Three Stupid Things to Do with InfoSec Technology

1
Three Stupid Things to Do with InfoSec Technology

• (and a few sensible alternatives)
• E. John Sebes
• Integral Security Consulting

2
Stupid Defined

• Doesnt really effect an important risk
• Costs money
• Raises false expectations
• Ignores weakest link Razor
• Undertaken without target of benefit

3
Why is Stupid Interesting?

• Exposure to fallacious thinking
• Learn how not to do it yourself
• More entertaining way to illustrate sensible
• Via counter-example
• Learning by problem-solving
• Some of the stupid bits are for you to find
• Caveat stupid is needlessly provocative
• Mis-guided is more accurate
• Many people think that they are thinking
• when they are actually re-arranging their
  prejudices.
• William James

4
Three Stupid Things

• Digital Rights Management
• In open systems, or with fuzzy risk
• PKI certificates for people
• Certificate based authentication
• VPNs for remote access
• Road warriors dont need
• Bonus topic for stupid-finding wireless

5
DRM Defined

• DRM digital content protection (DCP)
• Plus access control (rights)
• Plus management of access rules (policies?)
• Plus management of authentication
• DCP is the tricky part
• Plenty of types of access control software
• Too many authentication schemes already
• Management of access policy is a different
  problem (cant be address feasibly today)

6
Ingredients of DCP

• Data encryption and key management
• Trusted software in hostile execution
  environment
• Software self-integrity checking
• Secrets hidden in software
• Countermeasures for some techniques to crack
  secrets out of software
• Ad hoc measures against debugging
• Ad hoc measures against data capture
• For example, taking screen shots

7
Fundamental Problem for DCP

• Problem fundamental lack of control over
  redistribution of data
• I put goodies in file, give access to Alice but
  not Bob
• Alice copies file and distributes it to Bob/world
• Not a new problem for information assets
• Digital information assets particularly
  problematic
• Cost of copying is near zero, loss of fidelity is
  zero
• Cost of many many copies is near zero
• More assets with this problem (and more asset
  owners) than ever in history

8
Fundamental Value of DCP

• Alice can copy DCPd file, but Bob cant read it
• Access controls go along with copy
• Really access to copies regulated by trusted
  software in same way as original
• Value of protection is commensurate with value of
  asset, up to value of attack on the DCP mechanism
• This value relation is often overlooked
• Hence the bad aroma of DRM to date

9
Fundamental Problems of DCP

• Not a problem limit of solution
• Copying from intended output, e.g. audio
• Very Stupid use DRM for assets that admit of
  high fidelity copies from intended output
• Problem secret in software
• Problem buffer sniffing

10
Secret In Software

• Store D only as F KfD, Kek Kf, md
• F is a file Kf is unique key for F
• md is metadata, maybe including rights info
• Data integrity might reuse Kf
• Kek is key-encrypting key
• Kek mix of Kmaster and maybe other stuff
• Kmaster stored encrypted by mix(Kuser ,Ksecret)
• Kuser is derived from user authentication
• Ksecret recomputed during each run of SW

11
Secret In Software Why?

• Kek scheme includes master key so that copies of
  F can be computed by users unknown at time of
  creation
• Kek includes Kuser so that unauthenticated user
  cant gain access
• Kek includes Ksecret so that master key cant be
  decrypted by user who knows their own auth data
  and the Kuser algorithm
• Dont rely on secrecy of MS WinXP DPAPI

12
Buffer Sniffing

• Attack tool to use OS kernel privilege to read
  process memory of trusted SW
• Synchronize with File I/O
• Interrupt some time after File I/O return
• Read process memory of buffer of decrypted data
  from File I/O
• No need to defeat key management scheme or use of
  cryptography

13
Protect the Secret How Much?

• Occams weakest link Razor
• Apply to question of how much to do with
• Software protection, code obfuscation, etc.
• In order to protect the secret
• Answer dont make attackers work factor any
  greater than for memory sniffing
• Memory sniffing is just one metric for Razor
• DRM STTD 2 build DCP with tons of effort on
  code protection

14
How to Use DRM Unwisely

• DRM STTD 3 use DRM to protect important assets
  in open environment
• Open You have no control, visibility, or
  prediction of how widely F will be copied
• No way to constrain or assess risk
• Risk of a copy being obtained by adversary with
  skills to exploit the weakest link

15
Real World Sensible Alternative

• Protect confidential business documents
• Intrinsic invoice, bid/proposal, forecast
• Extrinsic regulated information, forecast
• Policy, audit, and accountability for
  distribution
• Contracts consequences of policy violation
• Accept risk of insider gaining attack skills and
  risking accountability
• Upper limit on value of D related to accepted
  risk
• Razors bar can be low e.g., shared passwords

16
DRM Discussion Points

• Do all DCP approaches have this problem?
• What about server-based systems like Authentica?
• Is a truly server-less approach possible?
• How would the authentication work?
• In an enterprise environment?
• Additional vulnerabilities?
• What would rights management really mean?
• Assign rights at creation time? Who does?
• Changes in rights over lifecycle?
• Coca-Cola, yes Coke formula no other examples?

17
PKI Defined

• First, you need public-key cryptography (PKC)
• Need to eliminate shared secrets
• And not for a trivial closed system
• That means public-key certificates
• Tells Alice what Bobs key is
• Infrastructure for certificates
• Application, evaluation, issuance, distribution,
  revocation, expiry, renewal, validation,
  liveness, trust evaluation, trust configuration
  (includes integrity, management, and security of
  management (includes infinite regress)), key
  protection, key recovery
• Non technical measures of defining
  responsibility, liability, limits, where the ugly
  come in,

18
PKI Example Server Certificates

• PKC needed for one way key exchange of symmetric
  session keys using PKs and SSL
• Server cert advertises servers PK
• Client not authenticated
• Distribution in band, no liveness check
• Trust management limited to Verisign racket
• All liability rests with client
• Great for communication security
• Accomplishes nothing else

19
PKI Example IPsec Certificates

• PKC needed for two way key exchange of symmetric
  session keys for IPsec VPN
• Each of 2 IPsec gateways advertises its PK
• Authentication of each party
• Liveness handled via authentication DB
• Trust management based on manufacturer
• All liability rests with owners
• Great for communication security
• Ensures that my VPN box will let in traffic only
  from the other VPN boxes that I tell it about

20
Authentication and Certificates

• Sometimes passwords arent good enough
• Typical upgrade is token-based scheme
• Very effective, 2-factor, very common
• Cost cheap devices, server software license
• Like passwords, portability requires work
• Certificates means to an authentication end
• Demonstration of possession of private component
  of key described in certificate
• Certificate-based authentication (CBA)
• Better alternative to passwords
• No shared secret
• Portability often touted

21
CBA In Practice

• Certificates issued to people end users
• Typically flawed issuance process
• Especially with outsourced CA approach
• Installed on users PC cert and private key
• Installed by who, with what access to key?
• Private key stored on disk, in keyfile
• Stored key data encrypted by passphrase key
• User provides passphrase to applications that
  need to access the key

22
CBA What Hasnt Been Gained

• Password if you can acquire the password hash,
  you can mount a dictionary attack
• CBA if you can acquire the keyfile and some
  ciphertext, dictionary attack
• Tokens must be physically present to steal
  token, crack data from it, guess PIN, and use
  ciphertext not as easy to come by
• STTD upgrade from passwords to CBA
• RSTTD upgrade from tokens to CBA

23
Digital Signatures PKI STTD 3

• With end-user certificates, digital signatures
• Assertion Alice said X at time Y
• Really somebody in possession of Alices key
  said X at some time previous to now
• Dont know much about Alices key protection
• Non-repudiation myth of digital signatures
• Alice cant repudiate a signature because it was
  made with her key
• Actually, she can cast much much doubt on the
  assertion

24
Why Use CBA Weak N-R

• Weak Non-Repudiation defined
• If Alice says that she didnt do it
• Session or data authenticated to her
• Then I am no more likely to be the imposter than
  anybody else
• Weak NR is infeasible with shared-secret
  authentication schemes (passwords, Kerberos)
• Authenticating party can gain access to Alices
  authentication data
• For passwords, why isnt hashing good enough?
• Weak NR is feasible with CBR
• Authenticating party has public key, only Alice
  has private key
• Example electronic medical records access, HIPAA

25
PKI Discussion Points

• How can you make CBA as strong as tokens?
• Can you make it better than tokens?
• Would biometrics help?

26
Remote Access VPNs

• IPsec client on laptop, VPN gateway at HQ
• End-user launches client and authenticates
• IPsec tunnel created
• All traffic tunneled back to HQ gateway
• Or split mode session
• User-oriented problems
• Client SW not easy to use
• Not all traffic is tunneled
• Users work-around and create security problems

27
IPsec VPN Problems

• Intent is to be just like on enterprise LAN
• Doesnt quite work, but enough
• Connected client can have very broad access
• Thats often very undesirable!
• Result do network topology engineering
• Define remote-access services
• Put only those on network segment accessible from
  gateway
• Block access to everything else
• Lots of work, hard to maintain as remote access
  needs change

28
SSL VPNs

• No client just use browser with SSL
• Employee remote access is to something new
• Employee extranet with Web portal
• A.K.A. Web front ends to only and exactly what
  remote workers need
• Limits access without network engineering
• One-box solution, or in conjunction with Web
  server
• Vendor will be happy to help you set up the
  portal!
• Unclear how Internet-attached laptop is protected
• Can you count on the user to launch the PC
  firewall?
• The whole point was its transparent to the user!

29
SSL VPN Problems

• If it isnt available as a Web-based application,
  then it isnt available
• Email special-cased with plug-in
• Support a new application by Web-enabling it
• If I havent done so by now, I wont want to do
  it just for remote access
• Support a new application with SI effort
• Vendor will be happy to use their extensible
  adaptor architecture to develop you a custom
  addition to the software in their gateway box

30
How to do RAS Unwisely

• VPN STTD 1 use IPsec-based remote access VPNs
  and expect users to like and obey the security
  policy
• VPN STTD 2 use SSL VPNs and expect that nobody
  needs remote access to non-Web applications
• VPN STTD 3 ignore threats to laptop from
  Internet connection

31
How to be Somewhat Wiser

• Dont expect transparency
• RA-VPNs together with PC firewall
• Substantial desktop support
• Reliance on user auditing?
• SSL VPN only for light RA users
• SSL VPN and IPsec VPN for some users
• SSL VPN is enough sometimes but not always
• Firewall to limit access from IPsec gateway
• Recognize that this is way more work than it
  should be!

32
RA VPN Discussion Points

• What would a more usable approach be?
• How to avoid reliance on end user remembering to
  do things right?
• How to account for the machine sometimes

33
Wireless LAN Security

• WLAN used in enterprise network
• to avoid wiring desktops
• to provide access in shared work areas
• Security requirements
• Prevent effective RF eavesdropping
• Between PC and Access Point (AP)
• Authenticate session requests
• Maybe perform access control
• Maybe provide some kind of guest access
• Dont prevent one laptop from being able to move
  from session with one AP to another AP

34
WLAN Security Solutions

• WEP is useless for enterprise security
• Successor standards no better
• Perhaps the next will be better in the meantime
  
• RA VPNs can be used
• Few people will put up with their skanky old VPN
  clients barrier to truly local services
• Wireless switch vendors proprietary security
• Cisco Aeronet proprietary AP security
• What would an effective look like?

35
Thank You!

• Feel free to follow up with later questions
• john_at_sebes.com
• What other topics might be good to think about
  for a future session?