Software and Systems Engineering Standards: Verification and Validation of Sy...
Lecture # 14: Salami and Linearization Attacks
1. Lecture #14: Salami and Linerization Attacks
Program and OS Security -Part III
Dr.Ramchandra Mangrulkar
September 2, 2020
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 1 / 11
2. Contents
Malicious and Non-Malicious programming errors
Targeted Malicious codes
Salami Attack
Linearization Attack
Covert Channel
Control against Program threats
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 2 / 11
3. Targeted Malicious codes
malicious code is written
- for a particular system,
- for a particular application,
- and for a particular purpose.
the attacker or the code writer studies the system carefully identifying its
weaknesses.
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 3 / 11
4. Salami Attack
The way odd bits of meat and fat are fused together in a sausage or salami.
A salami attack merges bits of seemingly inconsequential data to yield
powerful results.
Programs often disregard small amounts of money in their computations, as
when there are fractional pennies as interest or tax is calculated.
An example of salami slicing, also known as penny shaving, is the fraudulent
practice of stealing money repeatedly in extremely small quantities, usually by
taking advantage of rounding to the nearest cent (or other monetary unit) in
financial transactions.
a programmer modifies the arithmetic routines such as interest computations.
Typically, the calculations are carried out to several decimal places beyond
the customary 2 or 3 kept for financial records.
If the programmer arranges to collect these fractions of pennies in a separate
account, a sizable fund can grow with no warning to the financial institution.
An embezzler removed 0:20to0.30 from hundreds of accounts two or three
times a year.
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 4 / 11
5. In Short Salami attack is
Programmer ”Slices off ” Money
Slices are hard for victim to detect
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 5 / 11
6. Example : Salami Attack
The classic tale of a salami attack involves interest computation. Suppose
your bank pays 6.5 percent interest on your account. The interest is declared
on an annual basis but is calculated monthly. If, after the first month, your
bank balance is $102.87, the bank can calculate the interest in the following
way. For a month with 31 days, we divide the interest rate by 365 to get the
daily rate, and then multiply it by 31 to get the interest for the month. Thus,
the total interest for 31 days is 31/365*0.065*102.87 = $0.5495726. Since
banks deal only in full cents, a typical practice is to round down if a residue is
less than half a cent, and round up if a residue is half a cent or more.
However, few people check their interest computation closely, and fewer still
would complain about having the amount $0.5495 rounded down to $0.54,
instead of up to $0.55. Most programs that perform computations on
currency recognize that because of rounding, a sum of individual
computations may be a few cents different from the computation applied to
the sum of the balances.
More Examples
http://www.mekabay.com/nwss/116p--salami_fraud.pdf
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 6 / 11
7. Salami Attacks in Literature
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 7 / 11
8. Linerization Attack
eXtended Sparse Linearization (XSL) attack
a method of cryptanalysis for block ciphers
attack was first published in 2002 by researchers Nicolas Courtois and Josef
Pieprzyk
in AES, shorten the amount of time it takes to retrieve the secret message
without having the key
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 8 / 11
9. Linerization Attack Example
Cracking Password based on
Password Verification time
(Password = ”S123N456”)
For Efficiency, Check made one char
at a time
Can attacker take advantage of it
Correct Password; Verification Time
Maximum
Incorrect password; Verification
Time Minimum
Attacker tries all 1 char String and
finds ”S” takes longer time
Attacker tries all 2 char String ”S*”
and finds ”S1” takes longer time
and so on...
attacker is able to get serial number
one char at a time
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 9 / 11
10. Advantages of Linearization
Suppose serial number is 8 characters and each has 128 possible values
1288
= 256
possible serial numbers
attacker would guess in 255
tries
with Linearization Attack, the work is about 8 £ (128=2) = 29
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 10 / 11
11. Problem
Suppose password length is 2 characters and each has 32 possible values [
A-Z and 0-5]. With Linearization Attack, how many tries it will require to
break the password.
Home work http://cse.iitkgp.ac.in/~abhij/publications/XL_
SGE-InfoSecHiComNet11.pdf
Dr.Ramchandra Mangrulkar Lecture #14: Salami and Linerization Attacks September 2, 2020 11 / 11