Monday, 23 May 2016

Physical Access To A System Matters For Security

At Christmas I wrote a piece for the BBC based upon Scott Culp's 10 immutable laws of computer security.  My assertion was that the laws are as valid today as they were all those years ago.  However, many have commented to me that  rule 3, which reads " If a bad guy has unrestricted physical access to your computer, it's not your computer anymore", is no longer true due to the use of encryption on disks.  I think recent research suggests my assertion is true.

I wrote recently about work that had been published showing how encryption keys could be recovered from laptops using relatively cheap antenna and standard equipment.  The technique works through walls no less. Then in the last week I've seen two other papers which are focussing down even further on side channel attacks based on various forms of differential analysis of physical characteristics one can measure in the circuitry of otherwise secure devices.

The first entitled "Exploiting the Physical Disparity: Side-Channel Attacks on Memory Encryption" explores Differential Power Analysis (DPA) and Differential Fault Analysis (DFA) to recover sensitive data.  It claims  " showed that all common implementations of memory and disk encryption schemes can easily be broken using DPA and DFA."  Just let that sink in for a second or two.  In essence, the researchers are claiming that if you have physical access to a device that uses one of the common memory of disk encryption schemes, your data can be recovered.

The second is a broader paper surveying these side channel attacks which are being applied down at the chip level.  It is entitled "Survey of Microarchitectural Side and Covert Channels, Attacks, and Defense" and I would recommend that anyone involved in securing microprocessor based systems reads it.

There is one big caveat to the security concerns that all of this research raises.  Most of the techniques rely upon the system being turned on.  You may be happy that your individual system is secure at rest and so this is not really a problem for you.  But stop and think about how many systems cohabit these days.  Yes, the cloud.  Whether you host a system yourself or use those of another, we are all using the cloud these days, and having many "systems" sharing the same hardware platforms opens up a new dimension to the idea of physical access. 

We have known for some time that there are specific attacks using software vulnerabilities to mount cross virtual machine (VM) attacks such as described here.  But, increasingly researchers have turned their attention to the cross VM attacks based on, for example, shared cache such as here.  I was particularly impressed by one graduate students thesis where he collated a series of such attacks.  Possibly the more worrying are attacks were crypto keys are recovered in cross VM attacks such as demonstrated here.

The bottom line is that physical access matter for security.  That 3rd law does indeed hold good and if anything has become even more relevant in the world where shared infrastructure is becoming the norm.