Physical Layer Security - PowerPoint PPT Presentation

1 / 76
About This Presentation
Title:

Physical Layer Security

Description:

... Mobile Devices and Media Samsung Corporation banned employees ... catcher Tell mobile phone that it is a base station Cellphone jammer Transmit signals ... – PowerPoint PPT presentation

Number of Views:721
Avg rating:3.0/5.0
Slides: 77
Provided by: SupakornK1
Category:

less

Transcript and Presenter's Notes

Title: Physical Layer Security


1
Physical Layer Security
  • Lecture 2
  • Supakorn Kungpisdan
  • supakorn_at_mut.ac.th

2
Roadmap
  • Defending the Physical Layer
  • Attacking the Physical Layer

3
Defending the Physical Layer
  • The point at which protection should begin
  • Security Controls have three primary goals
  • Deter security lighting and Beware of Dog sign
  • Delay fences, gates, locks, access controls, and
    mantraps
  • Detect intrusion detection systems (IDSes) and
    alarms
  • Higher layers focus on preventing disclosure,
    denial, or alteration of information
  • Physical security focuses on intruders, vandals,
    and thieves

4
Physical, Technical, and Administrative Controls
5
Design Security
  • Design security should begin during the design
    phase, not at the time of deployment
  • Physical security of assets and employees should
    be considered when designing a new facility
    well-designed facilities are comfortable and
    secure

6
Key Issues of Design Security
  • Location
  • Construction
  • Accessibility and Transportation
  • Climatology
  • Utilities
  • Access Control

7
Perimeter Security
  • What to examine
  • Natural boundaries at the location
  • Fences or walls around the site
  • The design of the outer walls of a building
  • Divisions and choke points within a building
  • A series of mechanisms includes
  • Fences
  • Perimeter Intrusion Detection and Assessment
    Systems (PIDAS)
  • Security lighting
  • Closed-circuit television (CCTV)
  • Security guards and guard dogs
  • Warning signs and notices

8
Fencing
  • A fence with proper design and height can delay
    an intruder and work as a psychological barrier
  • A risk analysis should be performed to evaluate
    types of physical assets to be protected
  • 4-foot fence will deter a casual trespasser
  • 8-foot fence will keep a determined intruder out
  • Need to consider gauge and mesh size of the wire
  • The smaller the mesh, the more difficult it is to
    climb
  • The heavier the gauge, the more difficult it is
    to cut

9
Gauge and Mesh
16G with 50mm vs 25 mm mesh
10
Fencing (cont.)
11
PIDAS
  • Perimeter Intrusion Detection and Assessment
    Systems
  • PIDAS has sensors that detect intruders and feel
    vibrations along the fence
  • The system may produce false positives due to
    stray deer, high winds, or other natural events

12
Gates, Guards, and Ground Design
  • UL Standard 325 details requirements for fates
    with 4 classifications
  • Residential Class 1
  • Commercial Class 2
  • Industrial Class 3
  • Restricted Access Class 4
  • Bollards are made of concrete or steel and used
    to block vehicle traffic or to protect areas
    where pedestrians are entering or leaving
    buildings
  • Security guards need to have job references and
    be subjected to a background check
  • Web site operation and private investigators

13
Bollards
14
Gates, Guards, and Ground Design (cont.)
  • Dogs are loyal but can be unpredictable.
  • Dogs are restricted to exterior control and
    should be used with caution
  • Lighting can discourage criminals
  • Most standards list two candlefoot power as the
    norm for facilities using nighttime security.
  • Too much light causes over-lighting and glare. It
    may bleed over adjacent property
  • With CCTV, activities can be monitored live by a
    security officer or recorded and reviewed later
  • British government has installed over 1.5 million
    CCTV cameras
  • Warning signs or notices should be posted to
    deter trespassing

15
Facility Security
  • Anyone with physical access has the means and
    the opportunity to commit a crime
  • Least Privilege providing only the minimum
    amount of access that is required, and restricted
    non-authorized individuals from entering
    sensitive areas
  • Can achieve by examining windows, doors, locks,
    walls, access control, intrusion detection

16
Entry Points
  • Doors, windows, roof access, fire escapes,
    delivery access, and chimneys

17
Entry Points Doors
  • Door functions determine its construction,
    appearance, and operation
  • A door designed for security purpose is very
    solid and durable, with hardened hardware
  • Interior doors are made of hollow-core wood
    exterior doors are made of solid-core wood
  • Need to perform risk assessment on interior
    applications

18
Entry Points Doors (cont.)
  • Doors have fire rating with various
    configurations
  • Personal doors
  • Industrial doors
  • Vehicle access doors
  • Bulletproof doors
  • Vault doors
  • Must examine hardware used to install a door
  • Mantrap is designed so that when the outer door
    opens, the inner door locks

19
Doors (cont.)
Vault door
Bullet-proof door
20
Doors (cont.)
Vehicle access door
Industrial door
21
Mantrap
22
Entry Points Doors (cont.)
  • Automatic door locks fail-safe or fail-secure
  • Fail-safe (unlocked) state allows employees to
    exit, but also allows other unauthenticated
    access
  • Fail-secure (locked) configuration is when the
    doors default to being locked, thereby keeping
    unauthorized individuals out while also
    preventing access

23
Entry Points Windows
  • Alarms or sensors may be installed on windows
  • Window types include
  • Standard lowest security, least expensive,
    easily shattered (??????????)
  • Polycarbonate Acrylic more stronger than
    standard glass
  • Wire Reinforced adds shatterproof protection
  • Laminated similar to those used in automobiles,
    strengthen the glass
  • Solar Film provide moderate level of security
    and decrease potential for shattering
  • Security Film highest security

24
Walls (cont.)
25
Entry Points Walls
  • A reinforced wall can keep a determined attacker
    from entering an area
  • Walls should be designed with firewalls, and
    emergency lighting should be in place

26
Access Control
  • Access control is any mechanism by which an
    individual is granted or denied access
  • Many types include
  • Mechanical locks
  • Identity card technology

27
Access Control Locks
  • Warded locks and tumbler locks
  • Warded locks work by matching wards to keys, are
    cheapest mechanical lock and easiest to pick
  • Tumbler locks contain more parts and are harder
    to pick
  • Another type of tumbler lock is the tubular lock,
    which is used for computers, vending machines,
    and other high-security devices

28
Warded Locks
29
Access Control Locks (cont.)
30
Tumbler Locks (cont.)
31
Access Control Locks (cont.)
  • Three basic grades of locks include
  • Grade 3 The weakest commercial lock (designed
    for 200,000 cycles)
  • Grade 2 Light duty commercial locks or heavy
    duty residential locks (designed for 400,000
    cycles)
  • Grade 1 Commercial locks of the highest security
    (designed for 800,000 cycles)

32
Access Control Physical Controls
  • Network cabling
  • Select the right type of cable
  • Should be routed through the facility so that it
    cannot be tampered with
  • Unused network drop should be disabled all cable
    access points should be secured

33
Access Control Physical Controls (cont.)
  • Controlling individuals
  • ID cards with photograph of an individual
  • Intelligent access control devices contact and
    contactless
  • Contact access cards come with different
    configurations including
  • Active Electronic can transmit electronic data
  • Electronic Circuit has a circuit embedded
  • Magnetic Strips has a magnetic stripe
  • Optical-coded contains laser-burned pattern of
    encoded dots

34
Optical Card
35
Access Control Physical Controls (cont.)
  • Contactless cards function by proximity e.g. RFID
    (Radio Frequency ID)
  • Passive powered by RFID reader
  • Semi-passive has battery only to power microchip
  • Active battery-powered
  • Multi-factor authentication is recommended
  • Physical Intrusion Detection
  • Motion Detectors audio, infrared, wave pattern,
    or capacitance
  • Photoelectric sensors
  • Pressure-sensitive devices
  • Glass breakage sensors
  • Keep in mind that IDSes are not perfect

36
Intrusion Detection (cont.)
Photoelectric sensor
Motion detection sensor (photoelectric infrared)
Glass break sensor
37
Device Security
  • Device security addresses controls implemented to
    secure devices found in an organization
  • Computers, networking devices, portable devices,
    cameras, iPods, and thumb drives

38
Device Security Identification and Authentication
  • Identification the process of identifying
    yourself
  • Authentication the process of proving your
    identity
  • Three categories of authentication
  • Something You Know
  • Something You Have
  • Something You Are

39
Device Security Sth You Know
  • Passwords are most commonly used authentication
    schemes
  • Gartner study in 2000 found that
  • 90 of respondents use dictionary words or names
  • 47 use their name, spouses name, or a pets
    name
  • 9 used cryptographically strong passwords

40
Device Security Sth You Know (cont.)
  • A good password policy
  • Passwords should not use personal information
  • Passwords should be 8 or more characters
  • Passwords should be changed regularly
  • Passwords should never be comprised of common
    workds or names
  • Passwords should be complex, use upper- and
    lower-case letters, and miscellaneous characters
    (e.g. !, _at_, , , , , )
  • Limit logon attempts to three successive attempts

41
Device Security Sth You Have
  • Tokens, smart cards, and magnetic cards
  • Two basic groups of tokens
  • Synchronous token synchronized to authentication
    server
  • Asynchronous challenge-response token

42
Device Security Sth You Are
  • Basic operations
  • User enrolls in the system
  • User requests to be authenticated
  • A decision is reached allowed or denied
  • Accuracy of biometrics
  • Type 1 Error (False Rejection Rate FRR)
  • Type 2 Error (False Acceptance Rate FAR)
  • The point at which FRR and FAR meet is known as
    Crossover Error Rate (CER)
  • The Lower CER, the more accurate the system

43
Crossover Error Rate (CER)
44
Biometric
  • Finger Scan
  • Hand Geometry
  • Palm Scan
  • Retina Pattern
  • Iris Recognition
  • Voice Recognition
  • Keyboard Dynamics

45
Computer Controls
  • Session controls
  • System timeouts
  • Screensaver lockouts
  • Warning banners

46
Device Security Mobile Devices and Media
  • Samsung Corporation banned employees from using
    Samsungs cell phones with 8GB of storage
  • Sensitive media must be controlled, handled, and
    destroyed in an approved manner
  • Papers can be shredded strip-cut and cross-cut
    shredders
  • CD can be destroyed
  • Magnetic media can be degaussed
  • Harddrive can be wiped

47
Information Classification Systems
  • Government Information Classification System
  • Focuses on secrecy
  • Commercial Information Classification System
  • Focuses on Integrity

48
Information Classification Systems (cont.)
49
Information Classification Systems (cont.)
50
Communications Security
  • Communications Security examines electronic
    devices and electromagnetic radiation (EMR) they
    produce
  • Original controls for these vulnerabilities were
    named TEMPEST, now changed to Emissions Security
    (Emsec)
  • Newer technologies that have replaced shielding
    are white noise and control zones
  • PBX must be secure
  • Fax can be intercepted
  • Fax ribbons can be virtual carbon copy of
    original document
  • Solved by using fax server and fax encryption

51
Comm Security Bluetooth
  • To keep bluetooth secure, make sure
    bluetooth-enable devices are set to
    non-discoverable mode.
  • Use secure application to limit amount of
    cleartext transmission
  • It no bluetooth functionality is needed, turn if
    off
  • It can be configured to access shared directories
    without authentication, which open it up for
    viruses, trojans, and information theft
  • In 2005, AirDefense released BlueWatch, the first
    commercial security tool designed to monitor
    bluetooth devices and identify insecure devices
  • www.airdefense.net/products/bluewatch/index.php

52
BlueWatch
  • AirDefense BlueWatch can provide information such
    as
  • Identify different types of Bluetooth devices,
    including laptops, PDAs, keyboards and cell
    phones
  • Provide key attributes, including device class,
    manufacturer and signal strength
  • Illustrate communication or connectivity among
    various devices
  • Identify services available on each device,
    including network access, fax and audio gateway

53
802.11 Wireless Protocols
  • Retire WEP devices
  • Change default SSID
  • MAC filtering
  • Turn off DHCP
  • Limit access of wireless users
  • Use port authentication (802.1x)
  • Perform periodic site surveys and scan for rogue
    devices e.g. using Kismet
  • Update policies to stipulate requirements for
    wireless users
  • Use encryption
  • Implement a second layer of authentication e.g.
    RADIUS

54
Roadmap
  • Defending the Physical Layer
  • Attacking the Physical Layer

55
Attacking Physical Layer
  • Several techniques to attack physical security
  • Stealing data
  • Lock picking
  • Wiretapping
  • Hardware modification

56
Stealing Data
  • Abe Usher wrote a program called pod slurp to
    steal data from PC
  • Purpose of Slurp
  • To create a proof-of-concept application that
    searches for office documents that can be copied
    from a Windows computer to an iPod (or other
    removable storage device).
  • The point of this exercise is to demonstrate
    (quantitatively) how quickly data theft can occur
    with removable storage devices.
  • Method
  • Searches for the "CDocuments and Settings"
    directory on a Windows computer. It then recurses
    through all of the subdirectories, discovering
    all of the documents (.doc, .xls, .htm, .url,
    .pdf, etc.) on the computer that it is running
    from.

57
How to Use Slurp
  • Step 0
  • Stop the iPod Service in Windows (if iPod
    software is installed and running).
  • Step 1
  • Unzip slurp.zip
  • Step 2
  • Copy the entire "slurp-audit" directory to your
    removable storage device (iPod, external hard
    drive, etc.)
  • Step 3
  • Run the application file "slurp-audit.exe" and
    watch it find all of the business files. After
    it is complete, check the report.html file to
    find out what files could have been copied to an
    iPod or USB thumbdrive.
  • For more information, check http//www.sharp-idea
    s.net

58
Slurp
59
Slurp Report
60
Lock Picks
  • Basic components used to pick locks
  • Tension Wrenches small, angled flathead
    screwdrivers that come in various thicknesses and
    sizes
  • Picks small, angled, and pointed, similar to a
    dentist pick

61
Scrubbing
62
Lock Shim
63
Lock Shim (cont.)
64
Lock Shim (cont.)
65
Scanning and Sniffing
  • Phreakers are interested in making free
    long-distance calls
  • Free loaders intercept free HBO. Prevented by
    implementing videocipher encryption
  • Cordless phone were attacked by tuning the same
    frequencies other people to listen to active
    conversation
  • Solved by switching to spread spectrum
    technologies
  • 1st Gen mobile phones have been hacked by
    Tumbling
  • Modify Electronic Serial Number (ESN) and mobile
    identification number (MIN) after each call
  • Also vulnerable to cloning attack
  • Intercept ESN and MIN from listening to active
    calls

66
Scanning and Sniffing (cont.)
  • Attacks on 2nd Gen Mobile phones
  • International Mobile Subscriber Identity (IMSI)
    catcher
  • Tell mobile phone that it is a base station
  • Cellphone jammer
  • Transmit signals with same freq as cell phones
    preventing all communication within given area
  • Cellphone detector
  • Detect when a cell phone is powered on

67
Scanning and Sniffing (cont.)
  • Bluejacking allows an individual to send
    unsolicited messages over BT to other BT devices
  • Bluesnarfing is the theft of data, calendar
    information and phonebook entries

68
Tools to Attack Bluetooth
  • RedFang small proof-of-concept application used
    to find non-discoverable devices
  • Bluesniff a proof-of-concept tool for BT
    wardriving
  • Btscanner a BT scanning with the ability to do
    inquiry and brute force scans, identify BT
    devices in range
  • BlueBug exploits a BT security hole on some
    BT-enabled phones. Allows unauthorized
    downloading of phonebooks and call lists, sending
    and reading SMSs
  • Find those tools at
  • http//www.remote-exploit.org/backtrack_download.h
    tml

69
Attacking WLANs
  • Eavesdropping
  • Open Authentication
  • Rogue Access Point
  • DoS

70
Hardware Hacking
  • Hardware hacking is about using physical access
    to bypass control or modify the device in some
    manner
  • Sometimes it is called moding
  • Bypass BIOS password
  • Router password recovery
  • Prevented by issuing no service password-recovery
    command
  • Bypass Windows authentication

71
Example Modifying Bluetooth Hardware
  • Objective
  • To extend BT range

72
Example Modifying Bluetooth Hardware
1
2
73
Example Modifying Bluetooth Hardware
3
4
74
Example Modifying Bluetooth Hardware
5
6
75
To Read
  • Hack-The-Stack Page 70-84

76
Question?
  • Next week
  • Data Link Layer Security
Write a Comment
User Comments (0)
About PowerShow.com