Об угрозах информационной безопасности, актуальных для разработчика СЗИ
Mbs w25 a
1. Session ID:
Session Classification: Advanced
MBS-‐W25A
CryptoSeal, Inc.
Ryan Lackey
HOWTO SAFELY CROSS BORDERSWITH COMPUTING DEVICES
Wednesday, February 27, 13
2. INTRODUCTION
►Threat different from attacks at home
►Focused on intellectual property and ongoing access
►Direct risk from compromise as well as legal liability (ITAR)
►Goals:
►Threat information
►Practical countermeasures for“easy”stuff
►Interesting potential solutions for remainder
►One (white) lie
►One unintentional truth!
Wednesday, February 27, 13
3. SCOPE
►Not just defense/government at risk
►Not just big companies at risk
►Software and hardware attacks
►90% solutions with existing technology
►Open research for final 10%
►China, Russia are major countries of concern, but US, UK, Israel,
EU, others also of risk
Wednesday, February 27, 13
5. EXAMPLES
►Carlos Gutierrez (China, 2007)
►Unattended laptop taken
►Linked to ongoing attacks at Commerce
►HD Moore (China, 2012)
►CMOS BIOS reset, evidence of physical attack
►Personal travel (China, 2010)
►CMOS BIOS reset, inconclusive physical evidence
►Various accounts of similar incidents
►Data dumping, firmware differences, physical tampering
►Compelled disclosure of passwords (US too!)
Wednesday, February 27, 13
6. VULNERABILITES & COUNTERMEASURES
Vulnerability Countermeasure
General Minimize
devices,
dedicated
hardware,
MDM
Network
monitoring VPN,
SSL
OS
exploits Minimize
local
data,
keep
patched
Forensic
data
dumping Disk
encrypIon
Compelled
pw
disclosure Download
at
desInaIon
Compromise
as
pivot
for
APT Dedicated
hardware,
low-‐trust
access
Evil
maid
(sw-‐only) Full
disk
encrypIon,
trusted
boot
Evil
maid
(hw) Hard
(physical
protec7on
of
hw)
Wednesday, February 27, 13
7. How to solve the hard problem
of hardware tampering?
Wednesday, February 27, 13
8. PHYSICAL CUSTODY 24 X 7
►Secure facilities
►Embassies, government
►Short trips
►Just take a phone
►Not really generally workable for laptops for longer trips
►Can always be forced to separate from device
Wednesday, February 27, 13
9. CONVENTIONALTAMPER EVIDENT SEALS
►Easily defeated
►Offline/local
►No way to check remotely
►Depends on end user
►Secrecy helps
►Sealed envelopes easiest
Wednesday, February 27, 13
10. MORE ADVANCED USE OFTRUSTED BOOT
►Check firmware on various components
►Better integrity checking of UEFI BIOS
►Ongoing work by vendors
►Mobile OS probably best bet
Wednesday, February 27, 13
11. REMOTE ATTESTATION OF ALL HW
►Tamper sensors which detect tamper event and zeroize
►Effectively HSM/smartcard with user I/O
►Doesn’t really exist (very difficult to make); PIN pads closest
Wednesday, February 27, 13
13. MULTIPLE DEVICES
►Physical tamper seals on unattended machine
►Physically protected or attended smaller machine (e.g. phone)
►High-randomness process to generate seal over enclosure
►Similar to DOE seals
►Effectively provide remote attestation
►Take measurement locally
►Send to remote server to validate
►Return short-term credential for network access on device
Wednesday, February 27, 13
14. ADVICE/CONCLUSION
►Minimize devices taken -- possibly focus on phones/tablets
►Dedicate devices to international travel
►Isolate and reduce privileges of users/devices overseas
►Adopt all reasonable precautions against software attacks
►Investigate solutions to the evil maid hardware attack
Wednesday, February 27, 13
15. REQUEST FOR INFORMATION
“It’s advisable for all international travelers to take due
precautions with their computers and cellphones. China is not
less insecure than other countries."
-- Wang Baodong, Chinese Embassy Spokesman (2011)
Any information on hardware
compromised devices?
Email me: ryan@cryptoseal.com
Wednesday, February 27, 13