everybody be cool this is a robbery
play

Everybody be Cool, This is a Robbery! Normal: Normal: Emphasis: - PowerPoint PPT Presentation

Color Scheme Color Scheme 52 29 89 89 89 89 55 32 89 89 40 68 121 37 121 200 208 200 226 194 194 153 153 255 153 153 150 153 153 0 Text Formatting Text Formatting Everybody be Cool, This is a Robbery! Normal:


  1. Color Scheme Color Scheme 52 29 89 89 89 89 55 32 89 89 40 68 121 37 121 200 208 200 226 194 194 153 153 255 153 153 150 153 153 0 Text Formatting Text Formatting Everybody be Cool, This is a Robbery! Normal: Normal: Emphasis: Emphasis: Jean-Baptiste Bedrune , Gabriel Campana Open Sans Open Sans Open Sans Open Sans Size 12 Size 12 Size 12 Size 12 firstname.lastname@ledger.fr Black Black Turquoise Turquoise Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE Hong Kong - New York - Paris – San Francisco - Vierzon BOLD BOLD

  2. Color Scheme Color Scheme Disclaimer 29 52 89 89 89 89 32 55 89 89 68 40 121 37 121 208 200 200 The Donjon (Ledger Security Team) assess the security of technologies used by • 226 194 194 Ledger 153 153 255 153 153 150 The vulnerabilities in this presentation were found during a security audit • 153 153 0 We don’t want to single out one particular vendor • Goals: Text Formatting Text Formatting • Raise awareness about HSM security • Normal: Normal: Emphasis: Emphasis: Open Sans Open Sans Open Sans Open Sans Lay the groundwork for other security researchers • Size 12 Size 12 Size 12 Size 12 Black Black Turquoise Turquoise Improve the overall security • Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

  3. Color Scheme Color Scheme Agenda 52 29 89 89 89 89 32 55 89 89 68 40 37 121 121 208 200 200 What is an HSM? • 194 226 194 Characteristics of the HSM assessed • 153 153 255 153 153 150 Brief intro to PKCS #11 • 153 153 0 Developing tools for vulnerability discovery • Vulnerability research and exploitation Text Formatting Text Formatting • Normal: Normal: Emphasis: Emphasis: Open Sans Open Sans Open Sans Open Sans Size 12 Size 12 Size 12 Size 12 Black Black Turquoise Turquoise Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

  4. Color Scheme Color Scheme 52 29 89 89 89 89 55 32 89 89 68 40 37 121 121 208 200 200 194 226 194 153 153 44 153 153 144 153 153 200 HSM? Text Formatting Text Formatting Normal: Normal: Emphasis: Emphasis: Open Sans Open Sans Open Sans Open Sans Size 12 Size 12 Size 12 Size 12 Black Black Turquoise Turquoise Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

  5. Color Scheme Color Scheme What is an HSM? 52 29 89 89 89 89 32 55 89 89 68 40 121 37 121 200 208 200 Security enclaves to store and process sensitive data • 226 194 194 Computes cryptographic operations • 153 153 255 153 153 150 Generate keys • 153 153 0 Keys never leave the enclave • Physical computing device: • Text Formatting Text Formatting PCI card or network appliance • Normal: Normal: Emphasis: Emphasis: Open Sans Open Sans Open Sans Open Sans One or more crypto-processors • Size 12 Size 12 Size 12 Size 12 Anti-tampering countermeasures Black Black Turquoise Turquoise • Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

  6. Color Scheme Color Scheme Usage Examples 52 29 89 89 89 89 32 55 89 89 68 40 37 121 121 208 200 200 PKI: • 226 194 194 CA’s private key generation and storage, certificates signing • 153 153 255 153 153 150 Requirement for all CAs (CA-Browser Forum Baseline) • 153 153 0 Banking: CVV verification, transaction authorization, payment card personalization • Telecommunications: strong cryptographic material for key injection by SIM • Text Formatting Text Formatting manufacturer Normal: Normal: Emphasis: Emphasis: Open Sans Open Sans Open Sans Open Sans DNSSEC: storage of Root Zone keys (FIPS 140-2 level 4 HSM) • Size 12 Size 12 Size 12 Size 12 Black Black Turquoise Turquoise Cloud services: encryption/decryption of customer data • Slide title: Slide title: TITLE: TITLE: HSM-as-a-Service: Google, Microsoft, Amazon, etc. • Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

  7. Color Scheme Color Scheme How much does it cost? 29 52 89 89 89 89 55 32 89 89 68 40 37 121 121 208 200 200 Only a few vendors, no market share information • 226 194 194 No public prices, large range of models for each vendor • 153 153 255 153 153 150 According to Hackable Security Modules (REcon Brussels 2017): • 153 153 0 Brand X, Model A: $29,500.00 • Brand Y, Model B: $9,500.00 • Text Formatting Text Formatting Brand Z, Model C: $15,000.00 • Normal: Normal: Emphasis: Emphasis: Open Sans Open Sans Open Sans Open Sans Size 12 Size 12 Size 12 Size 12 Black Black Turquoise Turquoise Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

  8. Color Scheme Color Scheme Appliance (Host + HSM) 52 29 89 89 89 89 32 55 89 89 40 68 37 121 121 208 200 200 HSM 226 194 194 PCI Express card • 153 153 255 Also available as a network • 153 153 150 appliance) 153 153 0 FIPS 140-2 level 3 certified • Components are coated in epoxy • USB and serial ports for an optional Text Formatting Text Formatting • smart-card reader Normal: Normal: Emphasis: Emphasis: Ethernet controller without connector • Open Sans Open Sans Open Sans Open Sans Size 12 Size 12 Size 12 Size 12 Host Black Black Turquoise Turquoise Standard Linux server • Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Linux Kernel modules • Size 14 Size 14 SIZE 12 SIZE 12 CLI and GUI software, SDK white white DARK GREY DARK GREY • UPPERCASE UPPERCASE BOLD BOLD

  9. Color Scheme Color Scheme Communication: Shared DRAM 52 29 89 89 89 89 32 55 89 89 68 40 37 121 121 Host (Linux x86-64) HSM (PowerPC) 208 200 200 226 194 194 153 153 255 153 153 150 153 153 Messaging Messaging 0 module module Text Formatting Text Formatting Kernel land Kernel land Normal: Normal: Emphasis: Emphasis: Open Sans Open Sans Open Sans Open Sans Size 12 Size 12 Size 12 Size 12 API.so API.so Black Black Turquoise Turquoise Client (host to (requests HSM HSM) handler) Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 User land User land white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

  10. Color Scheme Color Scheme FIPS 140-2: Security Requirements for Cryptographic Modules 29 52 89 89 89 89 32 55 89 89 40 68 121 37 121 208 200 200 U.S. government computer security standard • 226 194 194 Level 1: basic software requirements • 153 153 255 153 153 150 Level 2, 3, 4: physical requirements • 153 153 0 Level 3: Detection and response to attempts at physical access, use or modification • of the cryptographic module Text Formatting Text Formatting Normal: Normal: Emphasis: Emphasis: Not a certification about software attacks Open Sans Open Sans Open Sans Open Sans Size 12 Size 12 Size 12 Size 12 Black Black Turquoise Turquoise Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

  11. Color Scheme Color Scheme 52 29 89 89 89 89 55 32 89 89 68 40 37 121 121 208 200 200 194 226 194 153 153 44 153 153 144 153 153 200 PKCS #11 Text Formatting Text Formatting Normal: Normal: Emphasis: Emphasis: Open Sans Open Sans Open Sans Open Sans Size 12 Size 12 Size 12 Size 12 Black Black Turquoise Turquoise Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

  12. Color Scheme Color Scheme PKCS #11: Introduction 52 29 89 89 89 89 32 55 89 89 68 40 37 121 121 208 200 200 Generic interface to communicate with a cryptographic device • 194 226 194 Smart card • 153 153 255 153 153 150 HSM, etc. • 153 153 0 Portable API: Cryptographic Token Interface (Cryptoki) • Session management • Text Formatting Text Formatting Cryptographic objects manipulation • Normal: Normal: Emphasis: Emphasis: Open Sans Open Sans Open Sans Open Sans Operations on these objects (encryption, decryption, signature, etc.) • Size 12 Size 12 Size 12 Size 12 Black Black Turquoise Turquoise Slide title: Slide title: TITLE: TITLE: Open Sans Open Sans OPEN SANS OPEN SANS Size 14 Size 14 SIZE 12 SIZE 12 white white DARK GREY DARK GREY UPPERCASE UPPERCASE BOLD BOLD

Recommend


More recommend