In the recent times spanning from the late 1980s till now, Kleptography and cryptosystems have been under discussion majorly because of the kind of threats that they possess to the security domain, and there have been innumerable number of scenarios that have been documented well about the kind of threats and attack that might be possible due to it.
Although smart cards, trusted platform modules (TPMs), Hardware security modules (HSMs) and other forms of smart devices claim to secure the cryptographic keys from external intrusion, however one can never be sure about the authenticity that the black box claims of. So penetrative attack is quite common in black box cryptography. Furthermore, we can never be sure of what is happening after a black-box is implemented via encapsulation.
"The study of stealing information in a concealed manner” is termed as Kleptography. In this type of attack asymmetric encryption is used by the developer to create a cryptographic backdoor. So, this a way to employ cryptography against cryptography by implementing a backdoor, which is there itself in the pre-existing communicating channel and it does not even require any additional data for transmission. Thus, Kleptographic attacks are environment specific attacks focusing on cryptosystems rather than just any other software or web vulnerability. The following section describes how it works.
A black box generates asymmetric keys, public and private keys respectively. A private key is one which should permanently remain inside the black box to avoid duplication and theft, however, a public key is free to get transmitted beyond the black box. And it is generally accepted that a private key is nonderivable from a public key. However, if the whole key generating process is manipulated by embedding a cryptographic backdoor in the cryptosystems at the time of manufacturing, then it paves way for the attacker to access the private key without any third party assistance. This is because while using the cryptographic functions no unexpected errors will occur as the public keys will have clear visibility. The security impact in this kind of scenario will be massive and to extreme lengths, as the attacker can fake signatures and decrypt secret data as per his/her will, this happens even when the generated cryptographic keys are sealed in a black box and no unauthorized access permission is granted.
Reverse engineering is one of the most important ways through which this kind of manipulation can be done, and this needs to be prevented with the implementation of strong security measures as is found in few of the dedicated cryptographic hardware. The private key can be obtained outside the black box through reverse engineering mechanism as the pseudo-random generator is generated inside the black box and is almost fixed.
“Secretly Embedded Trapdoor with Universal Protection" (SETUP) attack is one of the most prevalent Kleptographic attacks and it is based on the RSA key generation technique. This attack is based on the asymmetric encryption technology and it becomes quite a hefty task to detect this kind of attack, and even if one is able to discover it through reverse engineering, the private key of the attacker can never be found out although we can get the public key. Over the years since 1996, when SETUP attack was first discovered a lot has changed and the attack has been further enhanced and developed immensely with the changing technological advancement. Initial SETUP attacks were based on targeting algorithms depending on the difficulty of RSA or other factoring primes, but as it depended on cracking discrete algorithm it possessed a lot of problems. In the coming years a lot of Kleptographic attacks against various algorithms were discovered, like in 2002 an attack against the Diffie-Hellman key exchange algorithm was introduced.
Preventing risks associated with Kleptography:
There are numerous ways to counter Kleptography:
- The European Union standard for the production of security-related industrial hardware must be adhered to. Like for example according to EU production of that hardware should be evaluated independently and in as many numbers of stages as possible so as to ensure maximum transparency throughout the production process.
- Another basic approach would be to combine hardware from different manufacturers into a single system. Using smart cards from two different manufacturers thereby encrypting data twice would ensure more security. This is because in this case even if a manufacturer manipulates in the manufacturing process it would not able to decrypt the key as it would not have the private key of the other smart that is being used in this case. But, having said that all the above-mentioned approaches do ensure security and but it is often quite complex to implement them practically.
- Eliminating subliminal channel is another logical idea to reduce the risk of extracting information from these channels.
- Another most important technique would be to verify the RSA key generation process by a third party. In this type of distributed key generation technique, the private key is confidential to the black box, so the key generation process is not manipulated and thus it is not possible for a Kleptographic attack.
Authored By - Sayan Upadhyay
TCS Cyber Security Community