Mobile Security Lab

Symmetric algorithms are often used for encrypting embedded and mobile firmware images in order to protect code and data confidentiality, AES-CBC being a typical choice.
Firmware files are usually also fully signed, but, in our experience, we met cases where encryption of some regions was the only security measure, relying only on the confidentiality of the key itself.

The lack of integrity protections, that is sometimes regarded as a minor issue in case the encryption key is maintained secret (e.g.: in hardware), may leave open some attack paths that, in some very specific cases, allow an attacker to introduce modification in selectively targeted plaintext regions.

These ideas, even if not necessarily new or applicable in a wide range of cases, are, nonetheless, here presented with the intent of stressing the need for proper integrity protection, even if the encryption key is considered secret.
Scenarios are presented for CBC mode of a generic symmetric encryption algorithm, but they may be applicable also to other modes.

(more…)

“Dunque…noi vogliamo sapere…per andare dove dobbiamo andare, per dove dobbiamo andare?”

that is

“Now…we would like to know…to go where we have to go, where are we supposed to go?…”

“Totò, Peppino e…la malafemmina – 1956”

No, we’re not crazy; right, we are supposed to talk about mobile security, but at the same time we feel that a short introduction is needed, so let’s start from the beginning: what’s all of this about ?

We plan to use this space mainly as a kind of blackboard to document some of the research activities we are involved in. On top of this, we would like to post about some of the material that we use or develop during our work. What we would like to do is to stimulate some discussion on themes that, while not directly related to any security issue, could constitute the basis on which new tools or techniques could be developed.

The reason to do so is that we strongly believe in the important role of a multidisciplinary approach in security research and, even more, in the mobile security field. To this effect we try to leverage, as our best tool, some of our personal backgrounds, ranging from information science to electronics engineering to physics (and, of course, ICT security).

While doing so, we try our best to understand not only how to break this security measure or how to exploit that product, but also how all the parts of the increasingly complex mobile scenario interact. We have found that this way of working tends to stimulate the production of collateral ideas; while most of them have no immediate use, we love to explore them and and try to relate them to other, seemingly unrelated, concepts.

So, this is the ultimate meaning of the text quoted at the beginning of this post: to really understand not only what we are doing but also how to link and exploit all this knowledge fragments to achieve a better overall security level in the mobile world.

By the way, if you did not see that movie, you really should 😉