0
Cybersecurity Peter L. Levin Consulting Professor January 2009
Evolution of GPS Service <ul><li>Availability (sparse constellation) </li></ul><ul><li>Accuracy (selective availability) <...
The Problem Statement <ul><li>“The United States is already engaged in a ‘low-intensity’ cyber conflict”. </li></ul><ul><l...
“It is a battle we are loosing”
The Black Swan Effect <ul><li>We won’t be more secure in a day </li></ul><ul><ul><li>Planning takes time, energy, focus </...
Public Awareness Has Changed
“ several Georgian state computers [were] under external control” So they moved websites to Google:
P2P uses as much as 60% of  Internet Bandwidth P2P networks offer an easy way to  disguise illegitimate payloads  using so...
Machine Readable Travel Documents
Cracked in ten seconds for $10,000
<ul><li>Real-world reliability vs digital security reliability  </li></ul><ul><li>Seven nines: aircraft landing </li></ul>...
The (Cyber)Security Marketplace
Hardware Sabotage “The most monumental non-nuclear explosion ever seen from space” was reportedly caused by the US in a So...
Hardware’s Axis of Evil
Counterfeits are Expensive and Dangerous <ul><li>Exploit complexity </li></ul><ul><li>Difficult to detect </li></ul><ul><l...
Chip-Making in Four Easy Steps RTL & Layout Design Mask Creation Logic Circuit Design Function Specification Thanks to Gra...
Chip-Level Hardware Assurance Graphic from Sally Adee, IEEE Spectrum authenticity and provenance mechanical compromise add...
“ Your Hands Can’t Hit What Your Eyes Can’t See” DAFCA  provides on-chip, at-speed, in-system visibility
Integrate Verification and Validation <ul><li>Tap the lines “pre-silicon” </li></ul><ul><ul><li>Software only  </li></ul><...
Why At-Speed Observability Matters <ul><li>Example:  5 billion transaction “boot scenario” </li></ul><ul><ul><li>SW simula...
Two Examples <ul><li>By “hardware assurance” we mean: </li></ul><ul><li>Is the chip authentic? </li></ul><ul><li>Is the ch...
Detect Malfunction <ul><li>Invisible to functional logic </li></ul><ul><li>Invisible to application software </li></ul><ul...
An Instrumented GPS Chip Trace RAM (1k x 128) Transaction   Engine PTE TRACER LCD_MUX CB1_MUX aligner 4-fifo grp_lcd_out g...
The Road Ahead abstraction Detected Violation Software objects, pointers, calls,  register writes Bus cycles, arbitration ...
Device Authenticity/Anti-Counterfeit <ul><li>Counterfeit chips are easy to make, hard to detect </li></ul><ul><li>Enormous...
An Anti-Counterfeit Architecture <ul><li>DAFCA – on-chip instrumentation </li></ul><ul><li>eScrypt – embedded security </l...
On-Chip, At-Speed, In-System Instrumentation <ul><li>Tap the lines pre-silicon </li></ul><ul><ul><li>Conveniently, easily,...
Establish An Encrypted Channel <ul><li>On-Chip PKI </li></ul><ul><ul><li>Extremely compact </li></ul></ul><ul><li>Unique  ...
Embed A Secret <ul><li>Unique GPS token </li></ul><ul><ul><ul><li>One-time insertion </li></ul></ul></ul><ul><li>Prove aut...
Use GPS to Ensure Authenticity <ul><li>Easy to use – no interruption of design implementation flow </li></ul><ul><li>No sp...
Secure Channel, Secret Message <ul><li>DAFCA + eScrypt + Zanio enables </li></ul><ul><ul><li>Access to the Zanio core from...
Location Security  <ul><li>Application areas </li></ul><ul><ul><li>Public health and safety </li></ul></ul><ul><ul><li>Tol...
Next Generation Cybersecurity <ul><li>Augment the GNSS utility to </li></ul><ul><ul><li>Defeat spoofing </li></ul></ul><ul...
Conclusion <ul><li>Cybersecurity is a priority of the new administration </li></ul><ul><li>Approximately $30 billion in ne...
Upcoming SlideShare
Loading in...5
×

Stanford Cybersecurity January 2009

579

Published on

A presentation given by Peter Levin, Consulting Professor at Stanford University.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
579
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Stanford Cybersecurity January 2009"

  1. 1. Cybersecurity Peter L. Levin Consulting Professor January 2009
  2. 2. Evolution of GPS Service <ul><li>Availability (sparse constellation) </li></ul><ul><li>Accuracy (selective availability) </li></ul><ul><li>Integrity (aviation) </li></ul><ul><li>Coverage (urban canyons and indoors) </li></ul><ul><li>Security (location based authentication) </li></ul><ul><li>Copied without shame or remorse, but with attribution, from Per Enge </li></ul>
  3. 3. The Problem Statement <ul><li>“The United States is already engaged in a ‘low-intensity’ cyber conflict”. </li></ul><ul><li>- General Wesley K. Clark, former SACEUR </li></ul><ul><li>“[And] cannot kill or capture its way to victory”. </li></ul><ul><li>Robert M. Gates, Secretary of Defense </li></ul>
  4. 4. “It is a battle we are loosing”
  5. 5. The Black Swan Effect <ul><li>We won’t be more secure in a day </li></ul><ul><ul><li>Planning takes time, energy, focus </li></ul></ul><ul><ul><li>Competing priorities </li></ul></ul><ul><ul><li>False perceptions </li></ul></ul><ul><ul><ul><li>current safety </li></ul></ul></ul><ul><ul><ul><li>difficulty of raising the bar </li></ul></ul></ul><ul><li>. . . but we can be crippled in seconds </li></ul><ul><ul><li>Insidious attacks can come from anywhere </li></ul></ul><ul><ul><ul><li>the network, the software, or the hardware </li></ul></ul></ul><ul><ul><li>Catastrophic results if we’re left unprotected </li></ul></ul>
  6. 6. Public Awareness Has Changed
  7. 7. “ several Georgian state computers [were] under external control” So they moved websites to Google:
  8. 8. P2P uses as much as 60% of Internet Bandwidth P2P networks offer an easy way to disguise illegitimate payloads using sophisticated protocols, and can divert network traffic to arbitrary ports From Spector 360
  9. 9. Machine Readable Travel Documents
  10. 10. Cracked in ten seconds for $10,000
  11. 11. <ul><li>Real-world reliability vs digital security reliability </li></ul><ul><li>Seven nines: aircraft landing </li></ul><ul><li>Six nines: mature manufacturing qa </li></ul><ul><li>Five nines: PSTN availability (after 100 years) </li></ul><ul><li>Four nines: domestic electric energy transmission </li></ul><ul><li>Three nines: maximum possible desktop uptime </li></ul><ul><li>Two nines: credit-card number protection </li></ul><ul><li>One nine: internet traffic not broadly related to attack </li></ul><ul><li>Zero nines: “[a]bility of stock antivirus to find new malware” </li></ul>Security is a Subset of Reliability * *from the article of that name by Geer and Conway, IEEE Security and Privacy, Dec 08
  12. 12. The (Cyber)Security Marketplace
  13. 13. Hardware Sabotage “The most monumental non-nuclear explosion ever seen from space” was reportedly caused by the US in a Soviet commercial gas pipeline. An Israeli bombing raid on a suspected Syrian nuclear facility was (allegedly!) due to a “kill switch” that turned off surveillance radar.
  14. 14. Hardware’s Axis of Evil
  15. 15. Counterfeits are Expensive and Dangerous <ul><li>Exploit complexity </li></ul><ul><li>Difficult to detect </li></ul><ul><li>Compromise security </li></ul>Source: Unclassified FBI Report, January 2008
  16. 16. Chip-Making in Four Easy Steps RTL & Layout Design Mask Creation Logic Circuit Design Function Specification Thanks to Grace and Sherman for this slide
  17. 17. Chip-Level Hardware Assurance Graphic from Sally Adee, IEEE Spectrum authenticity and provenance mechanical compromise add extra wires add extra transistors
  18. 18. “ Your Hands Can’t Hit What Your Eyes Can’t See” DAFCA provides on-chip, at-speed, in-system visibility
  19. 19. Integrate Verification and Validation <ul><li>Tap the lines “pre-silicon” </li></ul><ul><ul><li>Software only </li></ul></ul><ul><ul><li>Platform/technology agnostic </li></ul></ul><ul><ul><li>Automated </li></ul></ul><ul><li>Observe behavior “post-silicon” </li></ul><ul><ul><li>Configure, operate, and control FSM </li></ul></ul><ul><ul><li>Don’t slow down, don’t stop </li></ul></ul><ul><ul><li>No extra pins, no special libraries </li></ul></ul><ul><li>React </li></ul><ul><ul><li>Injection, isolation, remediation </li></ul></ul>
  20. 20. Why At-Speed Observability Matters <ul><li>Example: 5 billion transaction “boot scenario” </li></ul><ul><ul><li>SW simulation @ 0.01 MHz = 6 days* </li></ul></ul><ul><ul><li>HW acceleration @ 0.1MHz = 14 hours* </li></ul></ul><ul><ul><li>At-speed @ 500 MHz = 10 seconds </li></ul></ul><ul><li>* Even these are 10x faster than IBM’s benchmark </li></ul>
  21. 21. Two Examples <ul><li>By “hardware assurance” we mean: </li></ul><ul><li>Is the chip authentic? </li></ul><ul><li>Is the chip functioning properly? </li></ul><ul><ul><li>Until now, most of the attention has been focused on “static” views </li></ul></ul>
  22. 22. Detect Malfunction <ul><li>Invisible to functional logic </li></ul><ul><li>Invisible to application software </li></ul><ul><li>Impossible to understand by inspection </li></ul><ul><ul><li>It’s just gates and flops, no hard macros </li></ul></ul><ul><ul><li>It’s configured on the fly </li></ul></ul>
  23. 23. An Instrumented GPS Chip Trace RAM (1k x 128) Transaction Engine PTE TRACER LCD_MUX CB1_MUX aligner 4-fifo grp_lcd_out grp_lcd_fifo_rd2 grp_lcd_fifo_rd1 grp_lcd_fifo_rd3 grp_lcd_rgb grp_arm_i grp_arm_r_0 grp_usb_slv grp_usb_mstr 125 125 125 FINAL_SPN 125 CB2_MUX 125 CB3_MUX 125 125 GP_IN 2 valid bit valid bit Observation Bus = 125 (probe grp) + 2 Valid + 1 Time Stamp = 128 bit 1 valid for domain crossing of 10Mhz to 166MHz 1 valid for domain crossing of 83KHz to 166MHz SPN NETWORK 166MHz 10MHz 1 valid bit 1 valid bit 125 CDC_LCD 166MHz 166MHz CAPSTIM aligner Trace RAM (1k x 128)
  24. 24. The Road Ahead abstraction Detected Violation Software objects, pointers, calls, register writes Bus cycles, arbitration policies, event sequencing On-Chip cycle protocols and timing T T T T T T T T T T T T T T T T T T T Bus Protocol Assertions Static Mode Selects Exception Generators Memory Checkers Performance Monitors Traffic Generators Event Sequencing Boot-up System Software Application Software O c D observe characterize detect observe characterize detect
  25. 25. Device Authenticity/Anti-Counterfeit <ul><li>Counterfeit chips are easy to make, hard to detect </li></ul><ul><li>Enormous economic incentive </li></ul><ul><ul><li>most hackers are driven by money </li></ul></ul><ul><li>Attractive targets for adversaries </li></ul><ul><ul><li>banks, hospitals, military installations </li></ul></ul>Our customers need an inexpensive and reliable way to detect counterfeit devices in the field
  26. 26. An Anti-Counterfeit Architecture <ul><li>DAFCA – on-chip instrumentation </li></ul><ul><li>eScrypt – embedded security </li></ul><ul><ul><li>SiDense (CMOS embedded flash) </li></ul></ul><ul><li>Zanio – highly secure positioning and time </li></ul>
  27. 27. On-Chip, At-Speed, In-System Instrumentation <ul><li>Tap the lines pre-silicon </li></ul><ul><ul><li>Conveniently, easily, ubiquitously </li></ul></ul><ul><ul><li>Formal/model check the result </li></ul></ul><ul><li>Observe behavior at speed </li></ul><ul><ul><li>Assertions, triggers, breakpoints </li></ul></ul><ul><ul><li>Performance monitoring </li></ul></ul><ul><li>React </li></ul><ul><ul><li>Injection, remediation, isolation </li></ul></ul>Step One: “Talk to me ”
  28. 28. Establish An Encrypted Channel <ul><li>On-Chip PKI </li></ul><ul><ul><li>Extremely compact </li></ul></ul><ul><li>Unique </li></ul><ul><ul><li>Based on random mfg variability </li></ul></ul><ul><li>Secure </li></ul><ul><ul><li>Store keys in protected cmos flash </li></ul></ul>Step Two: “Talk securely to me ”
  29. 29. Embed A Secret <ul><li>Unique GPS token </li></ul><ul><ul><ul><li>One-time insertion </li></ul></ul></ul><ul><li>Prove authenticity </li></ul><ul><ul><li>Dynamic challenge-response protocol </li></ul></ul><ul><ul><li>Can be implemented in-field </li></ul></ul><ul><li>Two factor security </li></ul><ul><ul><li>Device fingerprint (PUF) </li></ul></ul><ul><ul><li>Device pedigree (location and time) </li></ul></ul>Step Three: “Tell me a secret ”
  30. 30. Use GPS to Ensure Authenticity <ul><li>Easy to use – no interruption of design implementation flow </li></ul><ul><li>No special pins, no special libraries, no performance degradation </li></ul><ul><li>On-chip, at-speed, in-system </li></ul><ul><ul><li>can be accessed remotely, and in-field </li></ul></ul>Set an extremely high bar for hackers
  31. 31. Secure Channel, Secret Message <ul><li>DAFCA + eScrypt + Zanio enables </li></ul><ul><ul><li>Access to the Zanio core from the device, from the operating system, or from the host system </li></ul></ul><ul><ul><li>Message passing to and from the device without fear of compromise </li></ul></ul><ul><ul><li>A “plug compatible” device that can easily replace or substitute unprotected chips </li></ul></ul>
  32. 32. Location Security <ul><li>Application areas </li></ul><ul><ul><li>Public health and safety </li></ul></ul><ul><ul><li>Tolling and mobile asset tracking </li></ul></ul><ul><ul><li>Networked asset protection (including data) </li></ul></ul><ul><ul><li>National security applications (including MTDs) </li></ul></ul><ul><ul><li>Financial infrastructure (laundering and fraud) </li></ul></ul><ul><ul><li>How do you know you are where you think you are? </li></ul></ul><ul><ul><li>How do I know that you are where you say you are? </li></ul></ul>
  33. 33. Next Generation Cybersecurity <ul><li>Augment the GNSS utility to </li></ul><ul><ul><li>Defeat spoofing </li></ul></ul><ul><ul><li>Overcome jamming </li></ul></ul><ul><li>Security for GNSS -> Security from GNSS </li></ul>
  34. 34. Conclusion <ul><li>Cybersecurity is a priority of the new administration </li></ul><ul><li>Approximately $30 billion in new programs </li></ul><ul><li>Hardware assurance will be a prominent part of the technical roadmap </li></ul><ul><li>Anti-tamper and anti-counterfeit solutions are available today </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×