defense solutions division - dsei 2021 · 2021. 2. 25. · air data computers (x2) standby flight...

1 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright

Defense Solutions Division

Cybersecurity for the Warfighter

Paul HartChief Technology Officer & Technical Fellow

Curtiss-Wright Defense Solutions

[email protected]

https://www.linkedin.com/in/paul-hart-9829569/

mailto:[email protected]



Blue Screen

The misery of the computer virus



Blue Screen

…but what about the digital battlespace?


Attack Surface Example

USB

WiFi

Ethernet

PC Interfaces to the outside world


Attack Vectors: Spear-Phishing email

If it looks too good to be true, it probably is too good to be true !


Cyber Attack Surfaces & Vectors - Generic Computing Architecture

Processor

ROMNOR Flash

RAMSDRAM

SSDSolid State Drive

BIOS

Input-Output (I/O)Graphics

Clock

Pow

er S

uppl

y


Cyber Attack Vectors – Types of Malware (Malicious Software)

Processor

ROMNOR Flash

RAMSDRAM


BIOS


Clock

Pow

er S

uppl

y

Trojan horses Backdoor software

• “Congratulations! Click here

to claim your prize”

• Software updates,

evaluation versions

Keypress loggers –

passwords, emails..



Processor

ROMNOR Flash

RAMSDRAM


BIOS


Clock

Pow

er S

uppl

y

Viruses Malware that needs to attach

itself to other programs to

execute

Self replicating

Difficult to track

Ransomware



Viruses Malware that needs to attach

itself to other programs to

execute

Self replicating

Difficult to track

Ransomware



Processor

ROMNOR Flash

RAMSDRAM


BIOS


Clock

Pow

er S

uppl

y

Worms Self-executing code – do not

need victim application to run

Self-replicate

Track activity on networks to

return information to originator

Stuxnet

Ethernet Switch



ROMNOR Flash


BIOS


Clock

Pow

er S

uppl

y

Spectre & Meltdown Published in 2018

Hardware based cyber

attack

Used modem processor

pipeline to infer values of

privileged data based on

timing

Processor

RAMSDRAM


Defense Electronics – Embedded Computing

Combat Net Radio

= Software Defined Radio


Defense Electronics – Embedded Computing

Synthetic Vision System


How many computers?

HUMS

Health & Usage Monitoring System

WXR

Weather Radar

Air Data Computers (x2)

Standby Flight

Display System

Avionics Interface

Devices

Flight Data Acquisition

Flight Data/Cockpit Voice Recorders

SATCOM

SATellite COMmunication

RNAV Area Navigation Processors

VOR/DME/ILS/NDB

Fuel Quantity Indication Systems x2

Radio

Altimeter

IMA

Integrated Modular

Avionics

ADS-B

Extended Squitter Automatic

Dependent Surveillance-BroadcastHTAWS

Helicopter Terrain

Awareness and

Warning System

FCC

Flight Control

Computers x3

Mission Computers x2

Central

Maintenance

Computer

Engine FADEC x2

Full Authority Digital Engine Control

Airborne Intercept Radar

V/UHF Radio Communication

Degraded Visual Environment

/ Synthetic Vision System

HF

Radio

VDL Mode 2 Communications equipment

Mode S Aircraft Data Link Processor

Fire Detection SystemEFIS

Electronic Flight

Information Systems

EICAS

Engine Instrument and Crew

Alerting Systems

Ice

Detection

System

Rotor Ice Protection System

Embedded

GPS/INS x2

Helmet Mounted Display /

Night Vision Goggles x3

Electronic Support

Measures

AFCS

Automatic

Flight

Control

Systems

FLIR - EO/IR Turrets

Electro Optic/Infra Red

Moving Map

Display

Power Line

Detectors

Mode C/4A

Transponders x2

Radar Warning

Receivers

Missile Approach

Warning System

DIRCM

Directed InfraRed CounterMeasures

60


How many computers?

HUMS

Health & Usage Monitoring System

WXR

Weather Radar

Air Data Computers (x2)

Standby Flight

Display System

Avionics Interface

Devices

Flight Data Acquisition

Flight Data/Cockpit Voice Recorders

SATCOM

SATellite COMmunication

RNAV Area Navigation Processors

VOR/DME/ILS/NDB

Fuel Quantity Indication Systems x2

Radio

Altimeter

IMA

Integrated Modular

Avionics

ADS-B

Extended Squitter Automatic

Dependent Surveillance-BroadcastHTAWS

Helicopter Terrain

Awareness and

Warning System

FCC

Flight Control

Computers x3

Mission Computers x2

Central

Maintenance

Computer

Engine FADEC x2

Full Authority Digital Engine Control

Airborne Intercept Radar

V/UHF Radio Communication

Degraded Visual Environment

/ Synthetic Vision System

HF

Radio

VDL Mode 2 Communications equipment

Mode S Aircraft Data Link Processor

Fire Detection SystemEFIS

Electronic Flight

Information Systems

EICAS

Engine Instrument and Crew

Alerting Systems

Ice

Detection

System

Rotor Ice Protection System

Embedded

GPS/INS x2

Helmet Mounted Display /

Night Vision Goggles x3

Electronic Support

Measures

AFCS

Automatic

Flight

Control

Systems

FLIR - EO/IR Turrets

Electro Optic/Infra Red

Moving Map

Display

Power Line

Detectors

Mode C/4A

Transponders x2

Radar Warning

Receivers

Missile Approach

Warning System

DIRCM

Directed InfraRed CounterMeasures

110

84

12

3

60

450

3570

7


Embedded Computing - Cyber Security

Non-IT Environment

“Air Gapped”

Locked-down System

Operate on power up: • No “Ctrl-Alt-Del”

• No Password

• No Shutdown


Voice Communication & Datalinks – Where Cyber meets EW

Cyber Attack Electronic Warfare

MalwareMalformed

Messages

Random

Data

Physical

DestructionJamming

Deceiving

Information

Systems

Denial of

Service

Remote attacks

via defined

interfaces

Remote attacks via

electromagnetic

energy


Data Security – ELINT & Mission Planning

Mission

Planning

Waypoints

Mission Profiles

ESM Threat Database

Sensor & Weapon Ranges

High Resolution Maps & Ground Imagery

Flight Management System –

Navigation Database

Terrain Awareness Warning

System (TAWS) database

Data Cartridge

Ethernet Port


Cyber Security – Software & Configuration Updates

Ethernet / Web-Server

JTAG PortJoint Test Action Group

New

Software

Version


Cyber Security – Supply Chain

Who is going to fix this?


Processor

ROMNOR Flash

RAMSDRAM


BIOS


Clock

BIOS

Boot Loader

RTOSReal-Time Operating System

Kernel

Applications

Secure Computing - Preventing Malware from being able to run

?

Q. If only the software could be locked down, encrypted. Is that possible?

A. No - problem is that encrypted code cannot execute


BIOS

Boot Loader

RTOSReal-Time Operating System

Kernel

Applications

Processor

ROMNOR Flash

RAMSDRAM


BIOS


Clock

Solution – Authenticate the Code – “Establishing a Root of Trust”

Crypto Processor

TPMTrusted Platform Module

Secure Hash AlgorithmsSHA-2 SHA-384 SHA-512


Basics of Encryption - Symmetric Key Encryption

Encryption key used to lock the box

Data Data

Same key to unlock the box


Basics of Encryption - Symmetric Key Encryption

Encryption key used to lock the box

Data Data

Same key to unlock the box

Key management becomes issue for multiple users

Increased chance of keys being intercepted by malicious players who could then decrypt data


Basics of Encryption - Asymmetric Key Encryption

Public key used to lock the box, but cannot unlock it when closed

= Encrypt data

Data Data

Private key – kept secure - can unlock the box

= Decrypt data



Data Data

Multiple Public Keys can be issued

Less concern if Public Keys are compromised


= Encrypt data


= Decrypt data



Data Data


= Encrypt data


= Decrypt data

PKIPublic Key Infrastructure

Public Key Encryption


AES256 Encryption – Number of key combinations

2256

115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936

78 digits

2x2x2x2x2x2x2x…..256 times =


AES256 Encryption – Number of key combinations

2256

115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936

2x2x2x2x2x2x2x…..256 times =


More terminology: Plaintext and Ciphertext

Hope you are enjoying

DSEI 2019. Be sure to

visit the British Museum

while you are in London

Plaintext Ciphertext Plaintext

Encryption Decryption

a.ka. Red Data a.ka. Black Data





Xgscf r(pq$itvj ;jh;lk jsdh

gn;p6/o ijgkg j[0 h#omnjV

5-47 9 gakj ]mu I U[P]-

9_(u “¬g}_* Bf64&^32


Security of Data-At-Rest



Applications Electronic Intelligence - ELINT

Communications Intelligence – COMINT

Frequency Schedules

Mission Planning

Threat Libraries

Software Updates

Standards

Federal Information Processing Standard

FIPS 140-2

Common Criteria

International Common Criteria


Security of Data-In-Motion

Definition: Data-In-Motion = Communication/Voice over IP (VoIP), Video Streaming, Messaging, Email..

Data Data

Public key - Encrypts Private key – Decrypts




Threat: Message interception. Denial-of-service

Data Data





Threat: Message interception. Denial-of-service

Data Data

Problem: Public Key Encryption used for Data-At-Rest is too slow for Data-In-Motion

Reason: Private Key Decryption Algorithms are “computationally heavy” = processing latency




My

Computer

Dave’s

Computer

IP Address151.101.65.121

IP Address210.45.234.347

Internet

Internet Service Provider


My company network

Dave’s company network











My

Computer

Dave’s

Computer

IP Address151.101.65.121

IP Address210.45.234.347

Internet

Destination IP AddressSource IP Address <1570 bytes data



My company network










Message split into Ethernet packets and

routed from Source IP to Destination IP

address via Switches/Routers, Servers &

Internet Service Providers


Introducing the Session Key …..a random number

2256

115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936


Only the Session Key can Encrypt & Decrypt data

Destination IP AddressSource IP Address <1570 bytes data – Plain Text

Destination IP AddressSource IP Address <1570 bytes data – Cipher Text

Symmetric Session Key

used to encrypt data

Session Key is deleted after

message has been sent

Cipher Text is essentially

a random number


Session Key = Secure Networking

My

Computer

Dave’s

Computer

IP Address151.101.65.121

IP Address210.45.234.347

Internet



My company network


Any intercepted message is just random data



Q. But how is the data decrypted?

My

Computer

Dave’s

Computer

IP Address151.101.65.121

IP Address210.45.234.347

Internet



My company network


Any intercepted message is just random data



Q. How is the data decrypted? A. Encrypt the Session Key


Step 1: The Public Key is used to encrypt the randomly generated Session Key to create the Encrypted Session Key

Step 2:

The Encrypted Session Key is transmitted

to the recipient separately from the data

Step 3: The Private Key is used to decrypt the Encrypted Session Key is recreate the Session Key and decrypt the data



Applications Data Communication

• Voice over IP

• Full Motion / Streaming Video

• Data files – documents, photographs

Configuration Data

Software/Cyber updates

Standards

IP SEC

MAC SEC

Transport Layer Security


Thanks for listening! Any questions?

Curtiss-Wright

Stand: S10-120

Paul HartChief Technology Officer & Technical Fellow

Curtiss-Wright Defense Solutions

[email protected]

https://www.linkedin.com/in/paul-hart-9829569/

Secure Computing

Encryption

Continual Threat Assessment

Coming soon:

• AI & Machine learning threats

• Quantum Computing threats

Public

Private Session

Encrypted Session

mailto:[email protected]

defense solutions division - dsei 2021 · 2021. 2. 25. · air data computers (x2) standby flight...

Documents