High Assurance Security Product Life-Cycle Considerations

Transcription

1 High Assurance Security Product Life-Cycle Considerations Jussipekka Leiwo Director and principal consultant

2 Motivation and objective Demonstrate how proper attention to the life-cycle concerns of computer security products contributes to the security of the critical national infrastructure, mission critical systems of organisations, national R&D and manufacturing competence and the engineering and manufacturing reputation of a nation. 2

3 Chip and pin scam 3

4 FIPS 140-2, CC certified tokens cracked 4

5 What s really inside your phone? 5

6 And the whole issue of counterfeits 6

7 And the whole issue of counterfeits 7

8 And the whole issue of counterfeits 8

9 And the whole issue of counterfeits 9

10 And the whole issue of counterfeits 10

11 And the whole issue of counterfeits 11

12 And the whole issue of counterfeits 12

13 And the whole issue of counterfeits 13

14 And the whole issue of counterfeits 14

15 And the computer security problem? Feeling good about the authenticity of the computer security products deployed in infrastructure and mission critical applications? 15

16 Considerations and analysis Example Issues Failure(s) Chip and Pin Scan Tampered devices from legitimate manufacturing site, audited processes. Collusion of insiders required for successful scam of that magnitude. Insufficient manufacturing site security, monitoring. Insufficient delivery and product authenticity assurance. Certified, cracked products Spyware, counterfeits Functionality of the cracked product different from the FIPS and CC verified. Product version identifiers are identical even if the functionalities differ. Is your hardware and software really what it looks to be? What about exploits on devices with rich application download and installation features? Insufficient configuration management practices and procedures. Insufficient manufacturing and product authenticity assurance. 16

17 Embedded product in a globalized world API, platform, tools IC Design IC Manufacturing IC Packaging Integration SW/FW Engineering Testing, verification End use Product packaging Personalisation 17

18 Complexities abound! 1. Crossing national, cultural and organisational boundaries; 2. Different QA and security procedures; 3. Each facility produces components to several customers; 4. Each facility must only operate on authentic components; 5. Procedural meals insufficient to assure authenticity, integrity of components; and 6. Within each facility, several manufacturing stages may take place. Lifecycle security model of the product must anticipate and address each potential threat in the whole manufacturing life-cycle to establish secure product life-cycle. 18

19 What does it mean to be secure? 19

20 Implications to product security design 20

21 Implications to stakeholders 21

22 Questions?