Booby Trapping Boxes: Running Private Services as a High Value Target
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Serientitel | ||
| Anzahl der Teile | 322 | |
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/39708 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
00:00
VersionsverwaltungStolperdrahtZeitzonePunktStolperdrahtProgrammierumgebungMultiplikationsoperatorSchlüsselverwaltungStrategisches SpielGüte der AnpassungRechenschieberMetropolitan area networkVorlesung/KonferenzJSON
00:45
Nichtlinearer OperatorHackerHackerMereologieMetropolitan area networkComputerspielRechenschieberNotepad-ComputerBenutzerbeteiligungE-MailCoxeter-GruppeComputersicherheitPunktServerÜberlagerung <Mathematik>Familie <Mathematik>Nichtlinearer OperatorChiffrierung
01:32
QuaderChiffrierungComputersicherheitTelnetSchlüsselverwaltungTeilbarkeitsinc-FunktionMultifunktionSprachsyntheseGüte der AnpassungComputeranimation
02:14
ChiffrierungProgrammierumgebungComputersicherheitCodeComputerGrundraumHintertür <Informatik>HardwareComputeranimation
03:00
ATMBefehlsprozessorHackerModul <Datentyp>ComputersicherheitComputerPrinzip der gleichmäßigen BeschränktheitKryptologieInformationProzess <Informatik>StandardabweichungMultiplikationsoperatorEndliche ModelltheorieStolperdrahtHardwareInstant MessagingGebäude <Mathematik>Computeranimation
03:33
ComputerComputersicherheitPrinzip der gleichmäßigen BeschränktheitStandardabweichungProzess <Informatik>InformationKryptologieModul <Datentyp>LeistungsbewertungComputersicherheitHardwareMAPDigitales ZertifikatSoftwareProgrammierumgebungInformationMultiplikationsoperatorRadikal <Mathematik>Metropolitan area networkStandardabweichung
04:16
ProgrammierumgebungVirtuelle MaschineComputerKryptologieBlackboxComputeranimation
04:58
Projektive EbeneCoprozessorServerLineare OptimierungMobiles InternetPublic-Key-KryptosystemSechs
05:31
HardwareFlächeninhaltStellenringBrennen <Datenverarbeitung>Mailing-ListeComputeranimation
06:04
Faktor <Algebra>Nonstandard-AnalysisRouterServerExplosion <Stochastik>Elektronische PublikationFächer <Mathematik>FacebookCASE <Informatik>ServerRoutingXMLComputeranimation
07:01
ServerNonstandard-AnalysisHardwareRechenwerkRemote AccessTelekommunikationInterface <Schaltung>HardwareComputersicherheitMultiplikationsoperatorFirmwareVorzeichen <Mathematik>Reflektor <Informatik>DigitaltechnikServerHilfesystemURLComputeranimation
08:10
DigitaltechnikCASE <Informatik>Überlagerung <Mathematik>
09:11
PhysikalismusCASE <Informatik>Physikalisches SystemComputersicherheitQuick-SortDifferenteVorlesung/Konferenz
09:57
DialektServerProzess <Informatik>ForcingMinimalgradOrdnung <Mathematik>
10:46
Virtuelle MaschinePhysikalisches SystemZahlenbereichE-MailBimodulWärmeausdehnungWhiteboard
11:22
HardwareBitCASE <Informatik>WhiteboardProgramm/QuellcodeComputeranimation
11:54
Pell-GleichungBus <Informatik>EinsWärmeleitfähigkeitMereologieNichtlinearer OperatorE-MailInterface <Schaltung>Physikalisches SystemComputeranimation
12:28
PhysikalismusStichprobenumfangServerDifferenteTypentheorie
13:01
RechenwerkZusammenhängender GraphCASE <Informatik>DigitaltechnikExistenzaussageInformationFächer <Mathematik>BimodulMereologieProgrammierumgebungOrdnung <Mathematik>ZehnHardwareMultiplikationsoperatorServer
14:10
Lipschitz-StetigkeitRahmenproblemTypentheorieLeistung <Physik>ServerCharakteristisches PolynomKommandosprache
14:51
HauptplatineAblaufverfolgungFlächeninhaltInterface <Schaltung>Bildgebendes VerfahrenMikrocontrollerE-MailPersönliche Identifikationsnummer
15:26
Persönliche IdentifikationsnummerE-MailPhysikalischer EffektCodeTypentheorieExogene VariableRechter WinkelSkriptspracheAggregatzustandEinsZusammenhängender GraphVersionsverwaltungLesen <Datenverarbeitung>Computeranimation
16:22
PunktBitSoftwaretestRechter WinkelEinsGamecontrollerServerCASE <Informatik>SoftwarewartungComputerGüte der AnpassungEindeutigkeitSummengleichungGeradeProgrammierumgebungPhysikalisches SystemFestplatteQuaderDatenflussUrbild <Mathematik>Exogene VariableNichtlinearer OperatorMultiplikationsoperatorRechenzentrumTrägheitsmoment
19:39
Prozess <Informatik>BitPersönliche IdentifikationsnummerMereologieMagnetbandlaufwerk
20:21
SchlüsselverwaltungVersionsverwaltungPhysikalisches SystemGruppenoperationBimodulSkriptspracheRepository <Informatik>Computeranimation
20:53
ThreadServer
21:28
InformationE-MailATMChiffrierungWurm <Informatik>IterationMagnetkarteVersionsverwaltungMetropolitan area networkDigitale PhotographieCASE <Informatik>MusterspracheZweiLeistung <Physik>FeuchtigkeitMooresches GesetzTypentheorieHalbleiterspeicherProgrammierumgebungTermPasswortGüte der AnpassungPhysikalisches SystemEinfache GenauigkeitEinfügungsdämpfungMini-DiscNichtlinearer OperatorBootenFestplatteBitGrundraumSkriptspracheGruppenoperationZusammengesetzte VerteilungDreiecksfreier GraphKonfiguration <Informatik>Minkowski-MetrikInformationKategorie <Mathematik>MultiplikationsoperatorFunktion <Mathematik>GradientProjektive EbeneDefaultWhiteboardUnternehmensarchitektur
26:51
BitPatch <Software>Natürliche ZahlSoftwarePhysikalisches SystemBimodulChiffrierungRoutingSystemprogrammBlackboxLeistung <Physik>Flash-SpeicherCodeVorlesung/Konferenz
28:11
MultiplikationsoperatorTermZustandsmaschineEreignishorizontPhysikalisches SystemSoftwaretestData MiningHackerMAPProxy ServerReflektor <Informatik>Aggregatzustand
29:12
Zusammengesetzte VerteilungTypentheorieEreignishorizontLastLeistung <Physik>DifferenteRankingBootenSoftwaretestRechenwerkProxy Server
30:11
Digitale PhotographieHalbleiterspeicherDichte <Stochastik>Physikalisches SystemHauptplatineWhiteboardLeistung <Physik>
30:45
MultiplikationsoperatorRichtungQuellcodePhysikalisches SystemMereologiePlastikkarteHalbleiterspeicherLeistung <Physik>TermStörungstheorieProgrammierumgebung
31:41
Persönliche IdentifikationsnummerIntegralDigitaltechnik
32:14
HardwareLeistung <Physik>MAPPhysikalisches SystemChiffrierungDatenverwaltungUmwandlungsenthalpieWhiteboardStrömungsrichtungBootenHalbleiterspeicher
33:01
ExistenzsatzBroadcastingverfahrenNetzadresseFirmwareDomain <Netzwerk>Gamecontroller
33:43
DefaultEinsE-MailServerProgrammierumgebungComputersicherheitVirtuelle MaschineLeistung <Physik>InternetworkingSoftwaretestWebcamVerschlingungBitPhysikalisches SystemDigitale PhotographieHardwareSoftwarewartungMAPBimodulCASE <Informatik>Bildgebendes VerfahrenBitrateRouterDatenfluss
36:57
HardwarePrivate-key-KryptosystemElliptische KurveChiffrierungPrinzip der gleichmäßigen BeschränktheitATMComputersicherheitSchlüsselverwaltungFestplatteHash-AlgorithmusKette <Mathematik>KryptologieQuantencomputerZufallsgeneratorAlgorithmusÜberlagerung <Mathematik>Streaming <Kommunikationstechnik>Konfiguration <Informatik>GraphiktablettProtokoll <Datenverarbeitungssystem>PolygonPublic-Key-KryptosystemPhysikalismusp-BlockRelativitätstheorieMini-DiscSkriptspracheFlächeninhaltVerschlingungOrdnung <Mathematik>ServerInformationPunktLoginSoftwarewartungRechter WinkelAdvanced Encryption StandardPerspektiveHackerImplementierungHalbleiterspeicherÄußere Algebra eines ModulsDatensatzMultiplikationsoperatorMathematikStromchiffreVorlesung/Konferenz
Transkript: Englisch(automatisch erzeugt)
00:00
All right, good morning. I say good morning because I know by this point in DEFCON, we're better off using the same time zone as Tokyo, which makes this about 7 AM. So thank you for getting out of bed. The good news is we have an interesting topic ahead. We'll get to spend the next hour talking about boobies. Or more specifically, strategies
00:23
designed to protect an execution environment from manipulation with a specific eye towards ensuring cryptographic keys can't be exfiltrated via physical access. Try three times fast. Hey, good morning. Oh, man.
00:41
There we go. Yeah, I tried to change the slide over here, and Google was asking me for a question. Your presenters today are myself, Ladar Levison, and. I'm Honimbo. Honimbo tales. What we're going to be talking about
01:01
are essential skills for life in the world of 1984, where the maids can't be trusted and your big brother is out to get you. For my part, I'm the operator of Lavabit, an encrypted email service. I'm a technological warlock, a corporate kingpin, and some would say a team linchpin. My assistant, Honimbo, is the proprietor
01:21
of Hacking and Coffee, and he enjoys robbing banks under the cover of darkness. Assistant, come on, man. I'm your web host at this point. I'm a little more than that. Let's talk about security. As an industry, I think we've come a long way.
01:40
Speaking for myself, it's been a few years since I've seen anybody try to log into their box via telnet. One of the key factors pushing that security is encryption and its proliferation. Encryption is important because it provides a mathematical guarantee that the data can't be accessed without the corresponding key.
02:03
Of course, the problem is that as we've evolved, so have the attacks. Unfortunately, as good as we are at architecting and building secure systems, we still need a reliable and friendly environment to run our bug-free, ultra-secure code.
02:25
With encryption specifically, we've seen a new breed of attacks where all the security measures we put in place get passed simply via physical access. Now, there's a picture of an Altair because that was probably the last computer you
02:40
could look at and kind of understand how it worked on the inside. Before we go any further, we should talk about our assumptions. For our purposes, we're focused on targeted physical attacks, which means we're making the assumption there is no universal backdoor in x86 hardware.
03:03
As always, when it comes to assumptions, your mileage may vary. Unfortunately, we don't have time to cover it today, but it makes sense that if your threat model requires you to install booby traps in your hardware, you probably want to do to your IME as well.
03:25
For those of you who spent some time in this building, what we're talking about will look familiar. Essentially, we're talking about taking commodity hardware and modifying it to afford you some of the security guarantees provided
03:40
by FIPS level 4. So we can run our common criteria EAL 4 plus software in a secure environment. Unlike the actual FIPS level 4, our recommendations don't come with certificates from the government, though. If you aren't familiar with those standards, don't fret.
04:01
It only means you haven't spent much time working for the man. For those folks, I'll summarize by saying FIPS level 4 is what the State Department would use for a classified information terminal they have located in the basement of the American Embassy in Taylor. Someplace interesting like that, if a machine
04:22
can stay secure in an environment like that, is that the same computer would be worthy of being placed in a co-located facility and be safe from legal, extra legal, and illegal access, probably. There are plenty of commercial solutions available.
04:41
And they'll work great if you don't mind paying too much for five-year-old technology. Personally, I have a problem trusting black box crypto modules, particularly when the vendor's largest customer happens to be the government that you may be trying to protect yourself from. There's some notable open projects, the most notable
05:04
being ORW, as in 1984. And for those of you looking for a secure solution to place at home just to protect your Monero private key, that might be a good way to go. Unfortunately, running a service like Lavavit takes a few more MIPS than a sixth-gen mobile processor
05:22
can give you. Unfortunately, even if that was enough, unfortunately, their rack solution leaves something to be desired. So I decided to go with commodity hardware. And while I have my concerns about Dell, it's easy to find warehouses that let you pay cash
05:40
and carry away the equipment. It's always good to purchase your gear anonymously. As a tip, if you have trouble finding a local vendor, try searching eBay for sellers selling what you want in your local area. Odds are, if they have multiple listings,
06:00
they're simply a vendor with a warehouse full of gear. More than happy to sell it to you. Whoa, am I? If you're a high-value target, I'd certainly recommend against ordering equipment online and having it shipped.
06:21
You never know what can happen to it in route. In case you didn't catch the subtext in this note, Apple even has problems with their servers being intercepted and modified during shipping. If the largest company in the world can't do it, what chance do we have? Interesting factoid.
06:42
If you look at the SEC filings for Intel, you'll find out that three of their biggest customers for custom x86 chips are the NSA, Google, and Facebook. Makes you wonder what customizations they're having done to their particular chips. If there are any FOIA fans in the audience, they may want to go after those details.
07:04
Be sure to pick a commodity hardware vendor with a reasonably robust and competent security team. So you could probably meet a big portion of the security team here, and you can make your own judgments about whether or not they're competent. You also want to look for one that's
07:21
going to use signed firmware updates and will continue to publish firmware updates for some time after you purchase the hardware. Unfortunately, when it comes to commodity hardware, most servers do ship with tamper detection circuits, but they tend to be rudimentary and thus easy
07:42
to bypass. It doesn't help that their location is known in advance. That's one of the benefits to the do-it-yourself approach. You can randomize the location, even add a reverse switch. To demonstrate just how easy it is to bypass these tamper detection circuits,
08:01
Honimbo is going to demonstrate on this R710. So we need some volunteers in the audience who can see the front LED and tell us if he manages to trip the circuit. The trick, in this case, is to take the shim and go through the regulatory label hole
08:23
in the top of the case, find the tamper circuit, depress it. They said it would be fast. You may have had a malfunction earlier.
08:46
You know that always helps. Who's got something? Hey, you try getting up in front of 1,000 people at 7 in the morning and doing this. Yeah, I did.
09:03
Once you have the tamper circuit depressed, you can lift the top cover and remove the case,
09:28
remove the lid, giving you access to all sorts of different ways of attacking the system, most notably being those exposed JTAG ports.
09:44
Moving on, if you think about security as an absolute where something is either secure or it isn't, then you're going about it all wrong. I like to think about security in the same way physical safe manufacturers do. The first and most important job of a safe
10:01
is to defend against spoofed access. If you can break into the safe without leading a trail, like by using this particular dialing that was demonstrated last year, the safe has failed. So our first mission in modifying our servers was to ensure that nobody could access them without us knowing.
10:25
The second consideration is the degree of difficulty that an attacker would need in order to brute force their way past the locks. Presumably, with a physical safe, it's a blowtorch. With our approach, it's the same thing.
10:41
And the goal is that the amount of force and heat required to remove our modifications is sufficient to destroy the machine. Thus, accomplishing our goal. To continue, I'm going to turn the mic over to Honimbo, who's going to talk about how we made those modifications.
11:07
The first thing to know about all of these Dell systems is there's a very large number of debug headers, expansion modules available on these boards. Some of these are for legitimate things for businesses.
11:21
You've got your iDRAC. You've got your various OpenManage. You've got ... ... ... whatever hardware you end up with, and you've got to do a little bit of engineering. In our case, we took the little bit messy approach for some of this. So some people may recognize this PC7 epoxy that we go through a lot of the boards.
11:42
So anything that can't be physically removed from the board, we basically ... ... to remove it that they're not going to be able to practically do it while the sensors are still in place. So all over ... ... the things that we also do connectors.
12:00
So these whole sides of the chassis all for ... ... are unfortunately very easy spots to pick probes through. And with those probes, there are various things like the front header of the USB bus on the underneath the front bezel. And part of this is not just debug interfaces, but the ones that you're actually using to conduct operation you have because there's only so much
12:23
that you can actually turn off and still have a working system. The PCI risers, we just went ahead and go for that and just wear some gloves, take skin off. I know this the hard way. One thing some people may notice, I have some very cruddy solder joints on here. There's a reason for this is if someone were to start ...
12:44
... this switch, we ... the server fail off. So you may notice that we have a few different types of contacts here. For one, we have just a sample of a simple lever switch with a roller next to the original Dell chassis sensor. So we have a few different types.
13:01
Again, solder joints, this is really interesting. So we take advantage of the actual disassembly that's for these servers. In this case, assembly module inside of one of these Dell R710s. The fan module comes out as a big tray and we can pull out ... Oh, luckily for us, Dell had ... ... alerts.
13:22
We started doing is in modules, we edited a lot of our circuitry and sensors for some of the units. And part of this is, is that in order to get to the initial components, not only do you have to try and bypass our sensors, but at the same time, you've got the existing ... sensors that weren't even tamper intrusion working for you.
13:43
So all of these extra fans, the speed sensors, there are tons of diagnostic information that lets you know when something's wrong with your environment. Because inside of a co-location facility, any decent quality or data center, you know what the environment is and you take that ...
14:01
whether or not the airflow is starting to lessen that something's in the room with you, whether or not the temperature is really going up in a way that's not related to hardware. And it comes down to a lot of monitoring. I'd just like to add that bearing the ... in the assembly here, you'll notice the lip, which protects an attacker against an attacker
14:21
accessing it unless they go directly ... Which is ... Because they can't get the shim past this little lip here. It's important to take advantage of the natural characteristics of your particular server when deciding where to place it. So we take advantage of that from the top, but also we actually will modify the frame as well.
14:42
One thing to drill to the top ... and risk that ... power supply causing some kind of faults, which is nice enough to do this with various types of equipment, from a drill on the ... fiber laser on the government side. But going through the actual motherboard on the bottom, you're getting into the SATA buses that run underneath the particular area that we chose.
15:02
And you're getting into a lot of other interfaces where if you started drilling through, it's going to be very, very difficult to get to those sensors. Take advantage of everything from your traces to your layout, just how tiny you can get these little microcontrollers in place. So we use the internal headers for connecting up our equipment rather than running it back out, obviously.
15:21
And we just slathered everything on there. And you may notice we explicitly did not use pin headers. Again, just very, very cruddy solder joints in this epoxy. As a lot of people, like myself, challenge here know is that it's very easy to make a mistake and cause something to slip. And we want to take advantage of that, where a minor slip that normally wouldn't trigger
15:42
a trigger will cause damage. As again, failing off is exactly what we want. And when you get to the code that we have available right now, it's currently in its older state. It's just a simple Arduino script that's currently up. We're uploading our new version of this talk. And we've since added tilt sensors. We've added other types of contact sensors besides shown.
16:04
And one of the ones that we're actually working on right now is a challenge response NFC tag inside of some of the components. And with that, you'll actually be able to authenticate, not just a little magnetic read sensor, but the particular tag inside of the chassis being used.
16:24
We're doing great on time, so keep talking. So when we get into these challenge response systems in the box village just next door, you will notice a lot of people just bring magnets and bypass the sensors directly. One of the unique things that you can get away with when you get into the DIY approach is,
16:43
you can have sensors that aren't documented outside of your own design. So we actually can have unique tags per contact point inside of this chassis, on top of the more traditional methods. Because in a certain environment, you may be able to get the NFC signal out reliably.
17:01
For practical purposes, these servers might as well be Faraday cages, as well as they're well-grounded. If someone were to try and tamper with the power supply to try and damage that, you have another Dell sensor that has a potential to kick in. And with this environment, you also have some other interesting approaches you can take.
17:21
So we actually also control the server cabinets as well. And with control of the server cabinets, you know whether or not someone's supposed to be doing maintenance or whether or not someone's opening your doors to try and get access to the fiber line that's running into it. And it actually, this is where you get to a little bit of the balance act that you have to do,
17:40
is that it is very easy to shoot yourself in the foot with these sensors. So- And test, pro tip, test your switches before you install them. Yes, test your switches before you install them. The hard drives that were originally going to come here succumb to that. The other thing to test is not just whether or not
18:03
your own, the individual server sensors work, but whether or not what you're sensing for the environment as a whole is not going to just come back to bite you. So overall, any operation, any home lab, any rack in a data center, it's gonna need maintenance. So if I were servicing this box right now, I could easily just shut off the sensors
18:22
from the servicing purpose, lock the data, do whatever is necessary. But what about the server above and below? Well, the contact sensors won't be an issue, but let's say you start adding in things like various motion, tilt, and one of the more interesting ones to play with is light sensors. You have to maintain good air flow through your server still,
18:41
so such sensors become very effective at detecting anything in your environment that's changed, but at the same time, you have to make sure the servers are still functional and what you can actually block off. The tilt sensors are actually one of the ones that we found the most problematic, as those server racks in particular, if you're not fortunate enough to have the ones anchored to the ground,
19:02
will vibrate quite a bit when unracking the server beneath it and promptly lock or erase everything. Yeah, I can take over. Yeah, the great thing about those ball-bearing tilt sensors is that if somebody tries to pull the server out
19:21
on its rails, the tilt sensor will get switched from the movement, the inertia. So, try drilling a hole in the top of a case when you've got two other computers on top of it that are equally protected. Like I said, it's about taking advantage of your environment.
19:40
I wanted to talk about briefly how you go about building these particular modifications. It's a pretty simple process, takes a little bit of practice, but it involves purchasing switches like this along with some ribbon cables. You solder it to the two pins,
20:04
mount it in your chassis in various parts, and then wire everything back to the port on this little Arduino, which we protected with electrical tape
20:21
to keep it from grounding. And copious amounts of epoxy. And then, of course, epoxied it in. You then connect that to your internal USB port, and you can use the Python script, the rudimentary version of it, which is in this repo, to monitor that Arduino and detect
20:40
when any of your switches or detection modules get tripped, and then choose to take the appropriate action. Presumably, if you have a fully encrypted system, it would be to shut down. Once you get all your modifications in place, one of the things we like to do,
21:04
oh, I didn't bring it, is use thread locker to ensure you can't even unscrew it. We didn't have the screw in this particular lid, but most of these servers have at least one optional screw that you can use.
21:22
Another great tip is to cover your joints with something like varnish, or my personal favorite, nail polish. The more glitter, the better. Sprinkle that on, take a photo of the glitter pattern, and if anybody tries to remove the case,
21:42
they won't be able to replicate the exact dispersion of the glitter. Poor man's holographic seals. Now, I'd like to talk a little bit about operational considerations when you're working in a high-thread environment,
22:01
and you have one of your sensors actually get tripped. One of the recommendations that I would make is to take advantage of the fact that Lux supports multiple key slots. I don't have a photo of it here, but you can see that it supports up to eight different passwords. All you need to do is write a little script
22:22
that when somebody enters the password in one of those high-numbered key slots, it wipes the slot. That way, if you need to tell somebody the boot password, they can type it in, and if that password were intercepted, they wouldn't be able to use it again.
22:46
We didn't talk about it earlier, but one of the reasons that we used PC7 Epoxy is because it has the right thermal and electrical properties. You wanna pick something that isn't going to create
23:02
a short circuit with your board, or trap the heat, and destroy the various chips that you're trying to protect. We also chose PC7 because it's incredibly difficult to remove, as he mentioned. Don't get it on your hands.
23:22
There are also other advantages, or things that you can take advantage of if you're not using enterprise-grade equipment. One of the things you wanna look for, for example, is ECC-registered memory. The reason being, it's incredibly difficult to remove ECC memory, and still read the information
23:44
off the chip after the system is shut down, because ECC memory, by default, cycles itself every time it powers on. You also wanna add things like this project, USB Kill,
24:04
which will detect if anybody inserts a USB drive into any of your ports, and can take appropriate action in that situation as well. Anything else we should cover?
24:22
Let me pull up my notes. I feel like I'm forgetting something important. So actually, that's a really good question. So there's a couple of options.
24:40
Repeat the question. So he asked, how are we killing our hard drives? So the first method is simple. If you have LUX enabled, you're going to zero out your memory and shut down. The second is a little more aggressive, and the reason that I had to drive out here the hard drives that we use for some of the equipment
25:01
actually has a two ounce thermite charge embedded inside of it, next to the platters. I thought you weren't gonna mention that. Well, good luck dealing with it. Yeah, nobody tell our colo. It's okay, just a little smoke, it won't throw much fire. So the big trick to using a thermite drive, however,
25:21
is choosing the right composition. The most common alloy used is FE304 based, I'm sorry, FE203, and FE304 is the variant that you want to use. It has a higher instantaneous heat output, and depending on how aggressive you really want to get, there's various other types of compounds that can be added in with it. Using a hobby rocketry igniter with a potassium
25:42
permanganate mixture gives a reliable ignition at a low voltage that can be delivered by the computer's power supplies. In terms of actually building the drives, the big difficulty is doing it in a clean environment. So with the hard drives, they're so dense now that a single speck of dust can kill a lot of sectors.
26:02
So either A, if you can finagle your local university to let you use their clean room for a little bit in exchange for some beer, which is what I did, or you can instead do the improvised clean room method in which you actually raise the humidity very high inside of an enclosed space. But the problem is that when you do this, you have to have some very good method
26:20
of drying out the drives' air after the fact. I take some fresh desiccant, and I make sure it's in every drive when I do this. So when the air has a high moisture content, the dust will actually sit to the ground, and you have a safe working environment to modify your drives. Don't assume a single drive will have good sectors afterwards. They won't, but over a large array of drives,
26:41
like a SAN, you'll end up with enough reliability that you can safely do it. Yeah, one of the things to consider is the fact that the old-fashioned spinning magnetic disks are easy to destroy. All you need is to breach the case, and like you said, get a little dust in there, and it'll be impossible to read the data.
27:01
The problem with SSDs is they're a little bit more robust, and that's where the thermite patch, or something of that nature, might be required to physically destroy. Now, we're not recommending you go that route because we like to think that encryption software still provides the mathematical guarantee that you need
27:20
so that if you shut power off to the device, it's just as good as if you had destroyed it physically. In lieu of that, if you're using something like Opal to do your encryption, you can do an instant key eraser on the flash ROM, and then nobody will ever be able to recover that data.
27:42
The downside to Opal is that it's a black box module. It's implemented by the drive manufacturer. You're never gonna get a chance at looking at any code for it. There's a free PBA available from the DriveTrust Alliance and the self-encrypting drive utilities. However, that just talks to the drive. The actual encryption's still done on the drive itself,
28:01
which if you choose to trust Samsung or Micron or one of the other manufacturers, it's a very fast and high-performance encryption system that actually erases it instantaneously. The downside is it's not testing a black box again. Did we talk about the NFC switches?
28:21
I guess we have time for questions. I wasn't expecting that. Any questions? How do we test it? So, I will tell you right now, do not test in prod. So, what we actually do is I'll have usually a couple friends of mine
28:40
that are various involvements in levels of tamper evidence or bypassing, and I will not tell them what I did to a particular system and I will let them have at it. Beer goes a long way to bribe hackers. Pay your testers. Yeah, we intended to actually bring a system out here for the tamper evident village, but travel disruptions got in the way.
29:01
But basically, in terms of testing, you have to think about the entirety of your state machine, what possible attacks that you're considering, what your switches are designed to do, and what exactly you're working on in the event of an intrusion. So, you may choose to say, I have different ranks of intrusion that I'm going to switch to just simply raising an alert
29:20
or actually shutting down or even erasing the data. So, for example, the internal contact sensors, when we test those, we'll have people using various types of shims, various types of cutting tools, and various types of probes to try and bypass them. We actually use a randomized mixture per deployment on whether or not it's an openly contacted switch or a normally closed switch.
29:41
So, that way, you actually don't know per device for the person who built it whether or not that switch is going to open or close if someone tried to short or bypass it. So, when testing, we'll load up some data, and the goal is, for whoever's looking at it, can they get this data off, whether they do it through a cold boot attack via USB,
30:01
whether they do it through actually pulling out a drive and trying to keep power to it if using an opal method, or whether or not they can simply get, if they can get the chassis off without triggering it, that's considered a failed unit, and just get the lid off, regardless of whether or not they do any memory-based attacks yet. Yeah, one of the photos that we showed,
30:25
Chromebooks having trouble keeping up with the, there it is, the 700 megabyte PDF, is we actually epoxied the power cable from the PSU to the motherboard to ensure that somebody couldn't swap it out and remove the board that way
30:41
while maintaining power to the system. And this is a photo that we took after just doing the connector. We actually slathered parts of the cables as well that are exposed. One of the attacks that actually is done for forensic purposes is you will, they will actually slice the sheath of a power cable and apply power from a secondary source
31:01
to try and keep the system running. Hot jacking. Yeah, hot jacking. And with that as a concern, we took kind of precautions in terms of epoxying over the existing power so that basically any attack that will remove that apart remove the sheathing with it and cause a short. So we will accept the hard fail and data corruption
31:21
as a path in that environment. Be sure to epoxy all of the places that an attacker could plug into and get direct memory access. As you can see here, we covered up the ports on the riser card so that nobody could insert anything into them and add something to the system.
31:42
I didn't show it, but you want to look for the BIOS chip and we don't have a picture of it here, but the pins on the side of some of these integrated,
32:02
you also want to cover those up so that nobody can add a lead to it and directly manipulate the integrated circuit. You also want to cover up the battery so nobody can kill power to your BIOS,
32:22
particularly if you're using hardware level protection methods like OPAL. So most of the modern UEFI BIOSes for OPAL will actually, if it detects a warm reboot, it will send the lock commands to the drives. However, if you don't have the ability for the BIOS to actually process and update
32:41
to the current system status, then that enables a possible hotjacking attack. This is, again, specific to OPAL when you have the encryption on the drive itself rather than using a method such as LUX where you're offloading it to memory. Also, be sure you don't overlook your integrated lights-out management board. One of the problems we found with Dell equipment in particular
33:01
is that it's possible to disable IPv4 access to the DRAC controller. What we ended up doing was, what, setting the IP address to? A slash 32. Yep. Make your subnet all 255s so that it can only talk to itself.
33:22
And then you can sit there and wonder what it's saying. Yeah, a non-existent broadcast domain is something that in some of the Dell firmwares you can actually set. So take that to your advantage since they don't allow you to actually turn the features off. You also want to cover up
33:40
some of these unused ports in the back. You can swap out these default covers which have convenient little holes in them with ones that, you don't really have to worry about airflow because the rear air can still eject
34:02
out the back of the power supply. And of course, it's a lot easier, or sorry, a lot harder to get into the machine by sticking a fiber optic camera through an active power supply. Yeah, we tried this and it ended in a lot of fireworks. We were curious, we had an old system.
34:23
Any more questions? Yeah, we do it at the rack level. One of the things you want to look for is a motion. Oh, sorry, he is asking if we install webcams
34:42
inside of the hardware so we can watch anyone trying to manipulate it. So we install the webcam at the rack level and then if you have a good one that can trigger on motion, you can see when anybody approaches the environment. And then presumably, email the photo to you. Make sure that the photo actually gets transmitted.
35:02
You don't want to have a situation where the only copy of the image happens to be in the device in the environment that the person is accessing. We actually also recommend that you have a secondary link going out besides your primary routers, especially in a colo facility where the facility provides every bit of internet access otherwise.
35:22
We actually experimented with cellular modules. Calix actually has the Sprint devices and you can also, of course, for the various embedded hardware, various Arduino add-ons, et cetera, add GSM chipsets as well for exfiltrating. Don't overlook hardening your routers as well.
35:42
We use PF Sense machines which run on commodity hardware so we can do the same modifications to that as we do to the machines that run the encrypted services.
36:17
So the question was, is that it seems this is geared around denying access in an undetected fashion to our data
36:22
and whether or not the switches should just kill power to the system. So the reason that it doesn't just immediately kill power in every case is that first, some of the sensors are particularly sensitive. Regular maintenance in the racks around it will trigger them. So you first want an alert for that because you do have to balance what your actual operational goal is
36:41
and what your security goal is. The contact sensors are designed to just kill things immediately because a contact sensor is not something that will go off via traditional rack maintenance like the tilt sensor might. Yeah, you'll find out through experimentation which sensors are more reliable than others. That's where the testing comes into play. And if you look at that Python script
37:00
I posted a link to, all it does is monitor the sensors. The area of the script where you actually have to decide what happens is left blank. But presumably, as I mentioned earlier, our recommendation isn't physical destruction. It's to rely on the mathematical guarantee provided by the encryption when you cut power.
37:22
That at least affords you the option of restoring. You do have to be careful about using the same hardware that may have actually been tripped. So if you have a confirmed breach situation, you may just want to remove the hard drives
37:40
and place them in a new chassis. I actually have a funny story. At Hope a couple of years back, the guys from Rise Up had the server that the FBI had confiscated and held onto for a year. And they brought it back to the hacking conference. They lifted the top of the cover off and the challenge was to see
38:00
if you could spot the modification. Any more questions? We're almost out of time. Well, I'm right. Not yet. We've had a few false alarms when a prior facility of ours would actually do maintenance in our racks without notice.
38:23
And they generated zero audit logs when they did this. They didn't tell us. They told no one. They wouldn't tell us what they were doing at one point. And I had to pry that information out of them. And while they didn't open up any of the chassis, they were moving the racks around and at one point re-cabling some of the,
38:40
we found out later with the PDUs when we looked at the camera. So while that wasn't a particular intrusion attempt from a hard drive perspective, the sensors did catch it and that's already a very suspicious thing just to be inside of someone's rack. Them re-cabling above the racks is very typical. Re-cabling the PDU inside of the rack is a very rare thing.
39:12
So the question is what encryption do we recommend to guarantee the security of the drives? I use AES-256 for my symmetric cipher.
39:22
I've traditionally, for all my pub key stuff, have been switching to elliptical curve. Although I heard yesterday at one of the talks that it's possible the National Security Agency might have a quantum computer in the very near future capable of breaking ECC and is now recommending
39:42
that we use very large RSA keys. I don't know if I believe it yet because I'm not looking forward to switching back to 8K RSA keys. When it comes to the AES, you also have to choose what mode you wanna use, whether you're using something as XTS or the CVC modes.
40:01
Stick with an authenticated protocol if you can. Yeah, if you have it and it supports it, you wanna be operating in GCM block mode. Unfortunately, that won't work with a full disk encryption because it's a chain cipher. So in order to decrypt block, you have to know the previous block.
40:21
So it's stream cipher, sorry. You have to use a block mode like XTS. I do have pretty high hopes. I haven't implemented it yet in prod, but ChaCha and Poly 1305 look like very promising replacements for AES.
40:46
But when it comes to crypto, what I like to say is that speed kills. You move too fast and you're guaranteed to make a mistake and do something wrong, particularly when it comes to picking a new cipher or a new implementation. It's always good to go with the tried and true.
41:02
The nice thing about symmetric ciphers is that they're much harder to break because of the mathematical principles behind them. They're essentially random number generators that are doing a one-time pad. So if nobody can break the random number generator, either by brute forcing the key
41:20
or by taking the stream and determining what comes next, the algorithm stays secure. It's the public key algorithms that you have to worry about. And on a related note, cryptographic hash algorithms are an interesting discussion because traditionally, SHA-256 and 512 have been very secure alternatives.
41:43
But what we're seeing is that with the emergence of Bitcoin and all of the investment in ASICs is the speed at which they run reduces the security of those older algorithms. One more question, if we have it.
42:05
All right, well, if you think of something later, just come find me at the pool. I'll be at the 303 party tonight.