halvar flake: why johnny can’t tell if he is compromised
DESCRIPTION
Halvar Flake - Keynote to Area41 2014TRANSCRIPT
![Page 1: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/1.jpg)
Why Johnny can’t tell if he is compromised
...and what you can do about it.
Keynote Area412nd of June 2014, Zurich, Switzerland
[email protected]://goo.gl/3NphRw
![Page 2: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/2.jpg)
Robert Morris Sr.Fundamental rules for IT security - a cynical
view from more than 20 years ago:
Do not own a computerDo not power it on
Do not use it
Situation does not seem to have gotten better
![Page 3: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/3.jpg)
Hacking is addictiveTransitive trust relationships everywhere
Start to hack almost anywhere - compromise boundary grows exponentially
Only limit: Size of net, admin infrastructure
![Page 4: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/4.jpg)
The nowAll major nation states / global powers want to
have “dominance”
Almost nobody is any good at defense
In the limit: Everything compromised (or on compromise boundary) by multiple parties
![Page 5: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/5.jpg)
What does compromise mean?
Somewhat fuzzy concept
Installing malware is clearly a compromise
Illicitly obtaining authentication credentials is also a compromise
Compromise is about “control”
![Page 6: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/6.jpg)
Ownership vs. possessionLegal distinction between ownership and
possession of an object
I am the owner of my car, even if I have lent it to a friend and it is not in my possession
Networked computing devices have a third dimension: “Control”
![Page 7: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/7.jpg)
Possession vs. controlNeither possession nor ownership of a
networked computing device imply control
Being hacked is loss of control without change of ownership or possession
“Getting 0wned” = loss of control over your own computing infrastructure
![Page 8: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/8.jpg)
Who is in control?Establishing who is control of your computer is
nearly impossible
This talk: Exploration of all the ways we can’t tell if we are in control, and how to fix it.
![Page 9: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/9.jpg)
Given a computer ...… try to establish who is in control
For the exercise: Assume WindowsWhere to start ?
All highly-privileged code is in control
Code running with user privileges is partially in control
![Page 10: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/10.jpg)
Control and softwareClearly, someone else is in control (third-party
OS, various bits of third-party software)
This is OK - we have decided to trust these third parties and say “yes” to their software
We trust (some) software vendors to not backdoor us intentionally
![Page 11: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/11.jpg)
Baseline checks
Verify signatures on all userspace
binaries
Verify signatures on all kernel
space binaries
Verify signatures on all BIOS
components
Verify signatures on all device firmwares
Verify signatures on the Intel ME
code
Verify that the signers know about their
signatures
Verify origin of privileged scripts
![Page 12: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/12.jpg)
Check 1: Userspace CodeProblem: Vendors don’t sign their executables
Problem: If they do, they don’t sign their DLLs
Problem: If they sign both executables and DLLs, they don’t sign executable extensions
Problem: 100+ trusted root CAs?
![Page 13: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/13.jpg)
Baseline checks
Verify signatures on all userspace
binaries
Verify signatures on all kernel
space binaries
Verify signatures on all BIOS
components
Verify signatures on all device firmwares
Verify signatures on the Intel ME
code
Verify that the signers know about their
signatures
Verify origin of privileged scripts
FAILURE
![Page 14: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/14.jpg)
Check 2: Kernel CodeNumber of CAs that can sign drivers much smaller
than user-space
Irrelevant: Attacker use signed driver with known vulnerability to bootstrap code
Failure to sign userspace means failure to sign kernel space
Not theoretical: Uroburos
![Page 15: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/15.jpg)
Baseline checks
Verify signatures on all userspace
binaries
Verify signatures on all kernel
space binaries
Verify signatures on all BIOS
components
Verify signatures on all device firmwares
Verify signatures on the Intel ME
code
Verify that the signers know about their
signatures
Verify origin of privileged scripts
FAILURE FAILURE
![Page 16: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/16.jpg)
Check 3: BIOS CodePer-vendor code signing (DELL, HP etc.)
No public documentation or third-party analysis about the way this works
No way for third parties to verify signatures
Even if possible to verify, can’t read relevant regions
![Page 17: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/17.jpg)
Baseline checks
Verify signatures on all userspace
binaries
Verify signatures on all kernel
space binaries
Verify signatures on all BIOS
components
Verify signatures on all device firmwares
Verify signatures on the Intel ME
code
Verify that the signers know about their
signatures
Verify origin of privileged scripts
FAILURE FAILURE FAILURE
![Page 18: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/18.jpg)
Check 4: Device FirmwaresHDD controllers: Nobody knows how to verify
code inside, but we know attackers can backdoor them
GPU firmware: People are flashing them for overclocking, no way to do third-party validation
Completely stranded
![Page 19: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/19.jpg)
Baseline checks
Verify signatures on all userspace
binaries
Verify signatures on all kernel
space binaries
Verify signatures on all BIOS
components
Verify signatures on all device firmwares
Verify signatures on the Intel ME
code
Verify that the signers know about their
signatures
Verify origin of privileged scripts
FAILURE FAILURE FAILURE
FAILURE
![Page 20: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/20.jpg)
Check 5: Intel MEARC core on modern mainboards that can execute signed Java applets etc
.
Communicates with host OS via PCI shared mapped region
Highly opaque, no way to verify code running in ME from host OS
![Page 21: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/21.jpg)
Baseline checks
Verify signatures on all userspace
binaries
Verify signatures on all kernel
space binaries
Verify signatures on all BIOS
components
Verify signatures on all device firmwares
Verify signatures on the Intel ME
code
Verify that the signers know about their
signatures
Verify origin of privileged scripts
FAILURE FAILURE FAILURE
FAILURE FAILURE
![Page 22: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/22.jpg)
Check 6: Stolen KeysAttackers have compromised software signing
keys and CAs in the past
People with software signing keys can silently “lose” them without this ever being noticed
There is no equivalent of “Certificate Transparency” for code signing
![Page 23: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/23.jpg)
Check 6: Stolen KeysAll PKI architecture assume an invincible CA
and invincible signers
Reality has shown that this is a wrong assumption
No way to verify if a file signed with a key was signed by the person the key was issued to
![Page 24: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/24.jpg)
Check 6: Stolen KeysAfter breaches of the last years, only safe
assumption is:
Code signing keys of many software vendors and CAs have been silently stolen
No good way of detecting this
![Page 25: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/25.jpg)
Baseline checks
Verify signatures on all userspace
binaries
Verify signatures on all kernel
space binaries
Verify signatures on all BIOS
components
Verify signatures on all device firmwares
Verify signatures on the Intel ME
code
Verify that the signers know about their
signatures
Verify origin of privileged scripts
FAILURE FAILURE FAILURE
FAILURE FAILURE FAILURE
![Page 26: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/26.jpg)
Check 7: ScriptsLots of interpreters run code with privileges on
your typical host
Javascript-based extensions to your browser
Java-based background tasks
Python and other interpreted languages
![Page 27: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/27.jpg)
Check 7: ScriptsNo good infrastructure exists to tie running
interpreted code back to the scripts from which it was compiled
No good way to determine where the code running inside java.exe or python.exe is coming
from
![Page 28: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/28.jpg)
Baseline checks
Verify signatures on all userspace
binaries
Verify signatures on all kernel
space binaries
Verify signatures on all BIOS
components
Verify signatures on all device firmwares
Verify signatures on the Intel ME
code
Verify that the signers know about their
signatures
Verify origin of privileged scripts
FAILURE FAILURE FAILURE
FAILURE FAILURE FAILURE
FAILURE
![Page 29: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/29.jpg)
Failure on all levelsGiven modern infrastructure, it is nearly impossible to determine if a machine is
compromised
It is also nearly impossible to “un-infect” a machine once it has been infected
What needs to change?
![Page 30: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/30.jpg)
Long-term viewProposed measures will take many years to
build
Fundamentally easy, though - no rocket science required
Hardest things to overcome: Organisational inertia, complacency, politics, broken incentive
structures, cost
![Page 31: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/31.jpg)
Step 0: Check trust
IT departments do not ask themselves enough questions about who they trust
Someone well-intentioned but securitywise incompetent will be the weak link that attackers
exploit
This applies to vendors and suppliers !
![Page 32: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/32.jpg)
Control and Power of attorney
Giving “control” over your compute infrastructure is the same as giving a delegable
power-of-attorney over your compute infrastructure to a third party
This encompasses trusting a CA, allowing auto-update of software, and much more.
![Page 33: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/33.jpg)
Control and Power of attorney
Legal departments are rightfully hesitant to issue powers of attorney to third parties
Delegable powers of attorney to random third parties are virtually unheard of
IT industry needs to learn from this
![Page 34: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/34.jpg)
Step 1: Undo CA proliferation
Trusting a code-signing CA is equivalent to a delegable power-of-attorney over your compute
assets
There are way too many code-signing CAs
Only trust a CA that you know very well - which at the moment will be none
![Page 35: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/35.jpg)
Step 2: Trust by-vendor
Most likely, arbitrarily delegable power-of-attorneys are a broken idea
Trust for executable code should be by vendor, not by CA
CA-based trust only for sandboxed web-pages / javascript
![Page 36: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/36.jpg)
Step 3: Update transparency
All software vendors roll their own update mechanism
Allowing someone to update software is also a delegatable power-of-attorney
Software updates need to come in standardized packages and via standardized
protocols
![Page 37: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/37.jpg)
Step 4: Signing transparency
Given likelihood of stolen signing keys, “code signing transparency” is needed
Vendors need to run a public ledger where they explicitly avow “yes, I have signed this binary”
Ideally with information about the exact SVN tag / git hash that was used to produce the
binary
![Page 38: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/38.jpg)
Step 4: Signing transparency
When signed file is encountered, public ledger can be checked
“Dear Vendor, are you aware that file XYZ has been signed with your key?”
Probably the only way to engineer “detectability of key theft” into our systems
![Page 39: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/39.jpg)
Step 5: Reduce firmware opacity
Firmware blobs for devices need to be readable by the main CPU without physical possibility of
interference from the device firmware
Purchasers of hardware need to insist on this transparency
They also need to realize they have a right to demand this
![Page 40: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/40.jpg)
Step 6: ME transparency
There is no excuse for a coprocessor on your mainboard whose code can’t be validated by
you from your main CPU
Purchasers of hardware need to realize that they have a right to demand transparency from
the code running on ME
![Page 41: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/41.jpg)
Step 7: Signed interpreters
In order to run a script with high privileges in an interpreter, the script needs to be signed and
the interpreter needs to be able to tie back the executable form to the original script
For non-privileged code (JS in a tight sandbox etc.) we may be able to make an exception
![Page 42: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/42.jpg)
Transparency vs. tamperproofing
Systems need to be engineered to be easily verified by the owner
Centralization of trust is a failed experiment, especially given government desire to
“dominate cyber”
Demand systems whose integrity you can verify
![Page 43: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/43.jpg)
Paradigm shift“Security” hardware has opted for more opacity
in the past
Fear of side-channel attacks, fear of physical attacks
Prioritized tamperproofing, sacrificed transparency and verifiability
![Page 44: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/44.jpg)
Paradigm shiftSide-channel and physical attacks are a lesser concern than remote attacks provided you are
in possession of your hardware
Remote attacks that you can never tell happened are the bigger threat
Re-prioritize verifiability
![Page 45: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/45.jpg)
Will this give us security?The proposed measures will not yield 100%
security
Will give defenders a fighting chance to deny persistence to the attacker
Will give defenders a fighting chance to detect compromised suppliers
![Page 46: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/46.jpg)
Will this give us security?Hopefully, this will force attackers into exploiting
& re-exploiting for persistence
Better software engineering can then slowly root out bugs
Move from cheap, stealthy mass compromise to individually tailored compromise: Costly
![Page 47: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/47.jpg)
How to pay for it ?
None of the proposed steps are “free”
None are terribly costly, either
Standardized software updating, better signing & verification will actually reduce IT
maintenance costs
![Page 48: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/48.jpg)
Stop buying snake oil?
Huge revenues are generated in our industry with colored appliances that only work as long
as the attacker hasn’t looked at them
Often, these boxes want to be dropped onto privileged points in your infrastructure
Just say no. Spend your money wisely.
![Page 49: Halvar Flake: Why Johnny can’t tell if he is compromised](https://reader036.vdocuments.mx/reader036/viewer/2022070319/55856129d8b42a78328b521c/html5/thumbnails/49.jpg)
Thank youQuestions?