Rowhammer bitflip testing for binaries and cryptographic implementations (AES-GCM)
Microarchitectural attacks exploit design choices made by hardware vendors. Cache attacks, or attacks like Meltdown and Spectre, target the CPU. Microarchitectural attacks either target design choices or exploit bugs introduced by mistakes in the hardware or the microcode. Rowhammer attacks exploit a design flaw in DRAM chips. Hardware vendors steadily reduced sizes and reduced refresh rates of the cells. With specially-crafted memory access routines it is possible to access DRAM cells fast enough to create interference between cells, which will cause them to change their load, hence, changing their logical state.
Rowhammer attacks use this phenomenon to target memory areas where bitflips would benefit the attacker. Researchers have shown that bitflips in page tables can cause privilege escalation and bypass security mechanisms implemented in modern operating systems. It has also been shown that similar attacks work for memory chips used by solid-state disks. Besides flipping bits in page tables, researchers showed that when flipping bits in executables, the program’s behaviour can change. With such changes, it is possible for an attacker to abuse programs for privilege escalation, or to bypass authentication-checks.
In this thesis, we present a method for testing binaries for possible execution-path changes introduced by bitflips. In this work, we pre-define an expected outcome for a program and then search for all single bitflips which cause the program to behave in the desired way. We scan the entire address space of the program, including all dynamically loaded libraries. We show results for bitflips in programs used for authentication on Linux-based systems. We bypass user privilege checks, which lead to privilege escalation, or enable login without knowing the user's password. We also show a bypass of HTTP basic authentication, allowing an attacker to download files which unauthenticated users are not allowed to access. In addition to searching for bitflips in executable files, we also look at possible other attack vectors for Rowhammer. We demonstrate that bitflips applied to the runtime of cryptographic calculations can break assumptions made by the communicating parties and can even provide key leakage. We apply bitflips to the implementation of AES-GCM in OpenSSL and show how Rowhammer can be used to cause reusing of nonces.
With our work, we want to increase the awareness of Rowhammer and show how software security is affected by bitflips. We urge all hardware vendors to not forget to keep their systems secure and not compromise security with lower prices and higher performance.
Home | We <3 Developers | About us | Generated with pagegen.py