INLICHTINGEN DIENSTEN INLICHTINGEN DIENSTEN



Similar documents
INLICHTINGEN DIENSTEN INLICHTINGEN DIENSTEN

UEFI Firmware Security Best Practices

Side Channels: Hardware or Software threat?

Protecting Data with Short- Lived Encryption Keys and Hardware Root of Trust. Dan Griffin DefCon 2013

Betting BIOS Bugs Won t Bite Y er Butt? Xeno Kovah Corey Kallenberg

A Tale of One Software Bypass of Windows 8 Secure Boot. Yuriy Bulygin Andrew Furtak Oleksandr Bazhaniuk

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Attacking Hypervisors via Firmware and Hardware

Cautions When Using BitLocker Drive Encryption on PRIMERGY

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Hi and welcome to the Microsoft Virtual Academy and

UEFI Implications for Windows Server

UEFI on Dell BizClient Platforms

Penetration Testing Windows Vista TM BitLocker TM

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

UNCLASSIFIED Version 1.0 May 2012

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Introduction to BitLocker FVE

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Encrypting with BitLocker for disk volumes under Windows 7

Full Drive Encryption Security Problem Definition - Encryption Engine

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

How to Encrypt your Windows 7 SDS Machine with Bitlocker

Patterns for Secure Boot and Secure Storage in Computer Systems

Trustworthy Computing

Embedded Trusted Computing on ARM-based systems

DELL. Unified Server Configurator Security Overview. A Dell Technical White Paper. By Raja Tamilarasan, Wayne Liles, Marshal Savage and Weijia Zhang

Attacking Hypervisors via Firmware and Hardware

Managing BitLocker Encryption

Firmware security features in HP Compaq business notebooks

Session ID: Session Classification:

Software Token Security & Provisioning: Innovation Galore!

Hardware Backdooring is practical. Jonathan Brossard (Toucan System) Florentin Demetrescu (Cassidian)

Encrypting stored data. Tuomas Aura T Information security technology

Software Execution Protection in the Cloud

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

UEFI SECURE BOOT IN MODERN COMPUTER SECURITY SOLUTIONS

Secure Storage. Lost Laptops

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Post-Access Cyber Defense

CCEVS Approved Assurance Continuity Maintenance Report

Windows Phone 8 Security Overview

Fastboot Techniques for x86 Architectures. Marcus Bortel Field Application Engineer QNX Software Systems

Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.

Section 12 MUST BE COMPLETED BY: 4/22

Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot

Chapter 15: Computer and Network Security

Disk Encryption. Aaron Howard IT Security Office

Cisco Trust Anchor Technologies

A White Paper By: Dr. Gaurav Banga SVP, Engineering & CTO, Phoenix Technologies. Bridging BIOS to UEFI

In order to enable BitLocker, your hard drive must be partitioned in a particular manner.

Using the TPM: Data Protection and Storage

ERNW Newsletter 42 / December 2013

An Improved Trusted Full Disk Encryption Model

Supply Chain (In-) Security

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

Absolute Backdoor Revisited. Vitaliy Kamlyuk, Kaspersky Lab Sergey Belov, Kaspersky Lab Anibal Sacco, Cubica Labs

Security Policy for FIPS Validation

Computer Setup User Guide

Operating System Security

USB Bare Metal Restore: Getting Started

1. Fault Attacks for Virtual Machines in Embedded Platforms. Supervisor: Dr Konstantinos Markantonakis,

Frontiers in Cyber Security: Beyond the OS

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems

Strategies for Firmware Support of Self-Encrypting Drives

Making UEFI Secure Boot Work With Open Platforms

Innovative Secure Boot System (SBS) with a smartcard.

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

Dell Client BIOS: Signed Firmware Update

BlackBerry 10.3 Work and Personal Corporate

Windows BitLocker Drive Encryption Step-by-Step Guide

Encrypted File Systems. Don Porter CSE 506

HP ProtectTools Embedded Security Guide

Factory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010

Windows Operating Systems. Basic Security

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

Windows 7. Qing Liu Michael Stevens

Guidelines on use of encryption to protect person identifiable and sensitive information

Loophole+ with Ethical Hacking and Penetration Testing

USB Portable Storage Device: Security Problem Definition Summary

HP BUSINESS NOTEBOOK PC F10 SETUP OVERVIEW

WYLE REPORT NO. T Appendix A.4. Security TEST CASE PROCEDURE SPECIFICATION (T )

The Fundamental Failures of End-Point Security. Stefan Frei Research Analyst Director

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

BOOTKITS: PAST, PRESENT & FUTURE Eugene Rodionov ESET, Canada Alexander Matrosov Intel, USA David Harley ESET North America, UK

Software-based TPM Emulator for Linux

End User Devices Security Guidance: Apple OS X 10.10

Information Systems Services. SafeGuard Enterprise. enc. Device Encryption (DE) Installation V /11/2010

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

How to register. Who should attend Services, both internal HP and external

Transcription:

Indien u hergebruik wenst te maken van de inhoud van deze presentatie, vragen wij u in het kader van auteursrechtelijke bescherming de juiste bronvermelding toe te passen. 17 juni 2014 De Reehorst in Ede INLICHTINGEN DIENSTEN SPIONAGE INLICHTINGEN DIENSTEN SPIONAGE PRIVACY PRIVACY GEORGANISEERD DOOR MADISON GURKHA www.blackhatsessions.com Your Security is Our Business omslag BHS_2014_01.indd 1 10-06-14 11:30

Spies and secure boot Job de Haas Riscure Security Lab

Who am I Job de Haas Principal Security Analyst at Riscure Testing security on: Set-top-boxes, mobile phones, smart cards, payment terminals, ADSL routers, VoIP modems, smart meters, airbag controllers, USB tokens, Before: Pentesting network security (since 1991) Riscure Services: Security Test Lab Product: Side Channel Tools Full range testing: detailed hardware to white-box crypto and obfuscation 2

Overview How we protect personal data How we trust our systems How the evil maid beats us The end 3

Where is our data? 4

Username & password 5

Mobile users need speed! 6

Patterns are easier to remember 7

Challenge response 8

Also mobile 9

Bypass!! 10

Encryption is better 11

Real encryption please! 12

Phone encryption 13

Full disk encryption 14

Overview How we protect personal data How we trust our systems How the evil maid beats us The end 15

It s mine! 16

Was it tampered with? 17

Was it tampered with? 18

19

Secure boot! Wikipedia: In computing, booting (or booting up) is the initialization of a computerized system. Also called: Trusted boot or Verified boot Purpose: To start a system such that it can be trusted not to be tampered with. 20

Secure boot everywhere 21

Secure boot theory Internal boot ROM KEY Verify signature Optional decrypt 1 st stage boot loader Verify signature Optional decrypt N th stage boot loader Application Verify signature Optional decrypt Root key internal Chain of trust 22

Secure boot challenges Internal boot ROM Who owns the key? 1 st sta How to update code? KEY Verify signature Optional decrypt boot lo How to protect the ROM? 23

Alternative: TPM Trusted Platform Module Forward measurements TPM PCR: Platform Configuration Registers CRTM: Core Root of Trust for Measurement 24

UEFI Unified Extensible Firmware Interface Replacement of legacy BIOS Advantages (Wikipedia) ability to boot from large disks (over 2 TB) with a GUID Partition Table (GPT) CPU-independent architecture CPU-independent drivers flexible pre-os environment, including network capability modular design Introduces Secure Boot + TPM 25

Our data is secure We protect our data with encryption and passcodes We trust our devices with secure boot and TPM All is well!!! 26

Overview How we protect personal data How we trust our systems How the evil maid beats us The end 27

How can this be? Why would an evil maid want my stuff? Attacker modelling What can she do, my device is trusted! Breaking trust How can she get it, it is encrypted! Stealing the key 28

Attacker modelling Access Remote Physical Time Minutes Hours Skills Script kiddie Professional State Equipment Screwdriver Custom mod chips 29

Grugq: attacker or target? 30

Hotel safe before 31

After 32

Challenge What can you do With physical access In 1 hour With professional skills Using tools for mainstream products 33

Stealing the key Recipe for stealing the data and the key (requires: flaw in trust): 1. Open laptop 2. (Clone the disk) 3. Insert 1 st malicious program 4. Close laptop, leave 5. Wait for owner to boot device: 6. Ask for the password 7. Decrypt the disk 8. Modify it to start a 2 nd malicious program 9. Start the operating system + 2 nd program: 10.Use network to send the key / password 11.2 nd program hides tracks or backdoor 34

Verify signature Optional decryp Trust in detail: ROM Internal ROM in PC: serial Flash Programmable internal and externally Internal boot ROM KEY Verify signature Optional decrypt 1 st stage boot loader 35

Serial Flash protection Intel provides two SPI Flash protection methods: 1. BIOS_CNTL BIOS Lock Enable BIOS Write Enable System Management Mode (SMM) protection of BIOS Write Enable 2. Protected Range Register for SPI Flash protection Must be configured on each boot 36

Serial Flash protection flaws Many BIOS vendors do not set BIOS Lock Enable Most BIOS vendors do not set Range Protections BIOS update routines contain vulnerabilities: SPI flash access Only BIOS Lock Enable: any SMM bug breaks security Copernicus tool shows BIOS protections http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicusquestion-your-assumptions-about 37

TPM Measurements Initial startup FW at CPU reset vector PCR[0 ] CRTM, UEFI Firmware, PEI/DXE [BIOS] UEFI Boot and Runtime Services, Embedded EFI OROMs SMI Handlers, Static ACPI Tables PCR[1 ] SMBIOS, ACPI Tables, Platform Configuration Data PCR[2 ] EFI Drivers from Expansion Cards [Option ROMs] PCR[3 ] [Option ROM Data and Configuration] PCR[4 ] UEFI OS Loader, UEFI Applications [MBR] PCR[5 ] EFI Variables, GUID Partition Table [MBR Partition Table] PCR[6 ] State Transitions and Wake Events PCR[7 ] UEFI Secure Boot keys (PK/KEK) and variables (dbx..) PCR[8 ] TPM Aware OS specific hashes [NTFS Boot Sector] PCR[9 ] TPM Aware OS specific hashes [NTFS Boot Block] PCR[10] [Boot Manager] PCR[11] BitLocker Access Control From: Evil Maid Just Got Angrier, Yuriy Bulygin 38

Real TPM measurement From: BIOS Chronomancy: Fixing the Core Root of Trust for Measurement, John Butterworth et al 39

How bad is it? BIOS/FW Exploits (BH USA 07, PoC 2007, BH USA 09, DEFCON 16) BIOS/FW Rootkits (BH EU 06, BH DC 07, Phrack66) SMM Exploits (CSW 2006, Phrack65, Phrack66, BH USA 08, bugtraq, CSW 2009) Mebromi malware (U)EFI Bootkits (BH USA 2012 @snare, SaferBytes 2012 Andrea Allievi, HITB 2013) Intel/McAfee - Evil Maid Just Got Angrier (CSW 2013) Intel/McAfee A Tale of One Software Bypass of Windows 8 Secure Boot (BlackHat 2013) MITRE - Xeno Kovah, John Butterworth, Corey Kallenberg - BIOS Security (NoSuchCon 2013, BlackHat 2013, Hack.lu 2013) MITRE - Xeno Kovah - Defeating Signed BIOS Enforcement (PacSec 2013) ANSSI - Pierre Chifflier UEFI and PCI BootKist (PacSec 2013) Dragos Ruiu - Meet badbios the mysterious Mac and PC malware that jumps airgaps (#badbios) Kaspersky Lab / Absolute Software Microsoft Technical Advisory 2871690 Intel Security/MITRE - All Your Boot Are Belong To Us (CanSecWest 2014) Upcoming: MITRE - Setup for Failure (Syscan 2014) From: Platform Security Assessment with CHIPSEC, Intel 40

What should be done? From: Platform Security Assessment with CHIPSEC, Intel 41

What now? More tooling: Platform Security Assessment with CHIPSEC from Intel https://github.com/chipsec/chipsec Copernicus 2: secure measurements from MITRE http://www.mitre.org/publications/technicalpapers/copernicus-2-senter-the-dragon UEFI Analysis Framework Subzero https://github.com/theopolis/subzero 42

More guidance NIST guidelines (also for servers) Vendor specific (pre-) boot guidelines TPM/Bitlocker best practices 43

Fault attacks! Even perfect code is not perfect Fault attacks manipulate the device physically Voltage glitches Clock glitches Electro Magnetic pulses Laser pulses 44

EM-FI Transient Probe 45

Research probes The EM-Probes from left to right: Probe 1, 2.3, 2.4, 2.5, 3, and 4 Probe Name Probe 1 Probe 2.3 Probe 2.4 Probe 2.5 Probe 3 Probe 4 Description Horizontal coil, 4mm diameter, ferrite core Vertical coil, 3mm diameter, no core Vertical coil, 4mm diameter, no core Vertical coil, 5mm diameter, no core Horizontal coil, 4mm diameter, EP5 ferrite core Vertical coil, 4mm diameter, ferrite core 46

Is it a real attack? Slot machine EMP jammer 47

Slot machine EMP jamming http://www.youtube.com/watch?v=dew0kd_-ypw 48

EM FI Troopers14 19 March 2014 49

Ideal secure device checklist All BIOS protections turned on (serial flash) BIOS enforces authenticated updates UEFI secure boot checks all signatures TPM measurements (configured with coverage) Authentication with password + removable token TPM unseals disk encryption key Full disk encryption applied with key 50

Parting thoughts Data security depends heavily on system trust What is your attacker model? Default system trust is low! Acceptable system trust (secure boot) is really hard 51

Contact: Job de Haas dehaas@riscure.com Principal Security Analyst Riscure Security Lab Riscure B.V. Frontier Building, Delftechpark 49 2628 XJ Delft The Netherlands Phone: +31 15 251 40 90 Riscure North America 71 Stevenson Street, Suite 400 San Francisco, CA 94105 USA Phone: +1 650 646 99 79 www.riscure.com inforequest@riscure.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information