CCSDS Security Working Group Security risks

advertisement
CCSDS Security Working Group
Spring 2014 Meeting
31 March – 1 April 2014
Noordwijkerhout, The Netherlands
Charles Sheehe
NASA/Glenn
Security Risks
Charles Sheehe
Objective of the risks discussion
• To recommend that the threat book be
updated with the threats to these emergent
threats and technologies.
• To recommend that a Green Book developed
to provide guidance to the users of the
emergent technologies.
Back Ground
What are the risks
• Counterfeit parts
• Genuine parts pre loaded with viruses.
• Genuine parts with viruses embedded in the
hardware of the parts.
Threats
Detection and Avoidance of Counterfeit
Electronic Parts-Further Implementation
• Defense Federal Acquisition Regulations
Supplement; Counterfeit Electronic PartsFurther Implementation
• Public Meeting: A public meeting is scheduled
for March 27, 2014, from 9:00 a.m. to 12:00
p.m., EDT. The public meeting will be held at
General Services Administration (GSA)
Regional Office Building at 301 7th Street, SW,
Washington, D.C. (Entrance on D Street).
Electronic Parts
• Richard Clarke: All U.S. Electronics Could Be Infected
– Well, it’s been pretty obvious for a while now that China’s been hacking into
some of America’s most important businesses and government agencies and
stealing reams of data. We’ve heard countless reports about Pentagon info
being stolen or about critical data on the F-35 Joint Strike Fighter being
plucked from defense contractors networks.
– Well, former U.S. counter-terrorism czar –currently running his own
cybersecurity firm — Richard Clarke is coming out and saying that all
electronics made in China may well have built-in trapdoors allowing Chinese
malware to infect American systems on command. The malware could do
everything from take over a device to disabling it to secretly siphoning
information off of it.
• Just remember, plenty of electronics parts are out sourced. Space
contractors routinely buy things like processors and circuit boards — that
end up on advanced systems. These parts often prove fake, something
that’s dangerous enough due to the high risk of a fake part failing. What’s
to stop real parts made from carrying an equally dangerous cyber
trapdoor?
Common hardware attacks
• Manufacturing backdoors, for malware or other penetrative purposes;
backdoors aren’t limited to software and hardware, but they also affect
embedded radio-frequency identification (RFID) chips and memory
• Eavesdropping by gaining access to protected memory without opening
other hardware
• Inducing faults, causing the interruption of normal behavior
• Hardware modification tampering with invasive operations; hardware or
jailbroken software
• Backdoor creation; the presence of hidden methods for bypassing normal
computer authentication systems
• Counterfeiting product assets that can produce extraordinary operations,
and those made to gain malicious access to systems
Rakshasa backdoors
•
•
Backdoors are usually supported by software. Flaws, including bugs, are common in software that runs on most devices. Fortunately, this type of backdoor is easier to detect and
immunize.
Last year, researcher Jonathan Brossard mentioned during the Black Hat security conference in Las Vegas, that a new strain of malware is nearly impossible to remove once it
compromises a device. Brossard named his agent “Rakshasa“, defining it a “permanent backdoor” that’s hard to detect, and nearly impossible to remove.
–
It’s clear that he didn’t find a new vulnerability, but demonstrated how much harder is to detect that type of backdoor.
–
The abstract demonstrates that permanent backdooring of hardware is possible. Rakshasa is able to compromise more than a hundred different motherboards. The impact
could be devastating. Rakshasa malware infects the host BIOS, taking advantage of a potentially vulnerable aspect of traditional computer architecture. Any peripheral, such as
a network card or a sound card can write to the computer’s RAM or to smaller portions of memory allocated to any of the other peripherals.
–
First, there are backdoor disabling features such as NX, essential for protection against malware, viruses, and exploits. It also removes fixes for System Management Mode
(SMM), in operating mode in which all normal execution (including the operating system) is suspended and special software, usually firmware or a hardware-assisted debugger,
and is executed in high-privilege mode.
–
With these few steps, the attacker has properly compromised security of the machine, allowing malware to completely erase hard disks and install a new operating system.
–
“We shall also demonstrate that preexisting work on MBR subverts such as bootkiting and preboot authentication software brute force can be embedded in Rakshasa with little
effort.”
–
Due the mechanism of infection, in order to sanitize a PC, it’s necessary to flash all the devices simultaneously to avoid that happening during a disinfection of a single device.
That’s because it could affected by other compromised components.
–
“It would be very difficult to do. The cost of recovery is probably higher than the cost of the laptop. It’s probably best to just get rid of the computer.” said Brossard.
–
Rakshasa has been developed with open source BIOS software, including the Coreboot project and Sea BIOS, and because of their compatibility with most hardware, it’s hard to
detect.
–
When the machine boots up, malware downloads all the malicious code it needs. Of course it disables the resident antivirus and stores the code in memory. In doing so, it
avoids leaving traces on the hard disk that could be detected as infectious.
–
The most important issue about Rakshasa malware isn’t related to how it can infect victims randomly. But Brossard alerted the scientific community to the possibility of using it
as a backdoor in hardware. In many cases doubt has been raised about if backdoors are present in devices, telecommunications in particular.
–
Hardware qualification is a serious problem. Let’s consider the impact of a compromised device in a military environment, or in any large systems.
–
“The whole point of this research is to undetectably and untraceably backdoor the hardware. What this shows is that it’s basically not practical to secure a PC at all, due to
legacy architecture. Because computers go through so many hands before they’re delivered to you, there’s a serious concern that anyone could backdoor the computer without
your knowledge.”
Rakshasa backdoors continued
• In a paper for Intel, Brossard said:
• “There is no new vulnerability that would allow the landing of the
bootkit on the system.” The company’s statement argues that it
wouldn’t be possible to infect the most recent Intel-based machines
that require any changes to BIOS to be signed with a cryptographic
code. and it points out that Brossard’s paper “assumes the attacker
has either physical access to the system with a flash programmer or
administrative rights to the system to deliver the malware. In other
words, the system is already compromised with root/administrative
level access. If this level of access was previously obtained, a
malicious attacker would already have complete control over the
system even before the delivery of this bootkit.”
• But the above scenario isn’t far from what could happen in a
manufacturing plant that’s compromised by hackers.
Hardware backdoors inserted at gate level
• Backdoors based on supplementary circuits, electronics
component substitution and firmware. But the research is
also evaluating more sophisticated methods based on the
manipulation of dopant chemical elements.
• Recently, a team of experts, composed by researchers
Georg T. Becker, Francesco Ragazzoni, Christof Paar and
Wayne P. Burleson, published a study on stealth dopantlevel hardware Trojans.
– The study describes how it is possible to conduct a hardwarebased attack introducing legitimate circuits that aren’t
detectable as Trojans.
• Extremely stealthy approach for implementing hardware
Trojans below the gate level, insert hardware Trojans by
changing the dopant polarity of existing transistors.
CCSDS Relavance
Security of System
• Flight systems are susceptible to the
embedded viruses.
• An advisory should be mentions in the treat
book as to the necessary steps to mitigate
these threats.
BACK UP
References
•
•
•
•
Richard Clarke: All U.S. Electronics Could Be Infected http://defensetech.org
GAO Buys Fake Submarine Parts http://defensetech.org
Hardware Trojan Taxonomy: Chakraborty, Narasimhan & Bhunia (2010)
More info:
–
–
–
–
–
–
–
–
–
–
–
–
http://securityaffairs.co/wordpress/16748/hacking/spy-agencies-ban-on-lenovo-pcs-due-to-backdoorvulnerabilities.html
http://securityaffairs.co/wordpress/7786/hacking/rakshasa-is-it-possible-design-the-perfect-hardwarebackdoor.html
http://securityaffairs.co/wordpress/17875/hacking/undetectable-hardware-trojan-reality.html#!
http://www.toucan-system.com/research/blackhat2012_brossard_hardware_backdooring.pdf
http://securityaffairs.co/wordpress/1198/cyber-crime/hardware-qualification-a-must-in-a-cyberstrategy.html
http://www.darpa.mil/NewsEvents/Releases/2012/11/30.aspx
https://www.ideals.illinois.edu/bitstream/handle/2142/35322/Edwards_Nathan.pdf
https://www.google.it/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&ved=0CGQQFjAE&url=http%
3A%2F%2Fwww.dtic.mil%2Fcgibin%2FGetTRDoc%3FAD%3DADA547668&ei=oRtHUuO4FsWrtAa63YCACw&usg=AFQjCNH3gt2JT4VuIsQ4VLr
Pkp7Vr4xwOg&sig2=NMrLhCdNn8DLB9LyxJNr_Q&bvm=bv.53217764,d.Yms
http://www.cs.columbia.edu/~simha/preprint_oakland11.pdf
http://people.umass.edu/gbecker/BeckerChes13.pdf
http://www.infosecisland.com/blogview/15095-DHS-Imported-Devices-Infected-with-Malware.html
http://www.eecs.berkeley.edu/~csturton/papers/defeating-uci-oak11.pdf
Download