Protecting Data in Untrusted Locations

1,541 views

Published on

An exercise in "Real World" Threat Modeling.

Given at RealWorldCrypto 2015 on January 9th, 2015, in London.

Published in: Internet
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,541
On SlideShare
0
From Embeds
0
Number of Embeds
304
Actions
Shares
0
Downloads
9
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Protecting Data in Untrusted Locations

  1. 1. Jan Schaumann @jschauma 99CE 1DC7 770A C5A8 09A6 0DCD 66CE 4FE9 6F6B D3D7 Protecting Data in Untrusted Locations An exercise in “Real World” threat modeling.
  2. 2. Me. Errday.
  3. 3. https://t.co/Ej94YI4Ovr Threat Model Obligatory James Mickens “ThisWorld of Ours” reference.
  4. 4. https://t.co/Ej94YI4Ovr Threat Model Obligatory James Mickens “ThisWorld of Ours” reference.
  5. 5. gonna tweet Tweeters
  6. 6. https://t.co/ykdsHGV84r
  7. 7. https://t.co/ykdsHGV84r
  8. 8. https://t.co/ykdsHGV84r
  9. 9. Threat Actors: • hackeris vulgaris • organized crime (fsvo “organized”) • local governments or intelligence services • foreign governments or intelligence services Threat Model
  10. 10. Threat Model Assets: • Physical Equipment • Local Service Access Point • Access/Entry point to Infrastructure • TLS keys
  11. 11. Access/Entry point to Infrastructure • physically protected systems • no “secrets” permanently stored on systems • traffic severely restricted • all traffic must be mutually authenticated
  12. 12. https://www.xkcd.com/538/ Obligatory XKCD comic. This also works.
  13. 13. TLS keys
  14. 14. Y U NO HSM? TLS keys
  15. 15. No time to explain - get in the llama!
  16. 16. Booting First time: • boot into single-user mode • generate TPM-backed CSR • submit CSR to service in datacenter • cert generated, used to encrypt client puppet key • encrypted puppet key stored in host image Nth time: • iPXE via TLS • init script decrypts puppet key using TPM • puppet does its thing
  17. 17. http://cm.bell-labs.com/who/ken/trust.html Obligatory “Reflections onTrustingTrust” reference.
  18. 18. Wile E. Coyote has an MBA. Value of Asset Cost of Attack Wile’s ROI
  19. 19. Wile E. Coyote has an MBA. Value of Asset Cost of Attack Wile’s ROI
  20. 20. Raising the cost of attack Wile E. Coyote needs: • physical access • ability to attack running system • persistent undetected presence
  21. 21. Wile E. Coyote has an MBA. Value of Asset Cost of Attack Wile’s ROI
  22. 22. Wile E. Coyote has an MBA. Value of Asset Cost of Attack Wile’s ROI
  23. 23. Reducing the value of TLS keys • Forward Secrecy • tightly scoped certificates • short-lived • alert if observed outside of expected env
  24. 24. Possible scenarios • hardware compromised prior to us racking it • resources compromised through temporary physical access (ACME backdoor) • ACME fake hole,ACME rocket powered roller skates,ACME do-it- yourself tornado kit,ACME earthquake pills, ...
  25. 25. Lessons: You can’t just rub some crypto on it. http://youtu.be/YsY2-yi5W74
  26. 26. Lessons: Know your assets, know your adversaries.
  27. 27. Jan Schaumann @jschauma 54FE 193F 64ED DD0B CFDE 40D6 1983 626F 1E52 3D3A Thanks! (now get in the llama!)

×