Hartl, A. R. (2018). Subliminal channels in high-speed signatures [Diploma Thesis, Technische Universität Wien]. reposiTUm. https://doi.org/10.34726/hss.2018.44020
digital signatures; subliminal channels; network security
en
Abstract:
One of the fundamental building blocks for achieving security in data networks is the use of digital signatures. A digital signature is a bit string which allows the receiver of a message to ensure that the message indeed originated from the apparent sender and has not been altered along the path. In certain cases, however, the functioning of signature schemes allows an adversary to additionally utilize the signature string as a hidden information channel. These channels are termed subliminal channels and have been known and tolerated since the 80s. Due to the recent progress in the development of high-speed signature algorithms, however, application scenarios for digital signatures become feasible that lead to a large exploitable bit rate for data exfiltration, given that the deployed signature scheme allows the utilization as subliminal channel. This thesis shows how certain high-speed signature schemes can be exploited to carry hidden information. In particular, we analyse the recent EdDSA signature scheme, which yields substantial future potential, as well as the class of Multivariate Quadratic (MQ) signature schemes. We discuss how an adversary can proceed to embed and recover subliminal information and what bit rate the adversary can achieve for transmitting hidden information. Scenarios like signed NTP broadcasts, signed sensor data transmissions and the TLS key exchange are depicted, where the existence of a subliminal channel gives rise to new attack possibilities threatening network security. To confirm these findings we discuss the results of performed experiments, which attest a considerable subliminal bandwidth to the analysed signature schemes. Furthermore, we depict several methods for preventing the exploitation of subliminal channels in EdDSA, but we have to conclude that none of them is viable in a practical situation, reinforcing the threats that originate from the described subliminal channels.