CSC 382582 Computer Security Physical and EM Security

  • Slides: 32
Download presentation
CSC 382/582: Computer Security Physical and EM Security CSC 382/582: Computer Security 1

CSC 382/582: Computer Security Physical and EM Security CSC 382/582: Computer Security 1

Physical Security 1. 2. 3. 4. 5. 6. 7. 8. 9. Physical Security Plan

Physical Security 1. 2. 3. 4. 5. 6. 7. 8. 9. Physical Security Plan Elements of Physical Security Environmental Threats Physical Access Theft Backups Printouts Unattended Terminals EM Security CSC 382/582: Computer Security 2

Physical Security Plan • List of physical assets to be protected – Descriptions –

Physical Security Plan • List of physical assets to be protected – Descriptions – Replacement cost (hardware + data) • Locations of physical assets • Description of security perimeter(s) – Holes in perimeter (doors, windows, etc. ) – Multiple perimeter example: • Outermost: campus • Outer: building • Inner: server room • Threats that you’re protecting against • Security defences CSC 382/582: Computer Security 3

Elements of Physical Security 1. Determent – Convince people not to attack. 2. Detection

Elements of Physical Security 1. Determent – Convince people not to attack. 2. Detection – Alarms, guards, and other means of detecting attacks. 3. Delay – Elements that slow down an attacker, e. g. locks & safes. 4. Response – Guards or a call to the police. CSC 382/582: Computer Security 4

Environmental Threats: Fire • Dangers: – Flames – Heat – Smoke – Water •

Environmental Threats: Fire • Dangers: – Flames – Heat – Smoke – Water • Defences – Gas-charged extinguishers – Dry-pipe water sprinkler systems CSC 382/582: Computer Security 5

Environmental Threats: Temperature • Most computer systems need 50 -90 F • Dangers: –

Environmental Threats: Temperature • Most computer systems need 50 -90 F • Dangers: – Cold: thermal shock on power-on, cracking ICs/boards. – Hot: unreliability, then system failures as heat increases. • Defences – Air-conditioning system – Good air circulation – Temperature alarm system CSC 382/582: Computer Security 6

Environmental Threats: Water • Humidity – Below 20% static discharge becomes a problem. –

Environmental Threats: Water • Humidity – Below 20% static discharge becomes a problem. – Must remain below dew point to avoid condensation on chilled surfaces. – Defences: • Humidifier/de-humidifier • Humidity alarm • Water – Defences: • Keep drinks away from computers. • Alarm at low level. • Automatic power shut-off at higher level. CSC 382/582: Computer Security 7

Environmental Threats: Electrical • Electrical Noise – Motors, fans, even vacuum cleaners can generate

Environmental Threats: Electrical • Electrical Noise – Motors, fans, even vacuum cleaners can generate electrical surges. – Defences: • UPS with power line filter • Anti-static mats • Lightning – Defences • Turn off computer systems during lightning storms. • Surge suppressors may help for distant strikes. CSC 382/582: Computer Security 8

Environmental Threats • Dust – Collects on drive heads and degrades media by abrasion.

Environmental Threats • Dust – Collects on drive heads and degrades media by abrasion. – Dust is slightly conductive and can cause circuit boards to short and fail if much accumulates. – Defences: • Air Filtering Systems • Vacuuming • Vibration – Can work circuit boards out of sockets and drive heads out of alignment over time. – Defences: • Rubber or foam mat. CSC 382/582: Computer Security 9

Physical Access • Raised floors/dropped ceilings – If internal walls do not extend above

Physical Access • Raised floors/dropped ceilings – If internal walls do not extend above dropped ceilings and below raised floors, computer room door security can be easily bypassed. • Air ducts – Serve computer room with many small air ducts. – Weld screens over air vents or within air ducts. – Motion detectors. • Glass walls – Easy to break—avoid them. CSC 382/582: Computer Security 10

Network Cabling • Threats – Wiretapping/monitoring – Cutting – Connecting to AC power •

Network Cabling • Threats – Wiretapping/monitoring – Cutting – Connecting to AC power • Defences – Run through steel conduits, not open trays. – Double-walled conduits with pressurized gas between layers; alarm if pressure falls. CSC 382/582: Computer Security 11

Alarms • Sensor types – – Vibration detectors Video cameras Motion sensors Infrared (body

Alarms • Sensor types – – Vibration detectors Video cameras Motion sensors Infrared (body heat) detectors • False alarms – Causes • Weather (thunder, lightning, wind) • Created by attacker – Degrade response • guards/police will ignore alarms if too many false. CSC 382/582: Computer Security 12

Theft • Reasons: – Resale – Access to stored information • Targets – Laptops

Theft • Reasons: – Resale – Access to stored information • Targets – Laptops – Components: RAM, CPUs, hard disks – PCs/servers CSC 382/582: Computer Security 13

Theft Defences • Limit physical access. – Keep critical systems in high security areas.

Theft Defences • Limit physical access. – Keep critical systems in high security areas. • • • Case locks to prevent access to components. Laptop locks to lock laptop to desk. Visible equipment tags with serial numbers. Phone-home software for tracing. Encryption of information. CSC 382/582: Computer Security 14

Backups • Protect availability of information. • Offer potential for confidentiality violation. • Defences:

Backups • Protect availability of information. • Offer potential for confidentiality violation. • Defences: – Secure in safe after creation. – Periodically move to secure offsite storage. – Verify that you can restore data from backups. • Verify old backups periodically too. – Encrypt data on backup tapes. – Bulk erase tapes to destroy data before disposal. CSC 382/582: Computer Security 15

Printouts • Provide availability when computers down. • Potential for confidentiality violation. – Dumpster

Printouts • Provide availability when computers down. • Potential for confidentiality violation. – Dumpster diving • Defences – Separate wastebaskets for confidential/unclassified information. – Paper shredding • Expensive shredding recovery services exist. CSC 382/582: Computer Security 16

Unattended Terminals • Offer anonymous attacker access • Defences: – Autologout shells or daemons

Unattended Terminals • Offer anonymous attacker access • Defences: – Autologout shells or daemons – Automatic screen locking – Boot only from hard disk – BIOS password to protect boot settings – Case lock to prevent battery removal or BIOS chip replacement CSC 382/582: Computer Security 17

EM Security 1. 2. 3. 4. 5. 6. What is EM Security? History Surveillance

EM Security 1. 2. 3. 4. 5. 6. What is EM Security? History Surveillance Passive Attacks Active Attacks Defences CSC 382/582: Computer Security 18

EM Security Preventing a system from being attacked using electromagnetic emanations. – Confidentiality attacks

EM Security Preventing a system from being attacked using electromagnetic emanations. – Confidentiality attacks • Listening to high frequency signals bled onto connected cables like power lines. • Listening to electromagnetic radiation leaked from computer devices. – Integrity attacks • Disrupting computations by inserting power glitches. – Availability attacks • Jamming, electromagnetic pulse weapons. CSC 382/582: Computer Security 19

History 1914: Telephone wires laid for miles parallel to enemy trenches only a few

History 1914: Telephone wires laid for miles parallel to enemy trenches only a few hundred meters away. Earth leakage caused crosstalk, allowing enemy to listen. 1960: UK listened to secondary signal on French embassy cable to capture plaintext leaked from cipher machine. 1960 s: TV detector vans in UK listened to RF leakage to discover license fee evaders. 1985: Wim van Eck’s paper describing how to reconstruct picture on CRT at a distance. 1990 s: Power analysis of smartcards. CSC 382/582: Computer Security 20

Active Surveillance • Many types of “bugs” available: – Battery-powered radio microphones. – Externally

Active Surveillance • Many types of “bugs” available: – Battery-powered radio microphones. – Externally powered radio microphone/cameras. – Laser microphones Bounce laser off reflected surface, then measure modulation of reflected light by sound waves. • Interception evasion technologies – Rapid frequency hopping – Burst transmission CSC 382/582: Computer Security 21

Surveillance Countermeasures • Physical sweep • Nonlinear Junction Detectors – Emit weak radio signal.

Surveillance Countermeasures • Physical sweep • Nonlinear Junction Detectors – Emit weak radio signal. – Listen for harmonics caused by transistors. – Can find unshielded electronics a few feet away. • Surveillance receivers – Sweep radio spectrum at rapid rate, searching for unexplained signals. – Can detect frequency hoppers, but burst transmission difficult to find. CSC 382/582: Computer Security 22

Passive Attacks • Red/black separation • Power analysis • RF leakage CSC 382/582: Computer

Passive Attacks • Red/black separation • Power analysis • RF leakage CSC 382/582: Computer Security 23

Red/Black Separation • Red equipment: carries confidential data. • Black equipment: carries unclassified data.

Red/Black Separation • Red equipment: carries confidential data. • Black equipment: carries unclassified data. • Red/Black separation: Red equipment must be isolated from Black equipment by filters and shields. • Problem: Cipher machines have both red and black connections, so their design must be very careful. CSC 382/582: Computer Security 24

Power Analysis • Power analysis: analyzing power supply current of electronic device over time.

Power Analysis • Power analysis: analyzing power supply current of electronic device over time. – Transistor switching changes power draw. • Smartcards: credit-card sized plastic with embedded microprocessor/memory. – Uses: credit/ID card replacement, one time password authentication, physical access key. – Vulnerabilities • Low clock frequency compared to PCs. • Little or no power filtering. CSC 382/582: Computer Security 25

Power Analysis • Simple Power Analysis – Visual inspection of power consumption graph can

Power Analysis • Simple Power Analysis – Visual inspection of power consumption graph can reveal DES shifts and permutations or RSA multiplication and exponentiation operations. • Differential Power Analysis – Statistical analysis of many (100’s) operations where algorithm and either plaintext or ciphertext known. – Can be used to find 48 of 56 bits of DES key by analyzing last round of cipher. – Defences: randomization of order of S-box use, frequent key updates, timing randomness, insertion of random dummy operations. CSC 382/582: Computer Security 26

RF Leakage • All video displays (CRTs and LCDs) emit a weak TV signal.

RF Leakage • All video displays (CRTs and LCDs) emit a weak TV signal. • All cabling (serial cables using by ATMs and ethernet cable used by PCs) emits signals too. • Keyboard RF emissions modulated by currently pressed key. • Defences: – Electromagnetic shielding of device or room. – Soft-Tempest fonts: low pass filter removes high frequencies of fonts—little visual difference on monitor but larger effect on signal. CSC 382/582: Computer Security 27

Active Attacks • Tempest Viruses • Glitching CSC 382/582: Computer Security 28

Active Attacks • Tempest Viruses • Glitching CSC 382/582: Computer Security 28

Tempest Viruses Malware that scans infected computer for desired information, which it then broadcasts

Tempest Viruses Malware that scans infected computer for desired information, which it then broadcasts via RF signals. – Change display when monitor not in use to send signal. – Superimpose signal on monitor image, so that image not visible on monitor but visible to RF receiver. CSC 382/582: Computer Security 29

Glitching • Inserting transients into power or clock signal to induce useful errors. •

Glitching • Inserting transients into power or clock signal to induce useful errors. • Example: On one Smartcard, replacing a clock pulse with two narrower pulses would cause processor to execute a NOP instead of scheduled instruction, allowing access control JMPs to be bypassed. CSC 382/582: Computer Security 30

Defences • • Use Soft-Tempest fonts. Keep cables short. Use shielded cables. Use EMI

Defences • • Use Soft-Tempest fonts. Keep cables short. Use shielded cables. Use EMI filters between PC and wall AC power. Use EMI filters on fax/modem phone lines. Apply ferrite core attenuators to cables. Enclose devices in a Faraday cage (grounded tight cage of aluminum mesh. ) • Buy specially shielded equipment. CSC 382/582: Computer Security 31

Key Points • Physical security is an essential component of computer security. – Many

Key Points • Physical security is an essential component of computer security. – Many systems are more vulnerable to physical threats than system/network attacks. • Elements of Physical Security – – Determent Detection Delay Response • Backups are a defence against many threats, but must be defended themselves. CSC 382/582: Computer Security 32