Adversary Models. EECE 571B Computer Security. Konstantin Beznosov

Similar documents
Adversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov

why we need adversary models? Adversary Models elements of an adversary model Dolev-Yao model attacks and countermeasures are meaningless without

Security Analysis of modern Automobile

Security Concerns in Automotive Systems. James Martin

Automotive Attack Surfaces. UCSD and University of Washington

Security of NFC payments

Computer Security and the Internet of Things

Experimental Security Analysis of a Modern Automobile

Modern Automotive Vulnerabilities: Causes, Disclosure & Outcomes Stefan Savage UC San Diego

Optimised to Fail: Card Readers for Online Banking

University of Tartu. Research Seminar in Cryptography. Car Security. Supervisor: Dominique Unruh. Author: Tiina Turban

Some example UW security lab projects, related to emerging technologies. Tadayoshi Kohno CSE 484, University of Washington

System-Level Failures in Security

Payment Security: Attacks & Defences

Ch 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated

Experimental Security Analysis of a Modern Automobile

Embedded Automotive Systems Security:

1.264 Lecture 26. Security protocols. Next class: Anderson chapter 4. Exercise due before class

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

Hacking challenge: steal a car!

Fast and Vulnerable A Story of Telematic Failures

Topics. Ensuring Security on Mobile Devices

Distributed Systems. Lecture 14: Security. Distributed Systems 1

Distributed Systems. Lecture 14: Security. 5 March,

Securing the Connected Car. Eystein Stenberg Product Manager Mender.io

Trusted Platform for Mobile Devices: Challenges and Solutions

Securing the Connected Car. Eystein Stenberg CTO Mender.io

Security of Safety-Critical Devices

INSTALLATION AND USER MANUAL FOR GATEWAY PRO BT

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.

Video Game Security. Carter Jones

Optimised to Fail: Card Readers for Online Banking

Protecting the Client

MOBILE SECURITY OVERVIEW. Tim LeMaster

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Online Banking Security

Secure Ethernet Communication for Autonomous Driving. Jared Combs June 2016

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

PCI Compliance Updates

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

C and C++ Secure Coding 4-day course. Syllabus

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

AUDIO AND CONNECTIVITY

INSTALLATION AND USER MANUAL FOR GATEWAY PRO BT

INSTALLATION AND USER MANUAL FOR GATEWAY PRO BT

e-commerce Study Guide Test 2. Security Chapter 10

CN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005

INSTALLATION AND USER MANUAL FOR GATEWAY PRO BT

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Outline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring

E-commerce security: SSL/TLS, SET and others. 4.2

The Attackers Principles

Wireless Network Security Spring 2015

Crypto meets Web Security: Certificates and SSL/TLS

Linux in the connected car platform

Cyber Security Basics. Presented by Darrel Karbginsky

Cross-Domain Security Issues for Connected Autonomous Vehicles

The Attackers Principles

The Internet of Things. Steven M. Bellovin November 24,

Vidder PrecisionAccess

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Deliver Strong Mobile App Security and the Ultimate User Experience

SECURITY OF VEHICLE TELEMATICS SYSTEMS. Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic University

What is Eavedropping?

COMPUTER NETWORK SECURITY

Infotainment Manual Model Year 2013 Edition: May 2012 TS 1686-A-13. VAUXHALL Vivaro

ADVANCED ATTACKS AGAINST MOBILE/IOT DEVICES

Automotive Cybersecurity: Why is it so Difficult? Steven W. Dellenback, Ph.D. Vice President R&D Intelligent Systems Division

Automotive Security: The Bad and the Ugly. Flavio Garcia University of Birmingham

IS CAR HACKING OVER? AUTOSAR SECURE ONBOARD COMMUNICATION

AUDIO AND CONNECTIVITY

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Protecting the Client. Steven M. Bellovin October 13,

Wireless Network Security Spring 2016

Section 3.9 PCI DSS Information Security Policy Issued: November 2017 Replaces: June 2016

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Technology in Action. Chapter Topics. Participation Question. Chapter 8 Summary Questions. Participation Question 8/17/11

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

Author: Tonny Rabjerg Version: Company Presentation WSF 4.0 WSF 4.0

CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM

The Fully Networked Car. Trends in Car Communication. Geneva March 2, 2005

Session key establishment protocols

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

When Hardware Attacks. Marc Witteman

Session key establishment protocols

Protecting the Client. Steven M. Bellovin October 9,

Bank Infrastructure - Video - 1

Attacking and Defending LoRa systems. LoRa the Explorer 22/03/2016

WHITE PAPER. Secure communication. - Security functions of i-pro system s

Mobile Security Fall 2014

Dash 4.0. User Manual

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

Congratulations on the purchase of your new Clover Mobile

Security in ECE Systems

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Vendor: CompTIA. Exam Code: Exam Name: CompTIA A+ Certification Exam (902) Version: Demo

Transcription:

Adversary Models EECE 571B Computer Security Konstantin Beznosov 1

why we need adversary models?! attacks and countermeasures are meaningless without 2 2

elements of an adversary model! objectives! obtain secret(s): decrypt cipher-text, guess/find password! obtain access to assets: access to an account, full or partial control of a system or its parts! initial capabilities! knowledge of (1) keys, passwords, and other secrets, (2) system/environment design/architecture! access to the system s source code and other implementation details! partial access to a system (PC, server, mobile device)! partial control of a system (direct browser to a URL, control of a low-privilege account)! capabilities during the attack! passive: eavesdropping messages! active: modifying, re-playing, or removing messages! running code on the target system! observing system at run-time 3 3

Dolev-Yao model! the network is completely under the adversarial control! can record, delete, replay, reroute, reorder, and completely control the scheduling of messages.! the adversary is the network! the honest participants send their messages only to the adversary and receive messages only from the adversary.! the adversary can choose the recipient and auxiliary information for its messages with total non-determinism! initial knowledge of the adversary! the public keys (KPub ),! the private keys of subverted participants (KAdv KPriv),! the identifiers of the principals (I), and! the nonces the adversary itself generates (RAdv R), which are assumed to be distinct from all nonces generated by honest participants. 4 4

Dolev-Yao model (continued)! message M is derivable by adversary from a set of messages S, if it s possible to produce by applying the following operations a finite number of times:! decryption with known or learned private keys! encryption with public keys! pairing of two known elements! separation of a pair into its components 5 5

Chip & PIN 6

EMV protocol Europay, MasterCard, VISA (EMV) -- protocol for payment cards with chips (and PINs) 750M cards currently deployed a three phase protocol: 1.Card authentication type of card, issuer, verification method list etc) 2.Cardholder verification, based on verification method list, 1.PIN 2.signature 3.nothing 3.Transaction authorization card generates secured transaction info for the issuing bank clearance 7 7

a complete run of a Chip & PIN protocol Figure 2. A complete run of a Chip and PIN protocol. adopted from [1] 8 8

video clip http://www.youtube.com/watch?v=jpax32lgkrw 9 9

cardholder verification step Figure 3. The man-in-the-middle suppresses the PIN Verify command to the card, and tells the terminal that the PIN has been verified correctly. A complete transaction is detailed in Appendix A. adopted from [1]! attacker tricks the card into thinking it s doing a chip-andsignature transaction while the terminal thinks it s chipand-pin. 10 10

adopted from [1] 11 11

the attack adopted from [1] adopted from [1] 12 12

adversary model! objectives! pay to a street merchant with a stolen payment C&P card! initial capabilities! can still payment C&P cards! can purchase or make necessary equipment for the MITM attack! capabilities during the attack! conceal the equipment from the merchant s staff! conceal the fact that the fake card has wires attached to it! insert the fake card in the merchant s terminal 13 13

Sony CD-DRM Episode 14

who is the adversary?! user who wants to rip a CD! researchers, who analyzed the Sony CD DRM! Label vendor, who wants to use DRM for free! DRM vendor, who wants to install its software on the user s PC! criminals who want to use attack user s PC using vulnerabilities in the DRM software 34 15

Sony CD DRM: options for attack tactics 1. defeat the passive protection 2. stop the DRM software from installing itself 3. trick the recognition algorithm 4. defeat the active protection software s blocking 5. capture the music from the DRM vendor s player 6. uninstall the protection software 7. create state snapshot, rip CD, rollback the state 35 16

Sony CD DRM: attack adversary model! objectives! wants to copy the music illegally! wants to make uses allowed by copyright law but blocked by the DRM! initial capabilities (not all required)! approximately knows CD structure (music and data sections )! can prevent parts of the CD from being read by the drive (masking tape or felt-tip marker)! can configure their PC not to do autorun! can rename the executable of the ripping/copying application! has access to protected and unprotected versions of the same album and can perform binary comparison 36 17

Sony CD DRM: adversary model capabilities during the attack (not all required)! physical access to the computer! can hold the keyboard Shift Key when inserting! can play the CD in a different OS (Linux or MacOs)! can repeatedly insert and ejecting the CD many times! can kill the installer process (using the Windows Task Manager) before it can eject the CD! can issue commands directly to the CD drive, bypassing Windows CD driver! can log all CD device activities! can create new watermarked disks! can convert the tracks to a lossy format, like MP3, and then burn them back to a CD! can flip the least significant bit of one carefully chosen sample from each of the 30 watermark clusters! can transplant the 3 least significant bits of each sample within the watermarked region of a protected track to the corresponding sample from an unprotected track! can deduce the full details of the structure of the watermark! can create and restore and snapshot of the PC state! can modify %windir%\system32\ $sys$filesystem\$sys$parking file 37 18

Question to ponder When you read the Sony DRM Episode paper:! What s the model of the adversary that is trying to compromise user s computer by exploiting vulnerabilities due to the DRM? 38 19

Security Analysis of a Modern Car 20

today cars adopted from [2] Figure 1: Digital I/O channels appearing on a modern 40 21

indirect physical access: media player attack! attack 1: vestigial radio reflash from CD code! attack 2: WMA parsing bug -> buffer overflow! on-radio debugger! insert CD containing malicious WMA file! compromise the car 41 22

short-range wireless: Bluetooth attack! common embedded Bluetooth stack on telematics unit! strcpy() bug! Android trojan compromises telematics ECU! can undetectably pair a bluetooth device! USRP-based software radio!! brute force PIN! cannot be unpaired with standard interface 42 23

long-range wireless: cellular attack telematics telematics buffer overflow SSL software modem PPP voice channel 3G cell phone! call telematics unit! transmit malicious payload (using modem protocol or just play malicious sound track over phone) 43 24

what s next?! remotely trigger code from prior compromise! proximity trigger! broadcast trigger (FM RDS)! short-range targeted trigger (Bluetooth)! global targeted trigger (cellular) 44 25

what can an adversary do with this?! car theft 1.compromise car 2.locate it via GPS 3.unlock doors 4.start engine 5.bypass anti-theft video demo: http://www.youtube.com/watch?v=bhfoziiwxic (minute #16)! surveillance 1.compromise car 2.continuously report GPS coordinates 3.stream audio recorded from the in-cabin mic 45 26

! objectives adversary model! take control over parts or the whole car in order to perform surveillance, theft, or cause car accident.! initial capabilities! access to equipment and documentation to develop and test an attack! extract device s firmware! reverse engineer firmware! identify and test vulnerable code paths! weaponize exploits! capabilities during the attack (one of the three)! indirect physical access to the car! interacts with a physical object that interacts with the car diagnostic tool that plugs directly into OBD-II port entertainment systems (CD player, digital multimedia port, ipod Out)! short-range wireless signals (between 5 and 300 meters)! Bluetooth, Remote Key Entry, RFID car keys, Tire Pressure Monitoring Systems, WiFi, Dedicated Short Range Communications! long-range wireless signals (greater than 1 km)! broadcast channels: GPS, satellite radio, digital radio, Radio Data System, Traffic Message Channel! addressable channels: remote telematics systems 46 27

summary: adversary model! objectives! initial capabilities! capabilities during the attack 47 28

references 1. Chip and PIN is Broken, Murdoch, Steven J.; Drimer, Saar; Anderson, Ross; Bond, Mike;, Chip and PIN is Broken, 2010 IEEE Symposium on Security and Privacy (SP), pp.433-446, 16-19 May 2010, doi: 10.1109/SP. 2010.33 2. Comprehensive Experimental Analyses of Automotive Attack Surfaces, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, T. Kohno, USENIX Security, August 10 12, 2011. 48 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback