The Past, Present, and Future of Information Security

1
The Past, Present, and Futureof Information
Security

• Trusted Computing? Is it the answer?
• Bruce Potter
• gdead_at_shmoo.com

2
Dont Believe Anything I Say

• "Do not believe in anything simply because you
  have heard it. Do not believe in anything simply
  because it is spoken and rumored by many. Do not
  believe in anything simply because it is found
  written in your religious books. Do not believe
  in anything merely on the authority of your
  teachers and elders. Do not believe in traditions
  because they have been handed down for many
  generations. But after observation and analysis,
  when you find that anything agrees with reason
  and is conducive to the good and benefit of one
  and all, then accept it and live up to it. -
  Buddha
• By Day, Senior Associate for Booz Allen Hamilton
• By Night, Founder of The Shmoo Group and restorer
  of hopeless Swedish cars

3
Overview -Two things to accomplish

• Make the case for trusted computing
• While dodging the beer bottles being thrown at
  me
  
• Demonstrate the TPM on a MacBook
• Release some code
• Sprinkle in some good arguments, and weve got
  ourselves a party

4
A Brief History of InfoSec

• For at least 50 years, weve been trying to solve
  the information security problem
  
• However, at the same time, the problem keeps
  getting more complex
  
• In the meantime, its made security a profitable
  and sustainable industry (funny what happens when
  you chase an impossible dream)

5
Current InfoSec Trends

• Anti-virus, Intrusion Detection, and Strong
  passwords
  
• Defense in Depth aka layer enough protection
  mechanisms on, and something will stop the bad
  guys (is this a good idea?)
  
• Microsoft is the root of all security evils (is
  this true?)
  
• Most of the threat against your systems are from
  script kiddies who have more guts than brains (is
  this still the case?)
  
• All these ideas are geared toward a threat model
  that existsed 10 years ago
  
• Lets look at attackers today

6
Attack Trend - Decreased Exploit Development
Timeframe

• Patches have two major uses
• Secure a system that has a known vulnerability
• Determine what vuln was patched in order to
  develop an exploit
  
• In the last several years, there has been an
  incredible decrease in the amount of time between
  patch release and creation of a successful
  exploit
• Microsofts Patch Tuesday has been great for both
  attackers and defenders alike
  
• A foolish consistency is the hobgoblin of little
  minds
  
• The moral? Patch disclosure is essentially the
  same as exploit disclosure

Vuln Disc.
Patch Rel.
High Risk for Large Scale Attacks
Exploit Rel.
Majority Patched
V u l n e r a b I l I t y T i m e l i n e
7
Attack Trend - Mercenary Exploit Development

• A new market has emerged for exploit development
• Not the historical underground market, but rather
  a legit marketplace
  
• Many security companies now offer money in
  exchange for exclusive rights to exploits from
  mercenary exploit developers
  
• Tipping Points Zero Day Initiative (ZDI)
• iDefenses Vulnerability Contributor Program
  (VCP)
  
• Etc
• These programs have rewards programs, as well
  as other incentives
  
• Also, eBay and other online commerce sites have
  become storefronts for vulnerability information
  
• Who knows whos buying this information and what
  they are using it for?

8
Attack Trend - Emerging Black Market in
Compromised Systems

• Attackers need infrastructure to launch attacks
  from
  
• Usually the more systems, the better and the
  harder to trace
  
• Distributed Denial of Service, spamming,
  phishing, attack platforms
  
• Some groups are mass exploiting systems in order
  to resell them to those who wish to launch
  attacks
  
• Exploit system, then load controlling software
  (bots)
  
• Prices can vary wildly 25/1,000 compromised
  systems is realistic
  
• Jeanson James Ancheta was convicted of setting up
  botnet enterprise and selling access
  
• http//news.findlaw.com/hdocs/docs/cyberlaw/usanch
  etaind.pdf
  
• Many Internet users just assume their systems are
  supposed to be slow and full of malware

9
So, How Did We Get Here?

• The roadmap for secure systems is described in
  Butler Lampsons Protection paper
  
• http//research.microsoft.com/lampson/09-Protecti
  on/WebPage.html
  
• The original motivation for putting protection
  mechanisms into computer systems was to keep one
  users malice or error from harming other users.
  Harm can be inflicted in several ways1.By
  destroying or modifying another users data.2.By
  reading or copying another users data without
  permission.3.By degrading the service another
  user gets (sounds pretty good, even though this
  was 1971)
• The paper goes on to describe (basically)
  multilevel security, the need for hardware
  security to enforce data separation, and
  object-based access control (again, pretty good
  for 1971)

10
Guesses on when this was written?

• Another major problem is the fact that there are
  growing pressures to interlink separate but
  related computer systems into increasingly
  complex networks
• Underlying most current users problems is the
  fact that contemporary commercially available
  hardware and operating systems do no provide
  adequate support for computer security
• In addition to the experience of accidental
  disclosure, there has also been a number of
  successful penetrations of systems where the
  security was added on or claimed from fixing
  all known bugs in the operating system. The
  success of the penetrations, for the most part,
  has resulted from the inability of the system to
  adequately isolate a malicious user, and from
  inadequate access control mechanisms built into
  the operating system

• Computer Security Technology Planning Study -
• October 1972, Electronic Systems Division, Air
  Force
  

11
The Search for the Holy Grail (MLS)

• The road is littered with corpses
• http//www.cs.stthomas.edu/faculty/resmith/r/mls/m
  2assurance.html has some examples
  
• Some not so surprising results
• Operating systems are complicated
• Software developers dont know how to write
  secure code
  
• Without a piece of trusted hardware onto which
  you can layer security assertions, the best you
  can do it a layered defense aka defense in
  depth

12
Fast Forward 2000ish

• Digital Rights Management emerges on the scene
• Content is King.. Or so the saying goes
• DRM is a mechanism for cryptographically
  protecting the rights of the content creator
  
• Microsoft is including DRM-like capability into
  Office to prevent unauthorized sharing of data
  
• DRM is not perfect
• Can be subverted easily when it is software only
• Even hardware-based systems can be subverted,
  especially when theyre badly designed (Thanks
  DVD Jon)

DRM Uses
13
Guess what? DRM is Cool

• According to a recent survey, iPods are cooler
  than beer
  
• Apple made DRM sexy and cool
• The iPod begat ITMS
• ITMS was made possible because Apple came up with
  a rights management scheme that the content
  providers could deal with at a 1 a pop
  
• In Feb 2006, the 1 billionth song was downloaded
  from ITMS
  
• 1 billion songs means people things ITMS is cool
• Through transitivity, Apple made DRM cool
• What does Apple have to do with Trusted Hardware?

or
14
Funny You Should Ask

• Apple just made trusted hardware sexy and cool
  (And you didnt even realize)
  
• Enter the MacBook Pro
• When Apple switched to Intel, the developed
  Rosetta an emulator that dynamically translates
  PPC opcodes to x86
  
• Apple is using the TPM to protect Rosetta from
  starting unless the TPM is there
  
• Ensures Apple proprietary SW only runs on Apple
  HW
  
• Maxxuss repeatedly bypassed this protection

Intel Processor
Legacy PPC App
App Translated to x86
Rosetta
TPM
15
Backing up a Step

• The Trusted Computing Group
• Used to be the Trusted Computing Platform
  Alliance
  
• An industry group (read you have to buy your way
  in) that sets standards for trusted computing
  systems and architectures
  
• Used to be focused soley on the development of a
  trusted piece of hardware (TPM)
  
• Now has broader scope, including networks,
  servers, storage, mobility applications, and
  software APIs
  
• 135 Members, including most of the Big Boys

TCG Focus Areas
16
Trusted Platform Module

• Chips manufactured by a variety of manufactures
• Assured cryptographic operations
• Trusted keystore
• Integrity attestation
• The TPM, on its own, does not do anything
• Higher level systems (boot managers, operating
  systems, applications) must use the TPM to do
  something
  
• The TPM spec says that the user _must have_ the
  ability to turn of the TPM chip
  
• That means the user always has control of their
  device
  
• However, that doesnt mean that all software will
  still work

17
Trusted Computing Many Privacy Concerns

• A Google search for trusted computing will
  result in just as much criticism as technical
  information
  
• Content creators can exert nearly complete
  control of their content. This is really
  annoying when its the operating system
  
• Microsofts WGA anti-piracy software has the
  ability to control what state the OS can be in
  for an upgrade to occur
  
• This includes 3rd party application awareness
  whats your default browser?
  
• WGA will be even more difficult to stomach once
  its backended into a TPM for content management
  and assurance verification
  
• While users have the ability to turn off the
  chip, the software also has the ability to not
  run
  

18
TCG on Privacy

• From https//www.trustedcomputinggroup.org/faq/
• What has the TCG done to preserve privacy?
• TCG believes that privacy is a necessary element
  of a trusted system. The system owner has
  ultimate control and permissions over private
  information and must "opt-in" to utilize the TCG
  subsystem. Integrity metrics can be reported by
  the TCG subsystem but the specification will not
  restrict the choice and options of the owner
  preserving openness and the ability of the owner
  to choose.
• The TCG specification will support privacy
  principles in a number of ways
  
• The owner controls personalization.
• The owner controls the trust relationship.
• The system provides private object storage and
  digital signature capability.
  
• Private personalization information is never
  exposed.
  
• Owner keys are encrypted prior to transmission.
• It is also important to know what the solutions
  are not
  
• They are not global identifiers.
• They are not personalized before user
  interaction.
  
• They are not fixed functionsthey can be disabled
  permanently.
  
• They are not controlled by others (only the owner
  controls them). controls them).

19
Inside a TPM Chip
NVRAM
Platform Configuration Register (PCR)
Attestation Identity Key (AIK)
Program Code
I/O and Comms Bus
RNG
SHA-1 Engine
Key Gen
RSA Engine
Opt-in (State Mgt)
Exec Engine

• PCR - Sets of information that is unique to the
  host (manufactures, serial s, peripherals,
  etc)
  
• AIK - Internal keys used to identify and
  authenticate the TPM to off-chip entities

20
Interacting with the TPM

• Request-response model, very similar to smartcards

Application
Library call or socket
Return value
Trusted Software Stack
TPM Driver
Datagram sent 0x00c1 0x0000000c 0x00000099 0x0
1
Datagram sent 0x00c4 0x0000000a 0x00000000
TPM
21
High-level Breakdown of TPM Commands
22
Examining the Apple TPM

• All Intel-based Macs make use of an Infineon
  TPM
  
• No real interface from Apple to examine/use TPM
  chip
  
• But never fear, weve got code to examine the
  TPM
  
• http//tpm.shmoo.com/

23
MacBook TPM Access Architecture
Ubuntu (modified to boot on a mac by
Mactel-linux.org and customized by
The Shmoo Group)
Custom Apps
tpm-utils
Libtpm (from IBM)
tcsd
Infineon TPM v1.1 (IFX0101)
24
Demo of TPM software

• A live CD for accessing the TPM on a MacBook is
  available at http//tpm.shmoo.com/
  
• It is a bit rough around the edges, but it works
  (pretty much) right out of the gate

25
What about Software Assurance?

• As CS majors, youve been trained in writing
  secure software, right?
  
• At most universities, the answer is a resounding
  no
  
• But assuming we write secure code, theres no
  need for trusted hardware, right?
  
• That assumption is too large to accept
• But technologies like stack guard and NX prevent
  bad software from causing problems, right?
  
• Nope. Software security mechanisms like that are
  generally a cat an mouse game. Someone just
  found a way to execute rogue executables in
  SELinux
• Turns out, we really do need hardware security

26
Trusted Network Connect

• Rather than solving the entire problem from the
  beginning, TCG is taking baby steps
  
• Network access is a problem in nearly every
  enterprise
  
• Accessing the network should involve three
  parties authenticating themselves the user, the
  users device, and the infrastructure
  
• Oftentimes, the device does not strongly
  authenticate itself
  
• With a TPM, a device can have a unique
  cryptographic key to authenticate itself to the
  infrastructure
  
• TNC is basically 802.1x
• Juniper and others already have solutions
• Couple TNC with patching policies, and you can
  really put a dent in internal network security
  issues

27
(No Transcript)
28
Other Capabilities Enabledby Trusted Computing

• Data at Rest security
• Vista has the ability to use a TPM for key
  storage and implements a ecure container (ie an
  encrypted file that is protected by the TPM)
  called BitLocker
• Can be done on any platform (why doesnt
  DiskUtility in OS X use the TPM on the
  Intel-based boxes?)
  
• Crypto API
• No more confusion if an algorithm is implemented
  properly
  
• Remote Attestation
• The ability to tell a remote system about the
  local system with some assurance
  
• Basically, you can attest to the integrity or
  configuration of a machine and cryptographically
  sign the whole thing
  
• Trusted Boot
• TPM-Secure Boot Loader-Signed kernel-Signed
  Drivers -Signed Applications (NOTE Signed !
  secure)

29
Types of Attestation

• Attestation by the TPM
• Proves that the TPM is active and knows some
  secret
  
• Attestation to the platform
• Proves the endpoint can be trusted to report its
  integrity
  
• Attestation of the platform
• Reporting of the integrity of the endpoint
• Authentication of the platform
• Basically, this is device authentication (using a
  secret to authenticate to a network, etc)

30
So.. First, the Bad

• Opportunities abound for loss of control content
  stored on your computer
  
• Failed hardware, systems upgrades have the
  potential to cause havoc with protected software
  
• Sealed data may become unusable
• Users suddenly need to deal with key material
  backup issues
  
• Because we all back up our hard drives already,
  right?
  
• Operating system vendors may get territorial
• For instance, Windows Genuine Advantage could be
  configured to not upgrade if non-MS approve
  software is installed (unlikely, but possible)

31
The Good

• Trusted boot can make a big dent in controlling
  malicious code in the enterprise
  
• Host integrity monitoring can become host
  integrity enforcement (like the migration from
  IDS to IPS only it will actually work)
  
• Trusted network access will tie the security and
  integrity of an endpoint to the authority to
  access the network
  
• The ability to really protect mobile media and
  other data at rest situations

32
The Ugly

• The distrust of many in the security community is
  interfering with making productive use of the
  TPM
  
• Hard to see the forest for the trees
• Also, the trusted computing represents a massive
  shift in risks, threats, and operations no small
  pill for the security community to swallow
  
• While Vista has TPM support the developer
  interface is not documented enough to be useful
  
• OS X does not provide ANY public interfaces to
  the TPM
  
• Most chips in deployment are v1.1 Vista wants
  1.2
  
• Ubiquitous deployment of 1.2 is only 3 or so
  years away

33
Where Trusted Computing is Going

• Trusted computing is going to happen
• Many systems shipping with TPMs already just
  not much software that supports it
  
• HUGE capability for InfoSec Even if we dont
  reach the holy grail of MLS, there are still many
  positive features
  
• However, if all we do is focus on the privacy
  concerns and dont figure out a way to use
  trusted computing to build more secure software,
  well fail before we even get out of the gate
• /rant

34
Before We Finish Up.. Summer of Code, TSG Style

• The Shmoo Group was given the opportunity to
  mentor 4 projects under the Google Summer of
  Code
  
• http//code.google.com/soc/
• Firekeeper (Student Jan Wrobel, Mentor Len
  Sassman)
  
• Browser-level Intrusion Detection via rulesets
  designed to detect and block malicous websites
  (neat, given Jeremiah Grossmans talk)
  
• Prototype available on firekeeper.mozdev.org
• GPGGreasemonkey (Student Kerry McKay, Mentor
  Bruce Potter)
  
• Client side mail encryption for webmail via FFX
  ext.
  
• Currently have implementation for Gmail and
  Yahoo
  
• svn checkout svn//e.shmoo.com/var/repos/gpgwebma
  il

35
(No Transcript)
36
SOC

• Online Rainbow Tables Lookup (Student Keith
  Larimore, Mentor Freshman)
  
• Focused on increasing speed
• Completed Basic search capabilities with Web
  interface, queuing, completion emails
  
• In progress DNS query Interface
• Open Security Framework (Student Soren
  Bleikertz,MentorPravir Chandra)
  
• A framework to simplify network security
  analysis
  
• Master, client, slave

37
Questions?

• Bruce Potter
• gdead_at_shmoo.com
• http//tpm.shmoo.com/
• Go To ShmooCon - March 23-25, 2007