March 9th, 2010 by Alexander Klimov
It is well known that if a secret processed by a device can be correlated with side-effects of the calculation, then the secret can be deduced by measuring these side-effects. Such attacks were used back in time of mechanical rotary encryption machines.
Modern electronic cryptographic devices in addition to the acoustic side-channel of their mechanical predecessors, leak information by means of variation of their power consumption and electro-magnetic radiation. Aside from passively analyzing side-effects of cryptographic computations, an attacker can also actively subvert the environment to introduce faults into the computation. This approach is known as a “fault attack”.
Although the side-channel attacks on a general purpose CPU (especially, timing attacks) were known for a long time, the fault attacks were limited to very small devices, primarily, smart cards.
Recently, a team of researchers from Italy http://eprint.iacr.org/2010/130 presented a fault injection attack against cryptographic software run on an ARM9 general purpose CPU.
Fault injection attacks have proven in recent times a powerful tool to exploit implementative weaknesses of robust cryptographic algorithms. A number of different techniques aimed at disturbing the computation of a cryptographic primitive have been devised, and have been successfully employed to leak secret information inferring it from the erroneous results. In particular, many of these techniques involve directly tampering with the computing device to alter the content of the embedded memory, e.g. through irradiating it with laser beams.
In this contribution we present a low-cost, non-invasive and effective technique to inject faults in an ARM9 general purpose CPU through lowering its feeding voltage. This is the first result available in fault attacks literature to attack a software implementation of a cryptosystem running on a full fledged CPU with a complete operating system. The platform under consideration (an ARM9 CPU running a full Linux 2.6 kernel) is widely used in mobile computing devices such as smartphones, gaming platforms and network appliances.
At first, we validate the effectiveness of the proposed fault model to lead practical attacks to implementations of RSA and AES cryptosystems, using techniques known in open literature. Then we devised two new attack techniques, one for each cryptosystem. The attack to AES is able to retrieve all the round keys regardless both their derivation strategy and the number of rounds. A known ciphertext attack to RSA encryption has been devised: the plaintext is retrieved knowing the result of a correct and a faulty encryption of the same plaintext, and assuming the fault corrupts the public key exponent. Through experimental validation, we show that we can break any AES with roughly 4 kb of ciphertext, RSA encryption with 3 to 5 faults and RSA signature with 1 to 2 faults.
March 4th, 2010 by Ofir Zukovsky
E-book market is experiencing significant growth. Approximately four million electronic-book reading devices were sold last year. According to U.S.-based market intelligence firm iSuppli, number is expected to jump to 12 million in 2010 and 18 million in 2012 . Increasingly E-book readers are equipped with a broadband mobile connectivity. For example Hanwang Science released a 3G e-reader capable of connecting with China Mobile Ltd.’s network, a feature that enables users to access the Internet and to download books. Other examples of e-book readers that include a cellular connection can be seen here
http://gizmodo.com/5365676/irex-dr800sg-ebook-reader-verizon-3g-bn-books-stylus-touchscreen
http://www.engadget.com/2009/10/29/asus-to-launch-3g-wimax-equipped-e-book-readers-by-march-2010/
OMA DRM is the most common content protection and access system in use today by mobile carriers. All forms of digital content including multimedia, ringtones, music, video and games are secured using the OMA DRM solution.
By expanding OMA DRM to protect E-book content mobile carriers can leverage their existing back end infrastructure and qualified workforce. Moreover as an open standard DRM scheme it enjoys the support of content owners and service provides alike. The scheme is robust and widely deployed, and supports all the required business models including:
- Subscription
- Time limited rental
- Buy to own without sharing (forward lock)
- Sharing with other users (super distribution)
- Preview
- Right to read on multiple devices (domains)
- Usage metering and advertising funded models
- Backup and recovery
February 25th, 2010 by Motty Alon
During a secret meeting with Wall Street Journal, Steve Jobs, Apple’s CEO, listed the “obsolete” technologies that were thrown away when making Apple newest invention, the iPad. Reporting on this meeting Ryan Tate of the Business Insider mentioned the following technologies: Flash – the Web animation software, floppy disks, old data ports (including Apple’s FireWire 400), LCD screens and CDs. Surprisingly DRM (Digital Rights Management) did not appear on the list.
Apple Logo
It was Jobs that only three years ago, wrote in his famous blog post, “Thoughts about Music”, “If anything, the technical expertise and overhead required to create, operate and update a DRM system has limited the number of participants selling DRM protected music. If such requirements were removed, the music industry might experience an influx of new companies willing to invest in innovative new stores and players. This can only be seen as a positive by the music companies”. The rest was history. In the following year after the publication of this blog post, iTunes and then the rest of the Web based music stores became “DRM Free”.
3 years have passed. The issue is no longer music but rather eBooks, applications (aka “apps”) and videos. Surprisingly content protection and DRM are no longer persona-non-grata in Apple kingdom. Apple as well as others in the market, realized that the battle to protect illegal copying is almost lost (that was the essence of Jobs article in 2007), however it was a mistake to classify DRM as a copy protection technology. DRM is the technology that enables a large number of business cases and helps content stores differentiate themselves with different business models.
Today no one launches content service without the ability to offer subscription service in addition to the traditional “download to own” model, and the ability to share the content between different consuming devices of the same owner. All of these business models are enabled with DRM.
So Apple ditched lots of “obsolete” technologies but somehow the DRM technology that Jobs “obsoleted” in 2007, is still alive in kicking in iPad of 2010.
February 24th, 2010 by Amit Shofar
The recent war of words between Apple and Amazon regarding the correct way to price an eBook says a great deal about Apple’s brand value and their ability to leverage success in music market. Ironically in this case the roles are reversed with Amazon charging $9.99 for a best-seller and Apple planning to $12.99 – $14.99. By pricing eBooks aggressively Amazon hoped to stimulate demand, an important lesson learned from Apple’s success in music market. What is not clear is whether Apple’s pricing for eBook’s will proved to be as successful as their 99c per song and whether the download-to-own is the correct approach. Both vendors are deploying in-house content protection technologies.
Just looking at the sheer volume of second hand books available for sale on Amazon.com, my guess is that any eBook pricing model that does not allow the owner to resell the content is not likely to succeed. Moreover, the business model for eBook needs to correctly reflect the way people consume and acquire books. For example support an electronic book library or so-called subscription based models is an important requirement. The ability to share a book with friends and family, typical of books clubs all over the world is another model that must be supported. Text books also pose a serious challenge to the monolithic download-to-own model. This is to say nothing of the different types of devices, with either fixed or removal storage and a multitude of operating systems (e.g. Android, Symbian).
What is clear is that a one-size-fits-all approach (download-to-own) will not allow the eBook market to reach its full potential. Any viable content protection technology for the eBook market needs to support the full range of business models.
OMA DRM 2.1 is such a scheme, providing an ideal solution for eBook market. As an open DRM scheme it enjoys the support of content owners and service provides alike. The scheme is very robust and widely deployed. Moreover the scheme supports all the enhanced business models required by the eBook market.
February 15th, 2010 by
Discretix Multi-Scheme DRM Client Will Secure Subscription-Based Music and Video Services on Sony Ericsson Android and Windows Mobiles Phones.
FIRA de BARCELONA, SUITE 4.7HS22 / BARCELONA, SPAIN — (February 15, 2010) — Discretix, the leading global provider of embedded Windows Mobile and Android security DRM, today announced that Sony Ericsson has chosen Discretix’ Multi-Scheme DRM Client to protect distribution and consumption of multimedia content on select mobile phones and for its PlayNow services.
Discretix’ Multi-Scheme DRM Client has been deployed on select Sony Ericsson mobile phones based on the Windows Mobile and Android operating systems. The embedded technology enables a wide variety of business models including subscription-based music and video services for the consumer market.
January 6th, 2010 by
INTERNATIONAL CES, LAS VEGAS, Nev. – January 5, 2010 – MIPS Technologies, Inc. (Nasdaq: MIPS), a leading provider of industry-standard processor architectures and cores for digital consumer, home networking, wireless, communications and business applications, today announced it is working with leading providers of key IP for the connected digital home—including audio, video, graphics and security functionality—to help SoC developers get to market quickly with fully-integrated hardware/software solutions. MIPS is working closely with Chips & Media, Discretix, Tensilica, Vivante Corp. and other leading providers of semiconductor IP to help customers meet cost/performance targets with solutions that optimize performance for devices based in particular on the Android™ platform.
For more information: http://www.discretix.com/corporate/pr050110.html
December 7th, 2009 by
Optimized for Android and already selected by several Tier-1 Mobile Device OEMs, the Discretix Multi Scheme DRM client ensures quick time-to-market for next-generation open source mobile and connected devices.
http://www.discretix.com/corporate/pr071209.html
December 6th, 2009 by
Hagai Bar-El’s technical paper entitled Intra-Vehicle Information Security Framework is available for download at http://www.discretix.com/resources/white_papers.html
November 30th, 2009 by Asaf Shen
According to a recent article in the IEEE Spectrum, the cars we are driving (or at very least our managers) have more electronic control units (ECU) and lines of code than your typical commercial or military aircraft.
The avionics system in the F-22 Raptor, the current U.S. Air Force front line jet fighter, consists of about 1.7 million lines of software code. The F-35 Joint Strike Fighter, scheduled to become operational in 2010, will require about 5.7 million lines of code to operate its onboard systems. And Boeings new 787 Dreamliner, scheduled to be delivered to customers in 2010, requires about 6.5 million lines of software code to operate its avionics and onboard support systems. These are impressive amounts of software, yet if you bought a premium-class automobile recently, it probably contains close to 100 million lines of software code, says Manfred Broy, a professor of informatics at Technical University, Munich, and a leading expert on software in cars
Just like any other software, these millions of lines of code – parked in driveway – have exploitable bugs. A defect density rate of 0.4 defects per thousand lines of code combined with a conservative estimation of 5% of defects that are exploitable yields 2,000 exploitable bugs per 100 million lines of code!!!!!
So where does this leave the average commuter on the way from point A to point B. Probably quite afraid. Many of these bugs are an inevitable back door for hackers, raising serious security concerns.
Faulty lines of code are fact of life and there is not much we can do to pevent them, however some precautions can be taken to ensure that they are not exploited.
- Identify malicious code introduction targeted at using existing exploitable flaws (e.g. secure boot and run time integrity verification).
- Allowing valid code images to be revoked and replaced with new, fixed images (renewability mechanisms).
- Preventing roll backs to faulty images (again, thru mechanisms like Secure boot and others).
November 23rd, 2009 by Amit Shofar
Discretix’ Hagai Bar-El will present an internal information security services framework for vehicular environments. The frame-work consists of a logical toolbox a set of logical modules that are installed in a variety of embodiments (e.g., controllers) and which provide security functionality that vehicular applications often require. The framework also includes several enablers, which are higher-level security functions that are integrated into vehicular applications. These enablers use the aforementioned tools to provide for many typical use-cases, such as secure logging, secure code update, and secure feature activation. The purpose of the toolbox is to provide some of the common security functions at the highest e�ective abstraction level, and to implement these functions securely in well suited environments. This detachment of security functions from the applications that use them shall allow vehicular application developers to reduce the breadth of security know-how that they shall possess, as well as to reduce the attack surface of their applications.
