Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Jose Selvi - Side-Channels Uncovered [rootedvlc2018]

175 visualizaciones

Publicado el

En los últimos años, el término "side-channel" a pasado de ser un concepto únicamente conocido en el sector de hardware hacking a ser un término popular dentro de la industria debido a las vulnerabilidades que se han ido publicando. CRIME, BREACH o FIESTA son claros ejemplos de vulnerabilidades que explotan un side-channel en TLS. Más recientemente, también hemos visto vulnerabilidades empleando este mismo concepto en procesadores, como Spectre o Meltdown.

En esta charla, repasaremos el concepto de "side-channel" y haremos un repaso por las diferentes vulnerabilidades que se han ido publicando a lo largo de estos últimos años, explicando en que consisten y que limitaciones tienen.

Publicado en: Tecnología
  • Sé el primero en comentar

Jose Selvi - Side-Channels Uncovered [rootedvlc2018]

  1. 1. © NCC Group July 2018. All rights reserved Side-channels Uncovered Jose Selvi, RootedVLC 2018
  2. 2. But it’s just me J Jose Selvi (@JoseSelvi) 15 years in the infosec industry Principal Security Consultant and Security Researcher at SANS Institute Community Instructor GIAC Security Expert (GSE) Blogger (sometimes): http://www.pentester.es
  3. 3. $ ls -la /home/jselvi/rootedvlc18/ 1. Side-channels in Call For Papers 2. How a side-channel works? 3. HTTPS: Size-based Attacks 4. HTTPS: Time-based Attacks 5. CPU: Cache-based Attacks 6. Lessons Learnt
  4. 4. CFP Feedback
  5. 5. Processing Feedback
  6. 6. But… accepted in Ekoparty 2017
  7. 7. $ ls -la /home/jselvi/rootedvlc18/ | tail -5 1. Side-channels in Call For Papers 2. How does a side-channel work? 3. HTTPS: Size-based Attacks 4. HTTPS: Time-based Attacks 5. CPU: Cache-based Attacks 6. Lessons Learnt
  8. 8. Side-channels & Pizza Politicians DAY N DAY N+1 DAY N+2
  9. 9. Back to the real world
  10. 10. Action + Observing = Oracle
  11. 11. What am I?
  12. 12. $ ls -la /home/jselvi/rootedvlc18/ | tail -4 1. Side-channels in Call For Papers 2. How does a side-channel work? 3. HTTPS: Size-based Attacks 4. HTTPS: Time-based Attacks 5. CPU: Cache-based Attacks 6. Lessons Learnt
  13. 13. How does web traffic work? BROWSER DNS SERVER WEB SERVER (HTTPS) WEB SERVER (HTTPS) DNS Request HTML Scripts Images
  14. 14. Size-based side-channels
  15. 15. Overview CONSOLE SERVER BRAIN CAPTURE
  16. 16. Compression in theory (deflate) NCC Group is an awesome group of security geeks NCC Group is an awesome g(-20,4) of security geeks
  17. 17. Compression in practice $ echo "token=BEEFCAFE1337 token=A" | gzip | wc -c 44 $ echo "token=BEEFCAFE1337 token=B" | gzip | wc -c 43 $ echo "token=BEEFCAFE1337 token=BA" | gzip | wc -c 44 $ echo "token=BEEFCAFE1337 token=BE" | gzip | wc -c 43 $ echo "token=BEEFCAFE1337 token=BEEFCAFE" | gzip | wc -c 43
  18. 18. DEMO
  19. 19. WEB SERVER (HTTPS) CRIME vs BREACH CRIME BREACH BROWSER
  20. 20. COMPRESS & ENCRYPT Compress before encrypt still a problem APP DATA USER DATA
  21. 21. Search engine not CSRF-protected (XS-Search) /search/wrong 100kb /search/rigg 100kb /search/righ 200kb /search/rigi 100kb WEB SERVER (HTTPS) BROWSER
  22. 22. What if response size is not stable? $ curl http://www.google.es | wc -c 12424 $ curl http://www.google.es | wc -c 12401 $ curl http://www.google.es| wc -c 12372 $ curl http://www.google.es| wc -c 12437 $ curl http://www.google.es| wc -c 12423
  23. 23. F****** Javascript from Hell… $ curl http://www.google.es […] google.time=function(){return(new Date).getTime()};(function(){google.lc=[];google.li=0;google.getEI=function( a){for(var b;a&&(!a.getAttribute||!(b=a.getAttribute("eid")));)a=a.parentNode;return b||google.kEI};google.getLEI=function(a){for(var b=null;a&&(!a.getAttribute||!(b=a.getAttribute("leid")));)a=a.parentNode;r eturn b};google.https=function(){return"https:"==window.location.protocol};goog le.ml=function(){return null};google.wl=function(a,b){try{google.ml(Error(a),!1,b)}catch(d){}};google .log=function(a,b,d,c,g){if(a=google.logUrl(a,b,d,c,g)){b=new Image;var e=google.lc,f=google.li;e[f]=b;b.onerror=b.onload=b.onabort=function(){del ete e[f]};google.vel&&google.vel.lu&&google.vel.lu(a);b.src=a;google.li=f+1}};g oogle.logUrl=function(a,b,d,c,g){var e="",f=google.ls||"";d||- 1!=b.search("&ei=")||(e="&ei="+google.getEI(c),- 1==b.search("&lei=")&&(c=google.getLEI(c))&&(e+="&lei="+c));c="";!d&&g oogle.cshid&&- 1==b.search("&cshid=")&&"slh"!=a&&(c="&cshid="+google.cshid);a=d||"/" +(g||"gen_204")+"?atyp=i&ct="+a+"&cad="+b+e+f+"&zx="+google.time()+ c;/^http:/i.test(a)&&google.https()&&(google.ml(Error("a") […]
  24. 24. Resource loading side-channel (FIESTA)
  25. 25. Resource loading side-channel (FIESTA)
  26. 26. Resource loading side-channel (FIESTA)
  27. 27. Resource loading side-channel (FIESTA)
  28. 28. DEMO
  29. 29. $ ls -la /home/jselvi/rootedvlc18/ | tail -3 1. Side-channels in Call For Papers 2. How does a side-channel work? 3. HTTPS: Size-based Attacks 4. HTTPS: Time-based Attacks 5. CPU: Cache-based Attacks 6. Lessons Learnt
  30. 30. Overview CONSOLE SERVER BRAIN
  31. 31. Size ~= Load time Nethanel Gelernter @ Blackhat USA 2016
  32. 32. Measuring Time https://tom.vg/2016/08/browser-based-timing-attacks/
  33. 33. Are timing attacks practical in HTTPS?
  34. 34. Where is the Proof of Concept?
  35. 35. $ ls -la /home/jselvi/rootedvlc18/ | tail -2 1. Side-channels in Call For Papers 2. How does a side-channel work? 3. HTTPS: Size-based Attacks 4. HTTPS: Time-based Attacks 5. CPU: Cache-based Attacks 6. Lessons Learnt
  36. 36. Continuously improving performance
  37. 37. Meltdown & Spectre https://meltdownattack.com/
  38. 38. CPU Caching http://archive.arstechnica.com/paedia/c/caching/m-caching-2.html
  39. 39. Out-of-order / Speculative Execution
  40. 40. Meltdown (Out of Order Execution) access_kernel(); access(probe_array[data * 4096]); again: mov al, byte [rcx] shl rax, 0x0C jz again mov rbx qword [rbx + rax]
  41. 41. Meltdown (Out of Order Execution) again: mov al, byte [rcx] shl rax, 0x0C jz again mov rbx qword [rbx + rax] 510 489 495 502 513 499 105 525 487 00 01 02 03 04 05 06 07 08
  42. 42. Spectre (Speculative Execution) if ( x < array1_size ) y = array2[ array1[x] * 4096 ]; 1. array1[x] points to a SECRET byte 2. array1_size and array2 are not cached 3. previous values for “x” were valid (so branch predictor will probably think the current value of “x” is valid as well)
  43. 43. Spectre (Speculative Execution) 510 489 495 502 513 499 105 525 487 00 01 02 03 04 05 06 07 08 if ( x < array1_size ) y = array2[ array1[x] * 4096 ];
  44. 44. Why 4096?? 0 4096 8192 12288 16384 20480 24576 28672 32768 if ( x < array1_size ) y = array2[ array1[x] * 4096 ]; access_kernel(); access(probe_array[data * 4096]);
  45. 45. $ ls -la /home/jselvi/rootedvlc18/ | tail -1 1. Side-channels in Call For Papers 2. How does a side-channel work? 3. HTTPS: Size-based Attacks 4. HTTPS: Time-based Attacks 5. CPU: Cache-based Attacks 6. Lessons Learnt
  46. 46. Lessons Learnt • Compression is Evil • Cache is Evil • Speculative Execution is Evil • Exploiting side-channels is slow (but it works) • Avoiding side-channels is difficult (researchers find new ones over and over again).
  47. 47. © NCC Group July 2018. All rights reserved jose.selvi@nccgroup.com jselvi@pentester.es @JoseSelvi Thanks a lot! Questions!

×