Stanford Cybersecurity January 2009

50 %
50 %
Information about Stanford Cybersecurity January 2009
Technology

Published on March 4, 2009

Author: yellowj

Source: slideshare.net

Description

A presentation given by Peter Levin, Consulting Professor at Stanford University.

Cybersecurity Peter L. Levin Consulting Professor January 2009

Evolution of GPS Service Availability (sparse constellation) Accuracy (selective availability) Integrity (aviation) Coverage (urban canyons and indoors) Security (location based authentication) Copied without shame or remorse, but with attribution, from Per Enge

Availability (sparse constellation)

Accuracy (selective availability)

Integrity (aviation)

Coverage (urban canyons and indoors)

Security (location based authentication)

Copied without shame or remorse, but with attribution, from Per Enge

The Problem Statement “The United States is already engaged in a ‘low-intensity’ cyber conflict”. - General Wesley K. Clark, former SACEUR “[And] cannot kill or capture its way to victory”. Robert M. Gates, Secretary of Defense

“The United States is already engaged in a ‘low-intensity’ cyber conflict”.

- General Wesley K. Clark, former SACEUR

“[And] cannot kill or capture its way to victory”.

Robert M. Gates, Secretary of Defense

“It is a battle we are loosing”

The Black Swan Effect We won’t be more secure in a day Planning takes time, energy, focus Competing priorities False perceptions current safety difficulty of raising the bar . . . but we can be crippled in seconds Insidious attacks can come from anywhere the network, the software, or the hardware Catastrophic results if we’re left unprotected

We won’t be more secure in a day

Planning takes time, energy, focus

Competing priorities

False perceptions

current safety

difficulty of raising the bar

. . . but we can be crippled in seconds

Insidious attacks can come from anywhere

the network, the software, or the hardware

Catastrophic results if we’re left unprotected

Public Awareness Has Changed

“ several Georgian state computers [were] under external control” So they moved websites to Google:

P2P uses as much as 60% of Internet Bandwidth P2P networks offer an easy way to disguise illegitimate payloads using sophisticated protocols, and can divert network traffic to arbitrary ports From Spector 360

Machine Readable Travel Documents

Cracked in ten seconds for $10,000

Real-world reliability vs digital security reliability Seven nines: aircraft landing Six nines: mature manufacturing qa Five nines: PSTN availability (after 100 years) Four nines: domestic electric energy transmission Three nines: maximum possible desktop uptime Two nines: credit-card number protection One nine: internet traffic not broadly related to attack Zero nines: “[a]bility of stock antivirus to find new malware” Security is a Subset of Reliability * *from the article of that name by Geer and Conway, IEEE Security and Privacy, Dec 08

Real-world reliability vs digital security reliability

Seven nines: aircraft landing

Six nines: mature manufacturing qa

Five nines: PSTN availability (after 100 years)

Four nines: domestic electric energy transmission

Three nines: maximum possible desktop uptime

Two nines: credit-card number protection

One nine: internet traffic not broadly related to attack

Zero nines: “[a]bility of stock antivirus to find new malware”

The (Cyber)Security Marketplace

Hardware Sabotage “The most monumental non-nuclear explosion ever seen from space” was reportedly caused by the US in a Soviet commercial gas pipeline. An Israeli bombing raid on a suspected Syrian nuclear facility was (allegedly!) due to a “kill switch” that turned off surveillance radar.

Hardware’s Axis of Evil

Counterfeits are Expensive and Dangerous Exploit complexity Difficult to detect Compromise security Source: Unclassified FBI Report, January 2008

Exploit complexity

Difficult to detect

Compromise security

Chip-Making in Four Easy Steps RTL & Layout Design Mask Creation Logic Circuit Design Function Specification Thanks to Grace and Sherman for this slide

Chip-Level Hardware Assurance Graphic from Sally Adee, IEEE Spectrum authenticity and provenance mechanical compromise add extra wires add extra transistors

“ Your Hands Can’t Hit What Your Eyes Can’t See” DAFCA provides on-chip, at-speed, in-system visibility

Integrate Verification and Validation Tap the lines “pre-silicon” Software only Platform/technology agnostic Automated Observe behavior “post-silicon” Configure, operate, and control FSM Don’t slow down, don’t stop No extra pins, no special libraries React Injection, isolation, remediation

Tap the lines “pre-silicon”

Software only

Platform/technology agnostic

Automated

Observe behavior “post-silicon”

Configure, operate, and control FSM

Don’t slow down, don’t stop

No extra pins, no special libraries

React

Injection, isolation, remediation

Why At-Speed Observability Matters Example: 5 billion transaction “boot scenario” SW simulation @ 0.01 MHz = 6 days* HW acceleration @ 0.1MHz = 14 hours* At-speed @ 500 MHz = 10 seconds * Even these are 10x faster than IBM’s benchmark

Example: 5 billion transaction “boot scenario”

SW simulation @ 0.01 MHz = 6 days*

HW acceleration @ 0.1MHz = 14 hours*

At-speed @ 500 MHz = 10 seconds

* Even these are 10x faster than IBM’s benchmark

Two Examples By “hardware assurance” we mean: Is the chip authentic? Is the chip functioning properly? Until now, most of the attention has been focused on “static” views

By “hardware assurance” we mean:

Is the chip authentic?

Is the chip functioning properly?

Until now, most of the attention has been focused on “static” views

Detect Malfunction Invisible to functional logic Invisible to application software Impossible to understand by inspection It’s just gates and flops, no hard macros It’s configured on the fly

Invisible to functional logic

Invisible to application software

Impossible to understand by inspection

It’s just gates and flops, no hard macros

It’s configured on the fly

An Instrumented GPS Chip Trace RAM (1k x 128) Transaction Engine PTE TRACER LCD_MUX CB1_MUX aligner 4-fifo grp_lcd_out grp_lcd_fifo_rd2 grp_lcd_fifo_rd1 grp_lcd_fifo_rd3 grp_lcd_rgb grp_arm_i grp_arm_r_0 grp_usb_slv grp_usb_mstr 125 125 125 FINAL_SPN 125 CB2_MUX 125 CB3_MUX 125 125 GP_IN 2 valid bit valid bit Observation Bus = 125 (probe grp) + 2 Valid + 1 Time Stamp = 128 bit 1 valid for domain crossing of 10Mhz to 166MHz 1 valid for domain crossing of 83KHz to 166MHz SPN NETWORK 166MHz 10MHz 1 valid bit 1 valid bit 125 CDC_LCD 166MHz 166MHz CAPSTIM aligner Trace RAM (1k x 128)

The Road Ahead abstraction Detected Violation Software objects, pointers, calls, register writes Bus cycles, arbitration policies, event sequencing On-Chip cycle protocols and timing T T T T T T T T T T T T T T T T T T T Bus Protocol Assertions Static Mode Selects Exception Generators Memory Checkers Performance Monitors Traffic Generators Event Sequencing Boot-up System Software Application Software O c D observe characterize detect observe characterize detect

Device Authenticity/Anti-Counterfeit Counterfeit chips are easy to make, hard to detect Enormous economic incentive most hackers are driven by money Attractive targets for adversaries banks, hospitals, military installations Our customers need an inexpensive and reliable way to detect counterfeit devices in the field

Counterfeit chips are easy to make, hard to detect

Enormous economic incentive

most hackers are driven by money

Attractive targets for adversaries

banks, hospitals, military installations

An Anti-Counterfeit Architecture DAFCA – on-chip instrumentation eScrypt – embedded security SiDense (CMOS embedded flash) Zanio – highly secure positioning and time

DAFCA – on-chip instrumentation

eScrypt – embedded security

SiDense (CMOS embedded flash)

Zanio – highly secure positioning and time

On-Chip, At-Speed, In-System Instrumentation Tap the lines pre-silicon Conveniently, easily, ubiquitously Formal/model check the result Observe behavior at speed Assertions, triggers, breakpoints Performance monitoring React Injection, remediation, isolation Step One: “Talk to me ”

Tap the lines pre-silicon

Conveniently, easily, ubiquitously

Formal/model check the result

Observe behavior at speed

Assertions, triggers, breakpoints

Performance monitoring

React

Injection, remediation, isolation

Establish An Encrypted Channel On-Chip PKI Extremely compact Unique Based on random mfg variability Secure Store keys in protected cmos flash Step Two: “Talk securely to me ”

On-Chip PKI

Extremely compact

Unique

Based on random mfg variability

Secure

Store keys in protected cmos flash

Embed A Secret Unique GPS token One-time insertion Prove authenticity Dynamic challenge-response protocol Can be implemented in-field Two factor security Device fingerprint (PUF) Device pedigree (location and time) Step Three: “Tell me a secret ”

Unique GPS token

One-time insertion

Prove authenticity

Dynamic challenge-response protocol

Can be implemented in-field

Two factor security

Device fingerprint (PUF)

Device pedigree (location and time)

Use GPS to Ensure Authenticity Easy to use – no interruption of design implementation flow No special pins, no special libraries, no performance degradation On-chip, at-speed, in-system can be accessed remotely, and in-field Set an extremely high bar for hackers

Easy to use – no interruption of design implementation flow

No special pins, no special libraries, no performance degradation

On-chip, at-speed, in-system

can be accessed remotely, and in-field

Secure Channel, Secret Message DAFCA + eScrypt + Zanio enables Access to the Zanio core from the device, from the operating system, or from the host system Message passing to and from the device without fear of compromise A “plug compatible” device that can easily replace or substitute unprotected chips

DAFCA + eScrypt + Zanio enables

Access to the Zanio core from the device, from the operating system, or from the host system

Message passing to and from the device without fear of compromise

A “plug compatible” device that can easily replace or substitute unprotected chips

Location Security Application areas Public health and safety Tolling and mobile asset tracking Networked asset protection (including data) National security applications (including MTDs) Financial infrastructure (laundering and fraud) How do you know you are where you think you are? How do I know that you are where you say you are?

Application areas

Public health and safety

Tolling and mobile asset tracking

Networked asset protection (including data)

National security applications (including MTDs)

Financial infrastructure (laundering and fraud)

How do you know you are where you think you are?

How do I know that you are where you say you are?

Next Generation Cybersecurity Augment the GNSS utility to Defeat spoofing Overcome jamming Security for GNSS -> Security from GNSS

Augment the GNSS utility to

Defeat spoofing

Overcome jamming

Security for GNSS -> Security from GNSS

Conclusion Cybersecurity is a priority of the new administration Approximately $30 billion in new programs Hardware assurance will be a prominent part of the technical roadmap Anti-tamper and anti-counterfeit solutions are available today

Cybersecurity is a priority of the new administration

Approximately $30 billion in new programs

Hardware assurance will be a prominent part of the technical roadmap

Anti-tamper and anti-counterfeit solutions are available today

Add a comment

Related presentations

Related pages

January 1, 2009 - Stanford Center for Internet and Society

The Center for Internet and Society at Stanford Law School is a leader in the study of the law and policy around the Internet and other emerging technologies.
Read more

Stanford to host White House Summit on Cybersecurity and ...

The White House announced that it will host a Summit on Cybersecurity and Consumer ... January 13, 2015 Stanford ... cybersecurity practices. Stanford ...
Read more

Cybersecurity Archives | Page 2 of 2 | Stanford News

Summit on cybersecurity: ... 2009; 2008; 2007; 2006; 2005; 2004; 2003; 2002; 2001; 2000; ... Stanford News is a publication of Stanford University ...
Read more

Cybersecurity - Stanford Center for Internet and Society

The Center for Internet and Society at Stanford Law ... There’s the White House plan, announced in January. There’s the Cybersecurity ... June 12, 2009.
Read more

STANFORD CONGRESSIONAL CYBER BOOT CAMP

STANFORD CONGRESSIONAL CYBER BOOT CAMP ! ... (effective January 2015) ... nation’s cybersecurity. From 2003-2009, ...
Read more

January 2009 - Calendar - Career Center - Stanford ...

January 27, 2009 Stanford Accounting for the cost of US health care: a new look at why Americans spend more (McKinsey Webinar) January 28, 2009; 5pm PST
Read more

Stanford University

Stanford University is one of the world's leading research and teaching institutions. It is located in Stanford, California.
Read more

Obama plans 'cybersecurity summit' at Stanford | News ...

Obama plans 'cybersecurity summit' at Stanford / free articles read. Subscribe for unlimited access Read FAQ. Bay City News Service. President Barack ...
Read more

SLAC Today, Monday - January 26, 2009

http://today.slac.stanford.edu. In this issue: Tower Turnover ... Monday - January 26, 2009: Cooling Tower 101 has served SLAC for more than 40 years.
Read more