Ask Your Question
0

How safe is Gnuk against side channel attacks, USB sniffer, or electron/tunneling microscope?

asked 2012-10-30 16:00:58 +0900

hiroshi gravatar image hiroshi
21 6

I have many concerns. How safe is Gnuk against side channel attacks, USB sniffer, or electron/tunneling microscope?

delete close flag offensive retag edit

4 Answers

Sort by ยป oldest newest most voted
0

answered 2012-11-02 09:22:19 +0900

gniibe gravatar image gniibe flag of Japan
41 3 5
http://www.gniibe.org/

updated 2012-11-02 09:25:31 +0900

Developers for security devices should consider attacks and threats. Users would, too.

The most important thing is software vulnerability. In this answer, let me talk about software vulnerability, at first. That's because this is more likely than other threats.

Gnuk developers are security conscious, however, it is still possible for Gnuk to have security related bugs.

Thus, Gnuk support firmware upgrade. This is not only for security bugs, but the feature guarantees that the device is under control of its user. Note that it is not Tivoization, where hardware vendor controls firmware upgrade. But it is the user who control the device.

Gnuk is Free Software, and I (gniibe) think that it is mandatory for user's freedom of computing.

We need much care here too. Software upgrade could be one of weak points, and it could have its own security bugs.

link delete flag offensive edit
0

answered 2012-11-02 09:56:01 +0900

gniibe gravatar image gniibe flag of Japan
41 3 5
http://www.gniibe.org/

updated 2012-11-05 13:03:11 +0900

For side channel attacks, in general, we could consider power analysis attack, timing attack, etc.

Gnuk took routines of AES and RSA from PolarSSL version 0.14, and then, RSA routines for ARM were heavily modified for speed.

See this PolarSSL news, and you could evaluate how it's good (not only against side channel attacks but also about vulnerabilities, etc.).

Because RSA routines in Gnuk is heavily modified version, it could have a flaw, but I (gniibe) believe nothing.

That's being said, let us think about the real scenario for Gnuk Token.

If it is possible for an attacker to do some side channel attacks, it means that the attacker has full control of your Gnuk Token or he has full control of your host PC. Note that attackers don't need to have full control, in many cases of side channel attacks against keys on host PC.

Doing side channel attacks against RSA computation means that Gnuk Token has been authenticated. Given some control of communication for authenticated Gnuk Token, it is more likely for attackers to just send requests to the Token to make digital signature or to do authentication.

Simply stealing Gnuk Token, it is not possible to do side channel attacks against RSA computation of your private keys.

link delete flag offensive edit
0

answered 2012-11-02 10:02:00 +0900

gniibe gravatar image gniibe flag of Japan
41 3 5
http://www.gniibe.org/

If your host PC is under control of an attacker and USB communication is monitored, your pass phrase will be stolen. Or it is more likely for attackers to send requests to the Token to make digital signature or to do authentication, if they have such a control.

Gnuk has a feature to support input by device itself, but it requires some additional hardware. If it is enabled, it will be safe against USB monitoring.

link delete flag offensive edit
0

answered 2012-11-02 10:10:16 +0900

gniibe gravatar image gniibe flag of Japan
41 3 5
http://www.gniibe.org/

We use general purpose MCU, which is not designed as "tamper-resistant". So, in theory, it is possible for microscope to extract data from the chip.

But it is very costly, if possible. Nondestructive inspection is harder.

link delete flag offensive edit

Your answer

Please start posting your answer anonymously - your answer will be saved within the current session and published after you log in or create a new account. Please try to give a substantial answer, for discussions, please use comments and please do remember to vote (after you log in)!
[hide preview]

Question tools

Follow

subscribe to rss feed

Stats

Asked: 2012-10-30 16:00:58 +0900

Seen: 295 times

Last updated: Nov 05 '12