Cas cs591 topics in internet security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

CAS CS591 Topics in Internet Security PowerPoint PPT Presentation


  • 75 Views
  • Uploaded on
  • Presentation posted in: General

CAS CS591 Topics in Internet Security. Kingpin ([email protected]) http://www.L0pht.com [L-zero-P-H-T] Hardware and Embedded System Security Pitfalls. Introduction. The L0pht Origin Mission Members Who am I?. The L0pht - Origin. Banded together in 1992

Download Presentation

CAS CS591 Topics in Internet Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cas cs591 topics in internet security

CAS CS591 Topics in Internet Security

Kingpin ([email protected])

http://www.L0pht.com [L-zero-P-H-T]

Hardware and Embedded System Security Pitfalls


Introduction

Introduction

  • The L0pht

    • Origin

    • Mission

    • Members

    • Who am I?


The l0pht origin

The L0pht - Origin

  • Banded together in 1992

  • Originally set out as a simple communal storage area

  • Combination of everyone’s “junk” turned into gems

  • From networks to watchdogs

  • The security puzzle


The l0pht mission

The L0pht - Mission

  • Learn and explore

  • Provide an unbiased soap-box for our views and beliefs on technology

  • Give back to the network security community without playing favorites

  • Have the place self perpetuate (pay for itself)


The l0pht members

The L0pht - Members

Mudge

Weld Pond

Kingpin

John Tan

Brian Oblivion

Space Rogue

Silicosis

Dildog


Kingpin

Kingpin

  • Involved w/ L0pht since inception, 1992

  • Electrical engineer, hardware hacker

  • Dial-up/telephone systems

  • Product design


Hardware and embedded system security pitfalls

Hardware and Embedded System Security Pitfalls

  • Security problems aren’t just limited to software

  • Consider all possibilities when interfacing with the outside world!

  • Any design can have fundamental flaws


Applications

Applications

Complex

Simple


Answering machine

Answering Machine

  • Users can access supervisory functions of various answering machines

“Secure” 3-digit password

max 10^3 or 1000

H/W jumpers determine password

2 * 2 * 4 = 16 combinations

(371, 372, …, 485, 486)

AT&T Model 1320


Ethernet mac cloning

Consider easy user accessibility issues for other products?

Ethernet MAC Cloning

  • MAC Address stored in easily reprogrammable Serial EEPROM

  • http://www.L0pht.com/~kingpin/mac_address_cloning.pdf

  • Can often do in configuration software


Palmos beamcrack

PalmOS: BeamCrack

  • One-bit flag in each database determines whether it can be “beamed” or not

  • Designed for ease of application developer, not for practical security of applications

  • http://www.L0pht.com/~kingpin/pilot.html


Palmos beamcrack cont

PalmOS: BeamCrack (cont.)

for (i=0; i < numDatabases; ++i)

{

dbID = DmGetDatabase (cardNo, i); // Retreive the database ID of a database by index

if (dbID) // If it exists...

{

// get the current attributes, turn on/off protection, and save them.

DmDatabaseInfo(cardNo, dbID, 0, &attributes, 0,0,0,0,0,0,0,0,0);

if (!(attributes & dmHdrAttrReadOnly)) // If database isn't read-only

{

if (dbProtect)

attributes = attributes | dmHdrAttrCopyPrevention; // Set the beam-lock bit

else

attributes = attributes & ~dmHdrAttrCopyPrevention; // Remove the beam-lock bit

DmSetDatabaseInfo(cardNo, dbID, 0, &attributes, 0,0,0,0,0,0,0,0,0);

}

}

}


Cisco router

0

8

2

0

4

E

Cisco Router

  • “Encrypted” password stored on router (can read on configuration screen)

  • Passwords of type 7 encoded by XOR’ing plaintext against constant value

= ab

offset

1st

char.

2nd

char.


Cisco router cont

Cisco Router (cont.)

tfd;kfoA,.iyewrkldJKD

Easy enough to calculate by hand!


Wireless data

Wireless Data

  • Unencrypted, easily receivable digital data streams

    POCSAG / FLEX / GOLAY

    ARDIS / MOBITEX

    MDC4800

    ACARS

  • “Who would listen?” mentality

  • Encryption could be used to authenticate, not just obfuscate the information

  • Decrease risk of “phantom controller” and spoofing


Tempest

TEMPEST

  • Receive electromagnetic interference (EMI) from monitors, keyboards and recreate signal/data

  • Ways to prevent EMI: Shielding, proper circuit board design, Soft Tempest Fonts (Markus Kuhn, http://www.cl.cam.ac.uk/~mgk25/st-fonts.zip)

Long story short...


Tempest cont

TEMPEST (cont.)

Clinton Grand Jury Testimony

Encrypted from Point A to Point B

Two endpoints completely wide open!


Smartcards biometrics etc

How much better are these new technologies?

Smartcards, Biometrics, etc.

Newest buzzwords and “high-tech” gadgetry

Evaluate for yourself!


Dallas ibutton

Dallas iButton

  • One-wire I/O interface

  • Unique technology

  • Authentication, encryption, many uses…

  • iButton Touch Memory Primer (2600 Magazine, Winter

    1998-1999, vol. 15 #4)

  • Emerging area, hope to investigate further

E-mail me for a copy


Time based tokens

Time-based Tokens

  • Proprietary algorithm

  • Originally designed for non-promiscuous environments (i.e. phone lines)

  • Not designed with physical tampering in mind! Should self-destruct critical information?

  • Reverse-engineered device down to circuitry level


Time based tokens cont

Time-based Tokens (cont.)

  • Placement of crystal allows us to:

    • Speed it up - view more iterations to look for repeated sequences

    • Slow it down - single-step, external measurement tools (logic analyzer)

  • Serial programming terminals!

    • Set or retrieve secret number for cloning


In closing

In Closing...

  • These examples not necessarily related to topics in the class, but the problems are widespread

  • Be careful, be proactive, peer review

  • Shortcomings in any technology - pick the one that best fits, “raise the bar”


Thanks

Thanks!

Kingpin ([email protected])

http://www.L0pht.com [L-zero-P-H-T]


  • Login