Incident of the Week New logging functionality with insufficient - - PowerPoint PPT Presentation

Incident of the Week

• New logging functionality with

insufficient access control

• Accessible to any application

with internet access (i.e., almost all of them)

• Patching the issue is delayed

because the patch needs to be tested with all carrier partners

Designing a Secure Process: The Smart Grid

Source: NISTIR 7628 Cyber Security Strategy

Information Flow Security

• Information flow model
• Formal Model

– Formalise allowed/disallowed data flows – Bell-LaPadula (Confidentiality): No high security component of the system may communicate to a lower security component – Biba (Integrity): High integrity data must not be contaminated with lower integrity data

• Enforcement

Assurance

Securestick: USB Stick with internal encryption Automatic Key deletion after three wrong password attempts None of that was actually implemented

Assurance

• Aimed at purchaser / end user
• Assure the buyer that the

system is as secure as advertised

A bit of History

TCSEC (1985): Guidelines to evaluate the security of computer systems used in military settings. Mainly focuses on multilevel security:

– Bell LaPadula model – Reference Monitor Implementation

Test Criteria

• Configuration Management

– For TCB

• Trusted Distribution

– Integrity of mapping between master and installations

• System Architecture

– Small and modular

• Design Specification – vary between classes
• Verification – Vary between classes
• Testing
• Product Documentation

Security Levels:

• Rating combines both security capabilities and

assurance level--both go up as the rating goes up.

• Levels:

– Class D: Minimal Protection – Class C1: Discretionary Security Protection – Class C2: Controlled Access Protection – Class B1: Labeled Security Protection – Class B2: Structured Protection – Class B3: Security Domains – Class A1: Verified Design

Weaknesses

• Too narrow: Designed with specific architecture

and security goals in mind

– Data protection on information processing – Designed for multilevel security systems

• Mixing protection goal with validation level

– Not possible to have high assurance on low targets

• Test fixed configuration

– E.g., Window NT, no applications installed, no networt

Federal Information Processing Standards (FIPS)

• Framework for evaluating Cryptographic

Modules

• Still in Use (Compulsory for US Government

use)

• Addresses

– Functionality (e.g., white list of cryptographic algorithms) – Assurance – Physical security

Weakness:

• OpenSSL certified under FIPS-140

– Certification obtained Feb 2007

• Process took five (!) years

– Certified version is 0.9.7, 3 years old

• Problems

– Process slow – Public comments process used by competitors to derail certification

• Whitelist of cryptography needs change of FIPS standard for

anything that’s new.

– Inappropriate primitives used because of that – E.g., ZigBee use of MMO-AES, Street Lighting

• Sometimes leads to no security at all

Common Criteria

• Intended for both commercial and government use
• Process can be applied to the security characteristics of any IT product.
• Evaluations can be performed by any certified lab & accepted by all

countries

• Security Capabilities stated in a “Protection Profile” (PP) (User view of

needs)

– Usually defined as a generic for a product class – May be modified for a specific product into a “Security Target” (ST) (Vendor view of what they sell)

• Product to evaluate is the “Target of Evaluation” (TOE)
• Assurance rating is the “Evaluated Assurance Level” (EAL)

– CC calls this a “grounds for confidence” – EAL rating is 1 to 7 (high)

Evaluation Assurance Levels

• Basic Assurance

– EAL1: Functional Test – EAL2: Structural Test – EAL3: Methodical Test and Check – EAL4: Methodical Design, Test, and Review

• Medium Assurance

– EAL5: Semiformal Design and Test

• High Assurance

– EAL6: Semiformally Verified Design and Test – EAL7: Formally Verified Design and Tested ed

Issues with Common Criteria

• Time and cost of evaluation
• Re-evaluations for patches, new versions, etc.
• Does the PP really match the user requirements?

– E.g., Smart Meter communication module

• Environment, policies enforced by people not included
• Configuration is not part of the evaluation

– Impact of weak default configurations

• International acceptance of rating can be rejected in any

country for “national security” reasons. Effectively, NSA still evaluates products for classified use, and they want EAL 5 or better.

• Potential for corruption

– The test lab is paid by the vendor

“The CAPP provides for a level of protection which is appropriate for an assumed non-hostile and well- managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security. The profile is not intended to be applicable to circumstances in which protection is required against determined attempts by hostile and well funded attackers to breach system security. The CAPP does not fully address the threats posed by malicious system development or administrative

• personnel. CAPP-conformant products are suitable for

use in both commercial and government environments.”

Issues with the TOC

• Only applies to a specific set of patches

– i.e., you’d have to run a system with outdated patches

• Excludes any installed software

– Same issue as TCSEC

Assurance of Implementations

In 2008, the FBI found counterfeited Cisco routers in numerous government installations. They never published if they posed a real security risk.

Assurance of Implementations

How do I know what I bought is actually the same that got certified ?

• Vendors cutting costs by reducing functionality

– Save memory, processing power, components,…

• Undocumented new versions or patches

– Certified versions are usually rather old

• Malicious Backdoors (e.g., Hardware Trojans)

– The US did that, so why shouldn’t China ?

• Counterfeits

– Bought product only shares label with original

Assurance of Implementations

Remote attestation: Remotely measure the configuration of a system

• Usually needs extra hardware from trusted

vendor (e.g., TPMs)

• Measures boot sequence or memory contents
• Will detect (some) software changes

– Malicious changes still possible, e.g., hide malicious code in the graphics card

Assurance of Implementations

Unique Hardware to give devices a secure identity

• Secure smartcard from a trusted vendor

– Secure version of a serial number

• Uncloneable physical properties of the devices

– E.g., SRAM startup, timing, …

• Values can be queried remotely, or used to

protect critical code

– Code encryption – Software leashing

Assurance of Implementations

This is an active field of research, and still a lot

• f work to be done

As for all building blocks, the technological building blocks need to be integrated into architecture and policies

Policies

What went wrong here ?

Access Control

Why is a junior IT worker not blocked from copying the entire database ?

Key Management

• Key Generation

– No individual should have access to critical keys

• Key Distribution

– How do we securely get keys to where they’re needed – This is one of the biggest issues on security management

• Key Usage

– Wrong use of keys can break whole systems – Historic Example: Lorenz Cipher

• Key Retirement

– Deleting data is non-trivial

More Policies

• PC Usage Policy

– E.g., accidential sharing of hospital data via bittorrent

• Data Usage

– What data do we really need to do our business ? Everything else can be a liability

• Usability of all this

– Every policy and mechanism that inhibits users will be circumvented – This will be covered next week

Kerckhoffs’ Principle

• The system must be practically, if not mathematically,

indecipherable;

• It must not be required to be secret, and it must be able to fall into

the hands of the enemy without inconvenience;

• Its key must be communicable and retainable without the help of

written notes, and changeable or modifiable at the will of the correspondents;

• It must be applicable to telegraphic correspondence;
• It must be portable, and its usage and function must not require the

concourse of several people;

• Finally, it is necessary, given the circumstances that command its

application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to

• bserve.

How to spot a charlatan

Revolutionary Breakthrough

Revolutionary Breakthrough

Would you trust a ‘completely new way of flying’ because the vendor says ‘none of our planes has crashed yet’ ? Plus, how do they know ? Given the many respectable people working in that area, including organisations like the NSA, what do you have that they don’t ? Note: Ingenious new approaches are rare in security. Even more rare: The approach goes directly into a product.

How Security Revolutions do happen

• Public Key Cryptography first published in

1976/77 (after a lot of theoretical, but unpractical approaches towards it)

• Since then: dozens of papers improving it and

addressing practical issues

• 1982: Company RSA founded
• 1991: PGP Founded
• Official standards define the use (e.g., FIPS,

NIST SPs, PKCS#11)

If someone has a security breakthrough/revolution/approach that does it different from everybody else, be very, very careful. Demand analysis by (real, independent) experts.

No Details

Kerckhoffs’ Principle:

– It [the system] must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;

Proof By Meaningless competition

Misleading Certification

Missleading Certification (2)

Missleading Certification (2)

Use of Meaningless terms

Use of Meaningless Terms (2)

Meaningless Properties

Meaningless Properties (2)

A patent just means it’s now, not that is is secure! 15 years of development with no academic publications in between ? And the best you have to tell about your algorithm is that you worked a lot ? What are the test conditions ? Has anyone respectable tried ?

Technobabble

"The base of VME is a Virtual Matrix, a matrix of binary values which is infinity in size in theory and therefore have no redundant value. The data to be encrypted is compared to the data in the Virtual Matrix. Once a match is found, a set of pointers that indicate how to navigate inside the Virtual Matrix is created. That set of pointers (which is worthless unless pointing to the right Virtual Matrix) is then further encrypted in dozens other algorithms in different stages to create an avalanche effect. The result is an encrypted file that even if decrypted is completely meaningless since the decrypted data is not the actual data but rather a set of pointers. Considering that each session of VME has a unique different Virtual Matrix and that the data pattern within the Virtual Matrix is completely random and non-redundant, there is no way to derive the data out of the pointer set."

Unbreakability

Use of inappropriate scare examples

Use of inappropriate scare examples

Wikileaks was an Access Control problem, not lack of encryption!

Wrong use of One Time Pads

Wrong use of One Time Pads

• One Time Pads are really secure. They are also

very impractical due to key management issues (keys need to be the same size as the message)

• There is no way to make an OTP more efficient

without losing all security claims

Questions & Discussion