Semiconductor intellectual property supplier ARM kicked off its annual TechCon conference and trade show in Santa Clara, CA with expansion of the mbed IoT Device Platform, including a free operating system as well as server side IoT technologies. We describe the mbed OS in more detail in a separate blog post. In this post, we’ll highlight a couple of notable demos from other vendors on the show floor, plus one from Oracle’s concurrent JavaOne conference and trade show in San Francisco. In a literal sign-of-the-times at both events, you couldn’t swing a dead cat without hitting a sign that read, “Internet of Things.”
At ARM TechCon the Cryptography Research division of Rambus showed an interesting demo of differential power analysis (DPA). This is a type of side channel attack based on sensing power consumption and/or emission patterns of a processor during cryptographic operations, with the objective of extracting encryption keys. Prior to seeing this demo, we had thought of DPA as an academic or theoretical exercise that either wouldn't work in the real world or would take so long as to be insignificant. But Rambus showed us exactly how it works, measuring power emissions from a Xilinx chip while it was repeatedly performing AES 128-bit symmetric encryption on short blocks of data, and running statistical analysis on the power readings to uncover the encryption key one byte worth at a time. The entire key was recovered in about two minutes. Because the process is linear with the number of bits, AES 256-bit only would have taken about four minutes. (To break 256-bit encryption by brute force methods is orders of magnitude more difficult than to break 128-bit.) In addition, the company demonstrated a simple power analysis (SPA) side channel attack by handholding a receiver antenna to the back side of an Amazon Kindle tablet (see Picture 1), and directly reading a signal containing the asymmetric key from RSA 2048-bit encryption running in software on the device. No statistical analysis was required, as a viewer could see a graphical form of the signal representing the zeros and ones (Picture 2).
Picture 1: Readng power emissions from a Kindle tablet running encryption software.
Picture 2: Kindle emissions isolated in the frequency band of the encryption key. Narrow distances between the gaps are zeros, and wider double distances between the gaps are ones. The section of the key shown reads as 0011000001.
Needless to say, we were impressed with how easily these attacks were executed, which of course was the entire point of the demos. Rambus offers side channel attack countermeasures in the form of hardware cores and software libraries, and the demos also showed how such countermeasures confound the measurements and analysis.
Green Hills Software teamed up with Freescale to demonstrate a retail POS simulation of a RAM scraper malware technique similar to the type implicated in the Target data breach, as well as a solution using INTEGRITY hypervisor to negate the malware. The protection method keeps the credit card data encrypted in a secured application space before it gets to the normal execution area, then sends the data via secure channel to the payment processor server. Only a one-time token is passed to the normal execution area of the POS system. When that token is submitted to the payment processor, the funds are approved, without the credit card data ever existing in the normal execution area, and thus rendering RAM scraping irrelevant for theft of the card data. This type of tokenization has been done before in the payment card industry (PCI), and we expect the Target data breach will increase its uptake.
And at the JavaOne event, Oracle and the French software firm Oberthur Technologies demonstrated an Android device with a Java Virtual Machine running within an ARM TrustZone trusted execution environment (TEE). Oberthur’s software runs on the server side of an Internet connection, and enables specially designed Java apps to be securely installed into the device also using a tokenization method. This is the only solution we’ve seen to date that enables applications to be remotely installed into a TEE. Although the demo was run on an Android phone, we see the potential for its use in many other types of IoT devices.