Protecting Data in Untrusted Locations An exercise in Real World - - PowerPoint PPT Presentation

▶

Aug 22, 2022 300 likes •718 views

Protecting Data in Untrusted Locations An exercise in Real World threat modeling. Jan Schaumann 99CE 1DC7 770A C5A8 09A6 @jschauma 0DCD 66CE 4FE9 6F6B D3D7 Me. Errday. Obligatory James Mickens This World of Ours reference.

SLIDE 1

Jan Schaumann @jschauma

99CE 1DC7 770A C5A8 09A6 0DCD 66CE 4FE9 6F6B D3D7

Protecting Data in Untrusted Locations

An exercise in “Real World” threat modeling.

SLIDE 2

Me. Errday.

SLIDE 3

SLIDE 4

https://t.co/Ej94YI4Ovr

Threat Model

Obligatory James Mickens “This World of Ours” reference.

SLIDE 5

https://t.co/Ej94YI4Ovr

Threat Model

Obligatory James Mickens “This World of Ours” reference.

SLIDE 6

SLIDE 7

gonna tweet Tweeters

SLIDE 8

https://t.co/ykdsHGV84r

SLIDE 9

https://t.co/ykdsHGV84r

SLIDE 10

https://t.co/ykdsHGV84r

SLIDE 11

Threat Actors:

hackeris vulgaris
organized crime (fsvo “organized”)
local governments or intelligence services
foreign governments or intelligence

services

Threat Model

SLIDE 12

Threat Model

Assets:

Physical Equipment
Local Service Access Point
Access/Entry point to Infrastructure
TLS keys

SLIDE 13

Access/Entry point to Infrastructure

physically protected systems
no “secrets” permanently stored on

systems

traffic severely restricted
all traffic must be mutually authenticated

SLIDE 14

SLIDE 15

https://www.xkcd.com/538/

Obligatory XKCD comic.

This also works.

SLIDE 16

SLIDE 17

TLS keys

SLIDE 18

Y U NO HSM?

TLS keys

SLIDE 19

No time to explain - get in the llama!

SLIDE 20

SLIDE 21

SLIDE 22

SLIDE 23

Booting

First time:

boot into single-user mode
generate TPM-backed CSR
submit CSR to service in datacenter
cert generated, used to encrypt client puppet key
encrypted puppet key stored in host image

Nth time:

iPXE via TLS
init script decrypts puppet key using TPM
puppet does its thing

SLIDE 24

http://cm.bell-labs.com/who/ken/trust.html

Obligatory “Reflections on Trusting Trust” reference.

SLIDE 25

Wile E. Coyote has an MBA.

Value of Asset Cost of Attack Wile’s ROI

SLIDE 26

Wile E. Coyote has an MBA.

Value of Asset Cost of Attack Wile’s ROI

SLIDE 27

Raising the cost of attack

Wile E. Coyote needs:

physical access
ability to attack running system
persistent undetected presence

SLIDE 28

Wile E. Coyote has an MBA.

Value of Asset Cost of Attack Wile’s ROI

SLIDE 29

Wile E. Coyote has an MBA.

Value of Asset Cost of Attack Wile’s ROI

SLIDE 30

Reducing the value of TLS keys

Forward Secrecy
tightly scoped certificates
short-lived
alert if observed outside of expected env

SLIDE 31

Possible scenarios

hardware compromised prior to us

racking it

resources compromised through

temporary physical access (ACME backdoor)

ACME fake hole, ACME rocket

powered roller skates, ACME do-it- yourself tornado kit, ACME earthquake pills, ...

SLIDE 32

SLIDE 33

SLIDE 34

Lessons: You can’t just rub some crypto on it.

http://youtu.be/YsY2-yi5W74

SLIDE 35

Lessons: Know your assets, know your adversaries.

SLIDE 36

SLIDE 37

SLIDE 38

SLIDE 39

SLIDE 40

Jan Schaumann @jschauma

54FE 193F 64ED DD0B CFDE 40D6 1983 626F 1E52 3D3A

Thanks!

(now get in the llama!)