The fall of Titans?

Two French security researchers, Victor Lomne and Thomas Roche, published in January an impressive 55-page report.  The report describes a successful Electro-Magnetic side-channel attack on Google’s Titan security key.  They succeeded in extracting the ECDSA private key.

Titan security key is a FIDO U2F compliant key also known as Google authenticator.  It is functionally similar to Yubikeys.  Its purpose is to serve as a physical token for Two-Factor Authentication (2FA).

Mounting side-channel attacks on secure components like smart cards is “common.”  It usually assumes the attacker has samples to analyze and that the attacker can store arbitrary known secrets in the samples.  This knowledge provides some reference points during the attack.  Once the attack is fine-tuned with the samples using a known secret, it is possible to extract the target’s secret. Unfortunately, this is not true in this specific use case.  When registering, the token generates its ECDSA key pair.  The private key never leaves the token.  It is why it is not possible to back up such tokens.  Thus, it is possible to purchase Titan tokens, but not to feed an arbitrary key pair.  The researchers used an interesting methodology to overcome this issue.

They first identified the secure component used by Titan. They removed the plastic cover and identified NXP A7005.  They found out that some JavaCards have similar characteristics to the NXP A7005.  Thus, they used JavaCards using NXP P5x chips.

Using a 500µm coil with 10µm precision micromanipulators, they measured the EM signature of the ECDSA signing for both Titan and the JavaCard.  The comparison of the two EM signatures confirmed that they used the same implementation.  Thus, they concentrated their effort on the Javacard to design the exploit.  They reverse-engineered the implementation using the EM traces to guess the calculations. They discovered a sensitive leakage and could mount a complex side-channel attack.  The document details the complexity of the attack.  With 4,000 sampled signatures for 2TB of data, they succeeded in extracting the key that they fed to the smart card.

Then, they implemented the same attack on the Titan chip.  They increased the number of samples to 6,000 for 3TB of data.   They succeeded in extracting the private key.

How devastating is this attack?

  • The specialized equipment is about 10K€ (about $12K). The needed skill set is high.  On the  Common Criteria (CC) scale, it has a rating of 27 corresponding to attackers with moderate attack potential.  The corresponding chips are old and are not any more covered by CC certificates.
  • The attack requires the attacker to get the Titan key for several hours to collect the 6,000 samples.  It is not possible to clone it.
  • The attack requires opening the plastic casing.  The operation seems destructive.  For stealthiness, the attacker must be able to repackage the chip in a legitimate case.
  • The attacker needs to return the “borrowed” recased key to the legitimate owner. Else this owner may detect the loss and block the access.
  • This attack impacts not only the Titan token but a long list of components.

Thus, we may forecast that such attack would be efficient only against very high-profile targets.

Conclusions

The attack is an impressive piece of work.  Reading the document gives an overview of the issues a side-channel attack requires to solve. It is extremely interesting.

Diversity of implementation across different products is a costly but secure option.

Continue to use your 2FA tokens.  It is more secure than not using them.  If you lost your 2FA token, change your accounts to use a new one as soon as possible (which should be the case, independently of this attack).

Use 2FA tokens as much as possible.

Reference

Lomne, Victor, and Thomas Roche. “A Side Journey to Titan.” NinjaLab, January 7, 2021. https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf.

Sound-Proof: an interesting authentication method

Four researchers of ETH Zurich (KARAPANOS N., MARFORIO C., SORIENTE C., and CAPKUN S.) have disclosed at last Usenix conference an innovative two-factor authentication method which is extremely user-friendly. As many current 2FA, it employs the user’s cell phone. However, the interaction with the phone is transparent to the user.

The user initiates the login with the typical login/password process on her or his device. Then, both this device and the user’s cell phone record the ambient sound. The two captured tracks are compared to verify whether they match. If they match, the authentication succeeds. The user’s cell phone captures the sound without the user having to interact with it. The phone may even be in the user’s pocket or shirt.

Obviously, this authentication does not prevent co-localized attacks, i.e., the attacker has the victim’s credentials and is near his victim. As the victim is not aware of the audio capture, the attack would succeed. Nevertheless, many scenarios are not vulnerable to co-localized attacks.

In the proof of concept, the cell phone performs the verification and returns the result to the login server. I do not find a reason this check could not be varied out by the server rather than by the phone. This modification would eliminate one security assumption of the trust model: the integrity of the software executing on the phone. The comparison would be more secure on the server.

A very interesting concept.

Karapanos, Nikolaos, Claudio Marforio, Claudio Soriente, and Srdjan Capkun. “Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound.” In 24th USENIX Security Symposium (USENIX Security 15), 483–98. Washington, D.C.: USENIX Association, 2015. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/karapanos.

Stealing account with mobile phone-based two-factor authentication

Attackers often entice users to become the weakest link.   Phishing and scams exploit the human weakness.  These attacks become even creepier if the attacker circumvents legitimate security mechanisms.   Two factor authentication offers better security than simple login/password.  The use of mobile phone as the second factor is becoming mainstream.  It is impossible to steal our account without stealing our phone.  We feel safer.  Should we?

Symantec reported a new used method to steal the account of users despite the use of a two-factor authentication.   Here is the scheme.

Mallory wants to gain access to Alice’s account.  He knows Alice email address and her mobile phone number as well as her account.  For a social engineer, this information is not difficult to collect.  It is part of the usual exploration phase before the actual hack.   Mallory contacts the service provider of Alice’s account and requests a password reset.  He selects the method that sends a digital code to Alice’s mobile phone.   The service provider sends an SMS to Alice’s mobile phone with this code. Simultaneously, Mallory sends an SMS to Alice impersonating the service provider.  Once more, this is not difficult as many providers do not use a specific number.  This SMS explains to Alice that there was some suspicious activity on her account.  To verify her account, she must reply to this SMS with the code that was sent previously to her.  Gullible Alice obeys.  Mallory has now the code that the service provider requests to reset Alice password.  Mallory gains entire access to Alice’s account with the involuntary help of Alice.

This type of attack can be used on most web services, e.g., webmails like gmail.  Obviously, Alice should not have replied to this SMS.  She should have followed the known procedure and not an unknown one.  She may have been cautious that the two phone numbers were different.

This is a perfect example of social engineering.   The only answer is education.  Therefore, spread this information around you,  The more people are aware, the less they will be prone to be hacked.  Never forget Law 6: You are the weakest link.