Transcript Introduction

CIT 380: Securing Computer
Systems
Physical and EM Security
CIT 380: Securing Computer Systems
Slide #1
Physical Security
1.
2.
3.
4.
5.
6.
7.
8.
9.
Physical Security Plan
Elements of Physical Security
Environmental Threats
Physical Access
Theft
Backups
Printouts
Unattended Terminals
EM Security
CIT 380: Securing Computer Systems
Slide #2
Physical Security Plan
• List of physical assets to be protected
– Descriptions
– Replacement cost (hardware + data)
• Locations of physical assets
• Description of security perimeter(s)
– Holes in perimeter (doors, windows, etc.)
– Multiple perimeter example:
• Outermost: campus
• Outer: building
• Inner: server room
• Threats that you’re protecting against
• Security defences
CIT 380: Securing Computer Systems
Slide #3
Elements of Physical Security
1. Determent
–
Convince people not to attack.
2. Detection
–
Alarms, guards, and other means of detecting attacks.
3. Delay
–
Elements that slow down an attacker, e.g. locks &
safes.
4. Response
–
Guards or a call to the police.
CIT 380: Securing Computer Systems
Slide #4
Environmental Threats: Fire
• Dangers:
–
–
–
–
Flames
Heat
Smoke
Water
• Defences
– Gas-charged extinguishers
– Dry-pipe water sprinkler systems
CIT 380: Securing Computer Systems
Slide #5
Environmental Threats: Temperature
• Most computer systems need 50-90F
• Dangers:
– Cold: thermal shock on power-on, cracking ICs/boards.
– Hot: unreliability, then system failures as heat increases.
• Defences
– Air-conditioning system
– Good air circulation
– Temperature alarm system
CIT 380: Securing Computer Systems
Slide #6
Environmental Threats: Water
• Humidity
– Below 20% static discharge becomes a problem.
– Must remain below dew point to avoid condensation on
chilled surfaces.
– Defences:
• Humidifier/de-humidifier
• Humidity alarm
• Water
– Defences:
• Keep drinks away from computers.
• Alarm at low level.
• Automatic power shut-off at higher level.
CIT 380: Securing Computer Systems
Slide #7
Environmental Threats: Electrical
• Electrical Noise
– Motors, fans, even vacuum cleaners can generate
electrical surges.
– Defences:
• UPS with power line filter
• Anti-static mats
• Lightning
– Defences
• Turn off computer systems during lightning storms.
• Surge suppressors may help for distant strikes.
CIT 380: Securing Computer Systems
Slide #8
Environmental Threats
• Dust
– Collects on drive heads and degrades media by abrasion.
– Dust is slightly conductive and can cause circuit boards
to short and fail if much accumulates.
– Defences:
• Air Filtering Systems
• Vacuuming
• Vibration
– Can work circuit boards out of sockets and drive heads
out of alignment over time.
– Defences:
• Rubber or foam mat.
CIT 380: Securing Computer Systems
Slide #9
Physical Access
• Raised floors/dropped ceilings
– If internal walls do not extend above dropped ceilings
and below raised floors, computer room door security
can be easily bypassed.
• Air ducts
– Serve computer room with many small air ducts.
– Weld screens over air vents or within air ducts.
– Motion detectors.
• Glass walls
– Easy to break—avoid them.
CIT 380: Securing Computer Systems
Slide #10
Network Cabling
• Threats
– Wiretapping/monitoring
– Cutting
– Connecting to AC power
• Defences
– Run through steel conduits, not open trays.
– Double-walled conduits with pressurized gas
between layers; alarm if pressure falls.
CIT 380: Securing Computer Systems
Slide #11
Alarms
• Sensor types
–
–
–
–
Vibration detectors
Video cameras
Motion sensors
Infrared (body heat) detectors
• False alarms
– Causes
• Weather (thunder, lightning, wind)
• Created by attacker
– Degrade response
• guards/police will ignore alarms if too many false.
CIT 380: Securing Computer Systems
Slide #12
Theft
• Reasons:
– Resale
– Access to stored information
• Targets
– Laptops
– Components: RAM, CPUs, hard disks
– PCs/servers
CIT 380: Securing Computer Systems
Slide #13
Theft Defences
• Limit physical access.
– Keep critical systems in high security areas.
•
•
•
•
•
Case locks to prevent access to components.
Laptop locks to lock laptop to desk.
Visible equipment tags with serial numbers.
Phone-home software for tracing.
Encryption of information.
CIT 380: Securing Computer Systems
Slide #14
Backups
• Protect availability of information.
• Offer potential for confidentiality violation.
• Defences:
– Secure in safe after creation.
– Periodically move to secure offsite storage.
– Verify that you can restore data from backups.
• Verify old backups periodically too.
– Encrypt data on backup tapes.
– Bulk erase tapes to destroy data before disposal.
CIT 380: Securing Computer Systems
Slide #15
Printouts
• Provide availability when computers down.
• Potential for confidentiality violation.
– Dumpster diving
• Defences
– Separate wastebaskets for
confidential/unclassified information.
– Paper shredding
• Expensive shredding recovery services exist.
CIT 380: Securing Computer Systems
Slide #16
Unattended Terminals
• Offer anonymous attacker access
• Defences:
–
–
–
–
–
Autologout shells or daemons
Automatic screen locking
Boot only from hard disk
BIOS password to protect boot settings
Case lock to prevent battery removal or BIOS
chip replacement
CIT 380: Securing Computer Systems
Slide #17
EM Security
1.
2.
3.
4.
5.
6.
What is EM Security?
History
Surveillance
Passive Attacks
Active Attacks
Defences
CIT 380: Securing Computer Systems
Slide #18
EM Security
Preventing a system from being attacked
using electromagnetic emanations.
– Confidentiality attacks
• Listening to high frequency signals bled onto
connected cables like power lines.
• Listening to electromagnetic radiation leaked from
computer devices.
– Integrity attacks
• Disrupting computations by inserting power glitches.
– Availability attacks
• Jamming, electromagnetic pulse weapons.
CIT 380: Securing Computer Systems
Slide #19
History
1914: Telephone wires laid for miles parallel to
enemy trenches only a few hundred meters away.
Earth leakage caused crosstalk, allowing enemy to
listen.
1960: UK listened to secondary signal on French
embassy cable to capture plaintext leaked from
cipher machine.
1960s: TV detector vans in UK listened to RF leakage
to discover license fee evaders.
1985: Wim van Eck’s paper describing how to
reconstruct picture on CRT at a distance.
1990s: Power analysis of smartcards.
CIT 380: Securing Computer Systems
Slide #20
Active Surveillance
• Many types of “bugs” available:
– Battery-powered radio microphones.
– Externally powered radio microphone/cameras.
– Laser microphones
Bounce laser off reflected surface, then measure
modulation of reflected light by sound waves.
• Interception evasion technologies
– Rapid frequency hopping
– Burst transmission
CIT 380: Securing Computer Systems
Slide #21
Surveillance Countermeasures
• Physical sweep
• Nonlinear Junction Detectors
– Emit weak radio signal.
– Listen for harmonics caused by transistors.
– Can find unshielded electronics a few feet away.
• Surveillance receivers
– Sweep radio spectrum at rapid rate, searching for
unexplained signals.
– Can detect frequency hoppers, but burst transmission
difficult to find.
CIT 380: Securing Computer Systems
Slide #22
Passive Attacks
• Red/black separation
• Power analysis
• RF leakage
CIT 380: Securing Computer Systems
Slide #23
Red/Black Separation
• Red equipment: carries confidential data.
• Black equipment: carries unclassified data.
• Red/Black separation: Red equipment must
be isolated from Black equipment by filters
and shields.
• Problem: Cipher machines have both red and
black connections, so their design must be
very careful.
CIT 380: Securing Computer Systems
Slide #24
Power Analysis
• Power analysis: analyzing power supply
current of electronic device over time.
– Transistor switching changes power draw.
• Smartcards: credit-card sized plastic with
embedded microprocessor/memory.
– Uses: credit/ID card replacement, one time
password authentication, physical access key.
– Vulnerabilities
• Low clock frequency compared to PCs.
• Little or no power filtering.
CIT 380: Securing Computer Systems
Slide #25
Power Analysis
• Simple Power Analysis
– Visual inspection of power consumption graph can
reveal DES shifts and permutations or RSA
multiplication and exponentiation operations.
• Differential Power Analysis
– Statistical analysis of many (100’s) operations where
algorithm and either plaintext or ciphertext known.
– Can be used to find 48 of 56 bits of DES key by
analyzing last round of cipher.
– Defences: randomization of order of S-box use, frequent
key updates, timing randomness, insertion of random
dummy operations.
CIT 380: Securing Computer Systems
Slide #26
RF Leakage
• All video displays (CRTs and LCDs) emit a weak
TV signal.
• All cabling (serial cables using by ATMs and
ethernet cable used by PCs) emits signals too.
• Keyboard RF emissions modulated by currently
pressed key.
• Defences:
– Electromagnetic shielding of device or room.
– Soft-Tempest fonts: low pass filter removes high
frequencies of fonts—little visual difference on monitor
but larger effect on signal.
CIT 380: Securing Computer Systems
Slide #27
Active Attacks
• Tempest Viruses
• Glitching
CIT 380: Securing Computer Systems
Slide #28
Tempest Viruses
Malware that scans infected computer for
desired information, which it then broadcasts
via RF signals.
– Change display when monitor not in use to send
signal.
– Superimpose signal on monitor image, so that
image not visible on monitor but visible to RF
receiver.
CIT 380: Securing Computer Systems
Slide #29
Glitching
• Inserting transients into power or clock
signal to induce useful errors.
• Example: On one Smartcard, replacing a
clock pulse with two narrower pulses would
cause processor to execute a NOP instead of
scheduled instruction, allowing access
control JMPs to be bypassed.
CIT 380: Securing Computer Systems
Slide #30
Defences
•
•
•
•
•
•
•
Use Soft-Tempest fonts.
Keep cables short.
Use shielded cables.
Use EMI filters between PC and wall AC power.
Use EMI filters on fax/modem phone lines.
Apply ferrite core attenuators to cables.
Enclose devices in a Faraday cage (grounded tight
cage of aluminum mesh.)
• Buy specially shielded equipment.
CIT 380: Securing Computer Systems
Slide #31
Key Points
• Physical security is an essential component of
computer security.
– Many systems are more vulnerable to physical threats
than system/network attacks.
• Elements of Physical Security
–
–
–
–
Determent
Detection
Delay
Response
• Backups are a defence against many threats, but
must be defended themselves.
CIT 380: Securing Computer Systems
Slide #32