CSE 127 Computer Security

Size: px

Start display at page:

Download "CSE 127 Computer Security"

Hannah Cooper
8 years ago
Views:

1 CSE 127 Computer Security Fall 2012 Lecture #12 Physical Security Stefan Savage

2 Physical security What is physical security about? Controlling access to a physical space or object Examples: Gates/Barriers Locks Safes Alarms Mantraps Scanners

3 Same kind of problems as computer security Usability Security through obscurity Side channels Misplaced assumptions Securing the wrong thing Weakest link Lets look at some of this via locks

4 Locks Worlds oldest (pre-biblical) and most pervasive form of access control Egyptian tumbler lock design ~1000 BCE Modern Cylinder lock

5 How physical locks work Shear line Driver pins Plug Bottom pins courtesy Matt Blaze 5

6 How physical locks work courtesy Matt Blaze 6

7 Shared secrets There is a shared secret between the lock and the key its shape In fact, it s a digital code

8 Bitting codes A key can be precisely described with a discrete code Cuts at regular intervals (4-6 cuts) Depth of cuts quantized in standard fashion (typically 6-9 bins) digits sufficient to describe most keys 8

of cuts quantized in standard fashion (typically 6-9

9 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

10 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

11 Lock bypass via manipulation Picking & Raking Bumping 11

12 Picking 12

13 Picking Two parts Tension wrench used to apply slight lateral force on plug Pick used to lift individual bottom pins to the shear line Tension causes driver pins to bind above shear line 13

14 Picking 14

15 Raking Similar idea, but less finesse Rake pick moved in and out quickly imparts force to bottom pins; driver pins bind Quick & easy

16 Bumping Similar idea to raking, but does all pins in parallel; super easy to do Max-depth key (bump key) used to impart force to bottom pins who transfer energy to driver pins (think billiards) 16

17 Bumping 17

18 Some defenses Security pins Spool pins, mushroom pins, interlocking pins» Shapes that get stuck when plug under tension

19 Some defenses Security pins Spool pins, mushroom pins, interlocking pins» Shapes that get stuck when plug under tension Pin rotation (angled cuts on keys)

20 Some defenses Ancillary locking mechanisms; sidebars (2)

21 Side issue: master keying How do master keys work? Second set of pins (spacers); multiple shear lines

22 Hmmm. problem? Suppose 6 pins and 10 positions per pin In principal 10 6 combinations; can t guess master But what if you have one working key Scenario: your key: , master: Make key: ; does it work? No, cut groove down one position; at position N it works! If N is not equal to 5, then N is the master cut for that pin Repeat for each pin; six keys are sufficient if all six pins have master pins; Rights Amplification 22

23 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

24 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

25 Problem The bitting code is only secret if the key is kept secure What if I borrow your key?

26 Lock bypass via surreptitious duplication Field casting Decoding 26

27 The power of decoding = Key Blank Key replica Code key cutting machine 27

28 28

29 29

31 Optical decoding Decode keys semi-automatically from photos Traditional computer vision problem (photometry) Normalize for scale and rotation 31

32 Sneakey: UCSD Reference key measured at control points User supplies correspondences between target key and reference image Image normalized (homographic transform), cut locations identified and cut depths measured (n guesses) 32

33 Works really well Almost perfectly from up close photos (e.g., cell phone cameras, etc) But that s no fun what would James Bond do?

34 Distance experiments 34

35 Where s the Key?

36 One defense: restricted keyways Key shape registered to customer and not avaialble for sale to anyone else 36

37 One defense: restricted keyways But 3D Printers Key milling machines 37

38 A better approach Electronic & mechanical keys Challenge/response via RF But own issues; batteries, replay, how to program, etc

39 Very high security Electronic; no battery; self-erase; heavy RF shielding; different combination for each user; unerasable audit log

40 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, you can t access what is protected

41 Design assumptions If you don t know the secret code, you can t open the lock The secret code is secret If you can t open the lock, everything is fine

43 Taking the big picture What is the threat? Capabilities, resources, goals Faster than the bear or faster than the next guy? What are all the ways the adversary might get access (the attack surface )?

44 Deterrence No physical security is perfect For indiscriminate adversary (e.g., burglar) goal is to make cost higher than its worth Go elsewhere Deterrence can be indirect Lojack story Determined adversary may not be deterable How to increase risk, response, cost, time E.g. time locks, relockers

45 Physical security metrics What are you protecting against? Covert entry Time oriented» Group 1: resist expert manipulation for 20 hrs» Group 2m: resist expert manipulation for 2hrs Capability oriented» Group 1r: sub-category of group 1 that resists radiological probing Destructive entry Container drill resistance (e.g., 15, 30, 60 mins)

46 Defying assumptions

47 Also: Denial of service 47

48 Worse denial of service

49 For those interested Check out Matt Blaze s work» Safecracking for the Computer Scientist» Cryptology and Physical Security: Rights Amplification in Master- Keyed Mechanical Locks» Notes on Picking Pin Tumbler Locks, MIT Guide to Lockpicking Locksport International ( Matt Tobias s books (Locks, Safes and Security the bible) However NEVER pick a lock you do not own ALWAYS know the local law about using such tools 49

50 Comparison Both physical and computer security require similar mindset What could an adversary do, what is the easiest way for them to do it, what is the easiest way to stop them, etc Both vulnerable to technological surprise Lock bumping and computational code solving Some differences Physical objects subject to physical laws, but imprecise notion of hardness to break (e.g., Class I safes); less complex dependencies Digital objects exist in largely self-contained world; hardness can sometime be precise; complex dependencies 50

51 Next time Malware I And midterm return 51

Physical Security: From Locks to Dox

Physical Security: From Locks to Dox Introduction to Red Team Physical Security Penetration Testing Jess Hires Jax Locksport www.hacksonville.com Disclaimer This information is to be used for professional