Today Computer Security � Embedded system security � This is a huge area � General principles � Prof Kasera teaches a good course on it � Examples � Today we are not talking about � Protocol design (another huge area) � Password issues � Access control � Cryptography (huge area) � Multilevel security � Network security Old Joke Embedded Security � Q: What does a secure computer system look like? � Main difference with respect to network security: � Attacker has access to the hardware � A: It’s buried in concrete, with the power turned off and the network cable cut Trusted Computing Base TCB Example � Any secure system has a trusted computing base � From Ken Thompson’s Turing Award lecture (TCB) “Reflections on Trusting Trust” � If the TCB operates properly, the system is secure � What if the compiler recognized that it was compiling � By definition, attacks do not originate from the TCB the OS and inserted a trapdoor? � Obviously a smaller TCB is better � Vulnerability not found anywhere in OS source code � But almost always the compiler and OS are in the TCB � Compiler also has to recognize that it’s compiling � Difficult to maintain integrity of TCB when attacker itself and add the attack code has access to the hardware � Problem not found in the compiler code either � Schneier: “A 'trusted' computer does not mean a � Defenses against this? computer that is trustworthy.” � U.S. DoD: “… a system that you are forced to trust because you have no choice.” 1
Threat Models System Questions � Cannot even talk about security without a threat � How long must the system remain secure while model under attack? � Components of a threat model: � Does the system need to be usable during the attack? � Who is the attacker? � What are the attacker’s goals? � Does the system need to be usable after the attack? � What are the attacker’s capabilities? � Does the system require human intervention to � Here’s one classification: remain secure? � Class 1 – Clever outsider � How much … � Class 2 – Knowledgeable insider � increase in cost … � Class 3 – Funded organization or government � decrease in performance … � decrease in usability … � are acceptable to achieve security? Threat Model Examples ATM Security � What are some potential threat models for: � ATMs are a good case study � The door locks on your house? � In wide use for several decades • Most everyday physical security systems are like this � Substantial rewards for successful attacks � Your laptop? � Your home computer? � Fact: ATMs were the “killer app” for modern � A voting machine? cryptography � Your bank’s ATM? � Earlier, crypto was a niche technology used by governments and militaries � First: What are the threat models? Review: Private Key Crypto ATM Security Overview � Given a private key and a block of data, a private-key � Each ATM has its own secret key algorithm encrypts the data so that it cannot be � Entered into ATM keyboard in two parts by two bank decrypted without the key officials � When you use the ATM � Also called “symmetric key cryptography” � This technology is simple and efficient to implement � Account number is read from the magnetic stripe on your card � DES and AES (Rijndahl) are popular examples � It’s encrypted using the ATM’s secret key � Of course attackers are free to try to: � Resulting encrypted value is checked against your PIN � Guess the key � ATM has a “security module” � Steal the key � Piece of trusted, tamper-proof hardware � Gain access to the unencrypted data � Unencrypted data never leaves this module � Etc. 2
What Goes Wrong in ATMs More ATM Problems � Processing errors on the bank mainframe side cause � Repairman installs computer inside an ATM that lots of problems sniffs and records card and PIN data � Error rate between 1/10,000 and 1/100,000 � Criminal finds PINs by looking over people’s � Mail fraud gives attackers cards and PINs shoulders, then account numbers from receipts � Fraud by bank staff in poorly-run banks � One kind of ATM would give out 10 bills when a specific 14-digit number was entered � E.g. what could happen if both parts of an ATM key are given to a single worker? � False terminals are used to collect lots of PINs � Encryption is single-DES � Can be brute forced Physical Tamper Resistance Secure HW: IBM 4758 � Physical security is important � History: As computers got cheaper, location-based � Historically, naval code books were weighted so they could be thrown overboard in event of capture physical security became � Russian one-time pads were printed on cellulose nitrate impractical � Bank servers are in a guarded computer room � PINs etc. cannot be trusted � ATM is basically a PC in a safe with some fancy peripherals to standard HW/SW � “The IBM 4758 is a secure crypto-processor implemented on a high- security, programmable PCI board.” Cryptoprocessor Goals Cryptoprocessor Features � Critical data (keys) never leaves the device � Robust metal enclosure � Resist sniffing attacks � Tamper-sensing mesh � Resist physical attacks – attacker has a logic analyzer � Key memory: Static RAM designed to be zeroed � Resist software attacks when the enclosure is opened � Data is kept moving to avoid burn-in � Freezing and radiation attacks difficult to foil � Military systems have used self-destruct � Trusted core is “potted” in epoxy � Crypto processor � Key memory � Tamper sensors � Alarm circuitry � Forces attacks to involve cutting, drilling, etc. 3
Smartcard Attacks Smartcards � Protocol attacks – sometimes it enough to listen to � Smartcard: communication between the card and world � Microcontroller � Defense: Avoid stupid protocols � Serial interface � Stop the card from programming EEPROM � Packaged in a plastic card or a key-shaped device � Vpp is higher than Vcc, requiring a voltage multiplier or � Tiny secure processors cannot use many features of external programming power the IBM 4758 � Slow down the processor, then read voltages from the surface of the chip � However, bar is lower – these aren’t guarding an entire � Defense: Detect low clock rates bank’s resources � Probe wires on the chip – probing the processor bus � Single most widespread use: GSM phones gives both code and data values � Why are smartcards attractive? � Defense: Surface mesh � Can validate that someone paid for something without � At present: Probably not feasible to build a contacting a central server smartcard that is secure when attacked by an equipped expert Trusted Computing Trusted Computing Elements � You need to trust Windows and Linux with any data � Endorsement key – a key unique to your machine on your computer that you must not get � However: Content providers cannot trust Windows � Protected I/O paths – data channels between and Linux processor and peripherals that cannot be altered or read � Consider the distribution of encrypted movies with software decryption in the OS kernel � Memory curtaining – areas of RAM for trusted � Trusted computing: Create PCs that content computing that even the OS does not have access to providers can trust � Remote attestation – your computer can attest that it � Said a different way: It’s not really your PC is your machine and has not been tampered with � Fundamentally tough problem: Give consumers the bits without giving them the bits More TC Conclusions � Digital rights management � Embedded security is hard because the hardware is out in the world � Preventing cheating in online games � Only security experts should connect embedded � Protection from identity theft systems to networks � Take a good security course if you’re going to do this stuff � So… is it good? � Non-networked systems at least have a chance 4
Recommend
More recommend
