The paper “Segregating Keys from noncense: Timely Exfil of Ephemeral Keys from Embedded Systems” has been accepted for presentation at the International Conference on Distributed Computing in Sensor Systems (DCOSS 2021) that takes place 14-16 July 2021 in Cyprus, at the Coral Bay near the city of Pafos. Dr Thanassis Giannetsos, Head of UBITECH’s Digital Security and Trusted Computing Research Group, and his co-author, from DTU, demonstrate how adversaries can, without knowing the software layout or memory data structures of running services, exploit the Key-Exposure Problem (KEP) in network-connected resource-constrained microcontroller-based embedded systems (MCUS) to exfiltrate cryptographic keys, during system operation systematically, without affecting system usability.
They present generic methods for overcoming two significant challenges revolving around successful key exfiltration: (i) how to acquire the memory contents systematically while the key is exposed (exfiltration phase) and (ii) how to efficiently reduce the search space of arbitrary key material (localization phase). Specifically, targeting the nature of MCUS, we demonstrate how to exploit the causality between transceiver invocation and utilization of keyed cryptosystems to acquire timely memory extractions.
Concretely, since keyed cryptosystems inherently run post-reception (e.g., to verify or decrypt an incoming payload), they can, by periodically exfiltrating conventionally used memory regions for storing run-time data (e.g., the memory stack), capture data belonging to the keyed cryptographic function during the inevitable Key Exposure Window (KEW) caused by the KEP. Further, as a software- and cryptosystem- agnostic method of locating key material, we propose to apply specific data mining techniques that leverage the stack’s innate composition.
The intuition behind the presented work is to showcase how vulnerable the existing commodity MCUS are against sophisticated attacks and emphasize the need for appropriate prevention strategies.
