INSE 6150 Lecture Notes

Transcription

1 INSE 6150 Lecture Notes Lecture 11: Human Procedures (cont.) and Hardware Security Course Instructor: Prof. Jeremy Clark Scribed by: Kobra (Ava) Khanmohammadi Concordia University, winter Procedures (cont.) Lecture continued the security issues relate to procedures from last session. For airport example presented in last session, lack of checking ID or boarding pass lead to bypassing the security policy by the adversary. It solved by changing the procedure regard to checking the ID in different parts. The real experience with international flight in last week by Dr. Jeremy Clark shows that it is not legal to show your boarding pass electrically and also they check both boarding pass and ID in boarding gate to fly. Security check Items carried by passengers in airport are included in the following set: {Allowed, Prohibited}. Prohibited items are: 1. Confiscated: items prohibited to have. But by having them, you won t be in serious trouble. The security guard will simply throw the items away. a. Eg. liquid over 100ml b. There are some exception such as: i. Duty free (chain of custody) ii. Saline solution iii. Baby food c. Rules are enacted based on: i. Ad hoc ii. Reactionary: by addressing yesterday s threat. Eg. The experience of shoes bomb lead to enact a rule needs the passenger to take off their shoes in passing the security gate. d. Merely confiscating give you unlimited tries and eventually through human error, it won t get caught. 2. Denied Boarding: a. eg. Weapon b. Having them will lead in being arrested.

2 Airport Architecture security There are 2 layout for the architecture of airport. The first one is more popular. Airport Architecture comments If one person wonders into secure zone accidentally then (?) More efficient (pipeline through common security clearance) Clear the entire secure zone (!) Description: they will take everybody out and check again. Flight will be canceled. It will take typically 3 days for airport to back up. Security clearance centers grows with number of gates Limited Description: the issue will be limited only to the gate which one get into. Airgaps have an offline computer (or offline intranet) for performing sensitive computation Human will physically move data onto and off the computer. Example: nuclear plant operation, or CAs computer generating the certificate As the figure above shows it is not secure. For example, if a USB is dropped in parking lot, employee plays it in to see if it has data to return it to its owner. Procedures: it needs the chief security officer to revise the procedure to prevent these kinds of issues.

3 Social Engineering The example presented here will show how social engineering cause breaking of the security procedures. Bitcoin exchange service has a website hosted in a data center (Co. Rogers). It protected by secured physical access. This service works like this that one can transfer the money from his bonk account for exchange to his Bitcoin account. Customers have signing key in their computer; use it to have authority to their account. If this key steals, it can be used to get into one s account. Central service keep track how many Bitcoin one has in his account. This problem happened in Ottawa to lose $100k in Bitcoin. To social engineer: Attacker opens customer chat windows Attacker: Hi, I am Bitcoin exchange service administrator, I own a computer with you, and it doesn t work. Can you go and reboot it into recovery mode and may be hooking a laptop up to give me access? Customer service: sure Lock gone You see that there is no procedure in place for customer service. 2- Hardware Security Hardware includes: 1. Hardware in your computer a. ASICS (chips) b. FPGA (programmable) c. Firmware (kind of programmable in low level) d. TPM (Trusted Platform Modules) 2. Hardware you carry around a. Smart cards (RFID) b. SIM cards c. Chip & PIN (eg. Credit cards / debit cards) d. Physical Uncloneable Functions (PUFs) e. Token (RSA) One procedural difference between swipe cards and chip & PIN cards is that for chip & PIN cards, the service guy should never touch the card. But in swipe cards, you give it to them, they swipe it and they may copy it. In addition, whether it is hard to read information of the chip, but you don t have to hand it to other person.

4 Supply chain security If you don t have control of supply chain, you are vulnerable to malware. When you buy a product, it may contain malware. Thus, the concept of supply chain security is important. Memory may be pre-infected with malware. Big Problem: hard drive, digital picture frames, memory sticks, GPS units, etc. Even major manufactures experience supply chain security problem: IBM, Apple, Dell, Samsung, HP, etc. Recently reported in credit card terminals. Trusted Platform modules (TPMs) TPM is a chip in your computer. It is useful to store cryptographic keys. It gives a chance to enable secure boot. As your software stack boots : (BIOS bootloader OS), (Apps) TPM takes measurements of values in registers, etc. After boot, it signs the final state. OS checks this state and traces signature back to Intel; Part of the TPM stores a cryptographic key. This key is signed by the manufacture and uses for signing the final state of the system. Also supports remote attestation (checking): if somebody works for a company and access remotely. They will save the final state and while connecting ask to send the final state saved in TPM to check if it is the final secure state you logged in. there is a problem for this approach: o Privacy concern, tracking. (TPM signing key is unique); each person have unique TPM and each TPM has unique key. It is possible to keep track of person with the unique key used by TPM. o To solve privacy concern, use Crypto protocol: DAA (Direct Anonymous Attestation); It just prove that the final state is signed with valid key but don t show the value of the key or whose key is it. Also allows storage of keys o Full disk encryption; TPM give a chance to stick key in a secure place. If it doesn t stick there, it has to be somewhere. It is shown that if the key goes to RAM to read it, there is a possibility to read by freezing the RAM. Freezing the RAM will make the content to be there around 10 minutes. Thus, enough time to read it. Disadvantage: doesn t protect against run-time attacks (CI, BO, ROP). After secure boot, all the run-time attack may happen. But malware cannot permanently stay in computer. Smart Cards There are two kinds of smart cards: 1- Active (have power), or 2- Passive (no power): eg. RFID; more common; they powered by the reader. Five attack methods for smart cards: 1- Recover Functionality via Black-box Testing

5 SpeedPass (gas, vehicles); SpeedPass is the brand name Guess output based on inputs and check against card Reverse-engineered (week crypto) break it Mitigate: use known crypto standards Description: Some smart cards have their secret cryptography algorithm and circuit. To find out the circuit, person may try to guess the circuit and test the input and output of the guessed circuit and the smart card circuit. Therefore, the secret algorithm will be revealed. Here the goal is not to find out the key or content, the goal is recovering the encryption algorithm. 2- Recover Functionality via Imaging Mifare (subway, library books) Peeled off layers of chip chemically Exposed circuit, photographed it, trained a computer vision algorithm to recognize 2- NAND, 3-NAND, NOT, etc gates. Reverse-engineered, the crypto is week attack it. Mitigate: use known crypto standards 3- Disrupt Functionality with Selected Dropping Protocols would fail open: So if there is no response, then it will permit action; So it is easy to disrupt Eg. TV cable/satellite providers; stream all channels, some card that deny access to certain channels are fail open; these cards are example of active cards. Mitigate: never fail open 4- Recover key (give you know where it is stored) Cat & mouse: probing Slow down the clock cycle, reboot Mitigation: smaller circuits, tamper protect them Description: we know the crypto algorithm. The key is set in the card and we want to get the value of the key. Flip flops stores the keys. Knowing the circuit does not give you the value of the key, it just says it stored in these flip flops. Using the small probes and stick it to the flip flops to examine the voltage to know if it is one or zero. This technic is called Cat & mouse because designers make small circuits and then attacker come up with better probes to stick to that flip flops and then designer try to make smaller flip flops and they goes back and forth. Now, this attack is not applicable because circuits are too small to prob. To augment the attack, you can slow down the clock cycle. So, it will get better chance to have reliable measurement because data will not go fast. In addition to slowing down, if he missed a value, he can reboot and have it repeat the values.

6 5- Recover Key via Power Analysis Read key value based on power consumption of the device; it needs to know the cryptographic algorithm and the exact time in algorithm that it uses key to encrypt the message. Mitigate: crypto trick Description: it seems having the shadow circuit in reverse of the crypto circuit will hide the key value (like the red one in the figure above). But, because of manufacturing differences, the circuit will not have exactly reverse result. So it is not applicable to use shadow inverse circuit. Another solution is crypto trick. In brief, you can multiply your message by random number. You basically blind it. You sign the blinded value. This crypto trick will resolve the issue fine. Chip & PIN Bank cards with a chip that stores the PIN; PIN is saved on the chip on the card not in the bank. When the PIN entered in terminal, it checked on the card. The idea behind the chip & PIN is what you know and what you have which means if your card is stolen, there won t be problem as the attacker doesn t know the PIN. The attack below shows how the stolen card is used without PIN. Attack (2010): let adversary steal a card and use it without the PIN Chip & PIN Protocol Complex hundreds of pages of specification;

7 Mitigation: Final state say exactly what transpired Mallory PIN (0000) Chip on card Stolen from Alice Banking system PIN OK Compu tational device (MITM) PIN Not required x x x x xx Sign (final state) Sign (final state) Description: The attacker uses a computational device that will stay between card and terminal. Attacker enters the stolen card along with the computational device into the terminal. It is asked for PIN. Attacker enters a wrong PIN like Computational device tell the card PIN is not required and also send OK for PIN to the terminal. Card is sign the final state as successful. The problem is that it doesn t say what is successful. If the card signs the message that says it is successful because no PIN is required, terminal can find out the problem. To solve this problem the final state must be more verbal and say what is successful.