Congress last day, I’ve been chasing the guy of the chipcard lab kit for two days now, it’s incredible hard to get in touch with him, when I finally talked to him he doesn’t have any assembled kit, and just have one PCB left, without any components. That really sucks, he could have told that two days ago and I wouldn’t lost my time asking for him every two hours… that kind of things really suck. OK live is like that, we’l have to assume that.
The morning session started with the SecuBT talk. This framework provides a secure execution environment for a process in userspace, so no kernel modification is needed, just execute the program after specifying with the LD_PRELOAD environment variable the SecuBT library and that’s it. Doing this you set a wrapper around the process that controls all the interactions with the kernel, so signals, system calls and all those stuff can be restricted or modified in runtime. From a security point of view, a suspicious process can be “jailed” with this technique, so any evil action that it tries to perform can be aborted before it actually can break somthing. Or from a reverse engineering point of view, you could spy the behaviour of the process or inject information to it “customizing” the reads performed from file handlers or network sockets. All this application sandboxing/virtualization thing is a very interesting area of researching.
Next, Finding the key in the haystack lecture. Actually I am not a hardware geek, so any kind of hardware talk is a chance for me to learn new things. This talk was very interesting because it focused on a side-channel attack on a hardware implementation of the AES algorithm to extract the key measuring the power consumption of the chips involved in the cryptographic operations. I am familiar with a very similar kind of attack, but in software, the timing attacks (either local or remote). The idea is very similar, but you’ve to measure the time needed to perform an encryption, a decryption, or maybe the validation of a digital signature, or even the checking of a hash. Through a differential analysis of how last a valid operation compared to an invalid one, you can extrapolate useful information about how the system works, or even extrapolate the key at a byte level. In this case, the analyst intercepts the electrical signals that go in or out the chips, so knowing which algorithm is implemented and it’s internal design (as happens with AES) you can extrapolate the internal status of the algorithm looking the power consumption, and even injecting text probes to compare the consumption between a correct or incorrect key. Doing this you could brute force the key, a byte each time, and guessing if the value it’s correct or not looking at the power consumptions which leaks the status of the internal operations. Just magic! :)
And with this, 26C3 was over for us! :( We spent the rest of the day as perfect tourists, enjoying Berlin.