Subliminal Channels in High-Speed Signatures

Subliminal Channels in High-Speed Signatures

Die approbierte Originalversion dieser Diplom-/ Masterarbeit ist in der Hauptbibliothek der Tech- nischen Universität Wien aufgestellt und zugänglich. http://www.ub.tuwien.ac.at institute of telecommunications The approved original version of this diploma or master thesis is available at the main library of the Vienna University of Technology. http://www.ub.tuwien.ac.at/eng Subliminal Channels in High-Speed Signatures Master’s Thesis for obtaining the academic degree Diplom-Ingenieur as part of the study Electrical Engineering and Information Technology carried out by Alexander Hartl student number: 01125115 Institute of Telecommunications at TU Wien Supervision: Univ. Prof. Dipl.-Ing. Dr.-Ing. Tanja Zseby Dipl.-Ing. Robert Annessi, B.Sc Acknowledgments I want to express my gratitude for everyone who assisted or encouraged me in various ways during my studies. In particular, I would like to thank Prof. Tanja Zseby and Dipl.-Ing. Robert Annessi for giving me the opportunity to write this thesis, for supporting me actively while I was working on it and for many valuable comments and suggestions. I owe special thanks to my family, especially my parents Edith and Rudolf, for their endless support during all these years. Thank you, Sabrina, for encouraging me and for so many cheerful hours in my life. Abstract One of the fundamental building blocks for achieving security in data networks is the use of digital signatures. A digital signature is a bit string which allows the receiver of a message to ensure that the message indeed originated from the apparent sender and has not been altered along the path. In certain cases, however, the functioning of signature schemes allows an adversary to additionally utilize the signature string as a hidden information channel. These channels are termed subliminal channels and have been known and tolerated since the 80s. Due to the recent progress in the development of high-speed signature algorithms, however, application scenarios for digital signatures become feasible that lead to a large exploitable bit rate for data exfiltration, given that the deployed signature scheme allows the utilization as subliminal channel. This thesis shows how certain high-speed signature schemes can be exploited to carry hidden information. In particular, we analyse the recent EdDSA signature scheme, which yields substantial future potential, as well as the class of Multivari- ate Quadratic (MQ) signature schemes. We discuss how an adversary can proceed to embed and recover subliminal information and what bit rate the adversary can achieve for transmitting hidden information. Scenarios like signed NTP broad- casts, signed sensor data transmissions and the TLS key exchange are depicted, where the existence of a subliminal channel gives rise to new attack possibilities threatening network security. To confirm these findings we discuss the results of performed experiments, which attest a considerable subliminal bandwidth to the analysed signature schemes. Furthermore, we depict several methods for preventing the exploitation of subli- minal channels in EdDSA, but we have to conclude that none of them is viable in a practical situation, reinforcing the threats that originate from the described subliminal channels. Abstract Digitale Signaturen sind ein wesentlicher Bestandteil sicherer Kommunikation in modernen Datennetzwerken. Eine digitale Signatur ist ein Datenblock, der es dem Empfänger einer Nachricht erlaubt, zu prüfen, ob die Nachricht unverändert ist und tatsächlich vom vorgeblichen Absender stammt. Darüber hinaus ermöglichen es jedoch viele Signaturverfahren einem feindlich gesinnten Absender, die Signatu- ren als versteckte Kommunikationskanäle zu verwenden. Obwohl diese sogenannten Subliminal Channels seit den 80er Jahren bekannt sind, wurden sie bei der Proto- kollentwicklung oft toleriert. Durch die kürzlich erfolgte Entwicklung von hochper- formanten Signaturverfahren werden allerdings Anwendungsgebiete von digitalen Signaturen möglich, welche einem Angreifer erhebliche verborgene Datenübertra- gungsraten ermöglichen, sofern die Signaturverfahren Subliminal Channels erlau- ben. Diese Arbeit zeigt die notwendigen Schritte zum Einbetten und Wiedergewinnen von versteckter Information in EdDSA-Signaturen und in auf multivariaten Po- lynomen basierenden Signaturverfahren auf und diskutiert die hierbei erreichba- ren Bandbreiten. Um die praktischen Auswirkungen der beschriebenen Subliminal Channels auf die Informationssicherheit zu erfassen, werden zudem Angriffsszena- rien bei Anwendungsgebieten wie signierten NTP-Broadcasts, signierten Sensorda- tenübertragungen im Smart Grid und Schlüsselvereinbarung bei TLS beschrieben. Bei diesen Anwendungen ist der Einsatz der neuen Signaturverfahren wahrschein- lich und damit potentiell eine heimliche Datenübertragung erheblichen Ausmaßes möglich. Um die Ergebnisse empirisch zu bestätigen, werden einige der Angriffssze- narien praktisch umgesetzt. Die Ergebnisse dieser Experimente bescheinigen den untersuchten Subliminal Channels eine wesentliche Bedeutung für sicherheitskri- tische Umgebungen. Für EdDSA im Speziellen werden außerdem verschiedene Methoden aufgezeigt, um die Ausnutzung jeglicher Subliminal Channels zu unterbinden, welche allerdings mit deutlichen negativen Auswirkungen auf den Signierprozess verbunden sind. Die beschriebenen Methoden sind daher in der Praxis nur in den wenigsten Fällen umsetzbar, womit von Subliminal Channels weiterhin ein Risiko ausgeht, das bei der Verwendung von EdDSA bzw. von Signaturverfahren im Allgemeinen beachtet werden muss. Parts of this thesis have been published in the Proceedings of the 9th International Workshop on Managing Insider Security Threats (MIST’17) [1] and the Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA) Vol. 9.1 [2]. Contents 1 Introduction1 1.1 Motivation................................2 1.2 Aims of this Thesis...........................3 1.3 Methodological Approach.......................4 1.4 Outline..................................6 2 Cryptographic Fundamentals7 2.1 Digital Signatures............................7 2.2 Information Hiding...........................8 2.3 Groups and Fields........................... 10 2.3.1 Galois Fields.......................... 11 2.3.2 Elliptic Curves......................... 11 2.4 Discrete Logarithms and Diffie-Hellman................ 12 2.5 EdDSA Signatures........................... 13 2.6 Signatures based on MQ Cryptography................ 14 2.6.1 Signature Generation and Verification............. 15 2.6.2 Trapdoors............................ 16 2.6.3 Modifications.......................... 19 3 Related Work 21 4 Adversarial Communication Scenarios 23 4.1 Preconditions.............................. 23 4.2 Clock Synchronization Protocols.................... 24 4.3 Smart Grid Communication...................... 25 4.4 Traditional Use Cases.......................... 26 5 Subliminal Channels in EdDSA 29 5.1 The Broadband Channel........................ 29 5.2 A Narrowband Channel........................ 30 5.3 Combining Broadband and Narrowband Channel.......... 32 5.4 Mitigating Subliminal Communication................ 32 5.4.1 Ensuring Subliminal-Free Signatures............. 32 5.4.2 Detecting Subliminal Communication............. 37 6 Subliminal Channels in MQ Signatures 39 6.1 Randomness in MQ Signatures.................... 39 6.1.1 Explicit Randomness...................... 40 ix 6.1.2 Loss of Surjectivity....................... 41 6.1.3 Subliminal-Free Trapdoors................... 42 6.2 Subliminal Channel 1: Recovering Vinegar Variables......... 42 6.3 Subliminal Channel 2: Using the Minus Modification........ 43 6.4 Narrowband Channels......................... 44 6.5 Existing MQ Signature Schemes.................... 44 6.6 Properties of MQ Subliminal Channels................ 46 6.7 Mitigation Techniques......................... 47 7 TLS Information Hiding 49 7.1 The TLS Handshake.......................... 50 7.2 Covert Channels............................ 51 7.3 Subliminal Channels.......................... 53 7.3.1 RSA Ciphertext......................... 53 7.3.2 Diffie-Hellman Parameters................... 54 7.3.3 Digital Signatures........................ 54 7.4 Mitigation Techniques......................... 56 7.5 The Impact of Subliminal Channels in TLS.............. 57 8 Experimental Results 61 8.1 NTP Broadcasts............................ 61 8.2 PMU Sensor Data Transmissions................... 62 8.3 TLS Key Exchange........................... 62 8.4 MQQ-SIG: A Practical MQ Subliminal Channel........... 62 8.5 Summary................................ 64 9 Conclusions 65 9.1 Contributions.............................. 66 9.2 Limitations............................... 67 9.3 Future Work............................... 68 References 69 Statement on Academic Integrity 77 x List of Figures 1 Illustration of subliminal channels...................1 2 The Diffie-Hellman key exchange.................... 12 3 The basic operation principle of MQ signature schemes........ 15 4 Botnet Command and Control using signed NTP broadcasts.... 24 5 Information leakage using signed phasor measurements........ 26 6 A broadband subliminal channel in EdDSA.............. 30 7 A narrowband subliminal channel.................... 31 8 Warden scenario to achieve subliminal-freeness............ 33 9 An interactive method for achieving subliminal-freeness....... 35 10 Subliminal channels exploiting vinegar variables and the minus mo- dification................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    91 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us