta allows us t o locat e th e keys
in a body of da ta , it is ra th er slow an d labour inten sive. We can achieve th e
sam e result by more m echa nical mean s.
3.2 Identifying keys by measuring entropy
Since we know tha t k ey dat a h as m ore ent ropy th an non-key data , one way
to locat e a key is to divide the da ta int o sma ll sections, mea sur e th e ent ropy
of each section a nd display t he locat ions wh ere t her e is part icula rly high en-
tropy.
While getting a tr ue mea sur e of ent ropy is a complex tas k, in pr actice the
ent ropy of most pr ogram code is so low th at a t ru e mea sur e is not n eeded. In
our experiments we found that examining a sliding window of 64 bytes of
data and counting how many unique byte values were used gave a good
enough m easu re of entr opy. Throughout th e first body of code we worked on
th e avera ge window of data cont ained just un der 30 u nique values (with a
sta nda rd deviat ion of close t o 10). The windows which covered t he k ey dat a
avera ged 60 un ique byte values; a full 3 deviat ions from th e mea n. In a body
of 300 kilobytes of da ta on ly 23 windows had a score grea ter th an 50 an d of
th ese 20 were consecutive an d corr esponded t o th e locat ion of th e key dat a.
In t he general case, wher e we are faced with locat ing a key of length v bits
in a body of code m ade up ofu bits we can find th e a reas of highest entr opy
with a complexity of order u , since our met hod does not depend on t he key
and can be performed using only linear passes of the data. Clearly the
success of this statistical method depends on the nature of the program
concerned.
Figure 1 Key information (in the middle of the figure) looks more noisy than the rest of the
data
-
8/6/2019 Keys 2
7/9
7
4 Better methods of hiding keys
In t he specific cas e of hiding RSA privat e keys, ther e ar e ma ny coun ter mea s-
ur es which can be u sed to mak e th e described at ta cks less likely to succeed.
The most obvious technique is to keep all the cryptographic keys on a de-tachable device such as a smart card, or to keep them encrypted under a
str ong m emorized password on th e ha rd disk. However, such a key must be
used by th e a pplicat ion in decrypted form dur ing the signa tu re genera tion
process, and t hu s ma y be left in su ch a sta te somewher e in th e PCs file sys-
tem , a s described in the int roduction.
A simple example of one such countermeasure when e is small is to
replace th e sta nda rd decryption exponent dby an equivalent exponen t of th e
form d=d+c(n ) for a m odera tely large c with severa l dozen bits. The user
can directly use d instead ofd in his modular exponentiation operations,
an d its complexity grows by a n egligible a mount . The a dvan ta ge of such a d
is tha t t he a tt acker can n o longer pr edict some of th e bits of th e decrypt ion
exponen t just from th e fact th a t t he encryption exponen t is sma ll. However,
it does not prevent th e oth er a tt acks described in t his paper.
En tr opy based att acks to find key dat a can be resisted by mat ching th e
levels of ent ropy in n on-key and key dat a. In pra ctice we ar e concerned wit h
th e entr opy density, not th e tota l ent ropy; we must ha ve th e same a mount
of inform at ion over all but ha ving t he la rge concentr at ion of ent ropy in t he
key dat a m ak es it easy t o spot. We can achieve this either by trying to lower
the entropy density of the key data or by raising the entropy of the otherdata .
We can lower t he en tr opy density of th e key by spreading the key out over
more of the pr ogra m. Ther e ar e var ious options h ere. One way we could do
th is is to const ru ct a set of values, each with relat ively few bit va lue cha nges
and thus with lower entropy, such that some simple combination of these
values results in th e key value we r equire. This works well in spreading th e
inform at ion but it incurs a compu ta tion overh ead t o set th e key up. Another
way would be to genera te some code which when run resu lts in th e key valu e
being placed into a buffer. Again, this requires some computationaloverh ead but with luck t his can be small compa red t o the comput at ion to use
th e key.
Ther e is an oth er option for h iding the k ey, which can poten tia lly not only
do away with t he compu ta tion overhea d but also be more r obust th an oth er
options. Consider th at th e key mu st be known at th e time tha t t he progra m
is built. Given suitable tools we can present the key as a constant in the
comput at ion wh ich is car ried out using th at key and t hen we can optimise
-
8/6/2019 Keys 2
8/9
8
the code given that constant. This will cause the key to be intimately
inter twined with th e code which u ses it. Not only will the resu lting code look
very much like normal code (making the key hard to find), but it may also
ma ke the compu ta tion r un faster t ha n if th e key were placed in a separ at e
memory buffer. Furthermore if the optimisation process is thorough it will
likely be extremely hard to change the key without replacing the entire
section of code which u ses tha t key.
The other class of solutions for hiding t he key is to mak e th e ent ropy of
the rest of the data appear higher. One way to do this is to encrypt the
program so th at it decrypt s itself before it r un s. Work h as been car ried out
in this field by Intel Corporation[1] and others and it can lead to systems
which a re very ha rd t o subvert but it does so at a cost. Ther e will always be
a comput at ion overh ead involved in decrypt ing th e code an d da ta before it is
used a nd t his will slow th e system down.
5 Conclusions
The pr oblem of efficient ident ificat ion of stored secret keys in luncht ime a t-
tacks (as opposed to efficient computation of unknown secret keys by cryp-
tanalysis) had received almost no attention in the literature so far, even
th ough we believe th at it poses a great th rea t t o ma ny enter prises with com-
mercial grade physical security (such as banks, brokers, lawyers, travel
agencies, etc.). Such attacks are particularly effective when a company
sends its compu ters to a r epair sh op or sells th em a s junk, since it leaves no
tr aces and t her e is no risk of detection (compa red t o at ta cks bas ed on sn eak -
ing int o th e ma na gers room or inst alling a virus in h is compu ter ).
Our techn iques seem to be applicable to a wide var iety of oth er public key
schemes, in addition to the RSA scheme. For example, in the Fiat-Shamir
signature scheme, the secret key s is the square root of the public key a
modulo n . A simple scan of the long bit string which checks for each
candidate substring s whether s '2=a(mod n ) has time complexity O(uv2). By
using th e algebraic rela tionsh ip between an y two consecut ive can didat es s
and s", we can update the value ofs2(mod n ) int o s"2(mod n ) in a constantnumber of addition/subtraction operations, and thus the total time
complexity can be r educed to O(uv). We ar e now in t he process of developing
similar a tt acks on other public key crypt osystems.
The problem of keeping a "public" key secret has also received little
at tent ion even th ough a great m an y public key infrastr uctur es place huge
value on a sm all number of root pu blic keys. If compu ter program s mu st be
operated in an hostile environment they need to have some form of
-
8/6/2019 Keys 2
9/9
9
protection. While it is r elat ively easy to build ta mper resistan t ha rdwar e it
is much h ar der t o protect compu ter softwar e. It should be observed th at re-
keying a code authentication scheme is an attack on the Public Key
Infrast ructure r ath er th an an att ack on the cryptosystem. Over th e years we
ha ve seen t ha t a tt acking th e PKI is often by far th e most efficient way to
brea k pu blic key crypt osystems and t his is no exception.
References
[1] David Aucsmith. Tamper resistant software.Lectu re Notes in Com pu ter
S cience: In form ation Hid ing , 1174:317{333, 1996.
[2] R.L. Rivest, A. Shamir , an d L.M. Adleman . Crypt ograph ic comm un ica-
tions syst em and m eth od. U.S. Pa ten t, 1983. U.S. Pa ten t n o. 4,405,829.