Booby Trapping Boxes: Running Private Services as a High Value Target

Video thumbnail (Frame 0) Video thumbnail (Frame 1124) Video thumbnail (Frame 2307) Video thumbnail (Frame 3351) Video thumbnail (Frame 4501) Video thumbnail (Frame 5324) Video thumbnail (Frame 6406) Video thumbnail (Frame 7456) Video thumbnail (Frame 8277) Video thumbnail (Frame 9102) Video thumbnail (Frame 10517) Video thumbnail (Frame 12257) Video thumbnail (Frame 13780) Video thumbnail (Frame 14933) Video thumbnail (Frame 16159) Video thumbnail (Frame 17050) Video thumbnail (Frame 17855) Video thumbnail (Frame 18699) Video thumbnail (Frame 19525) Video thumbnail (Frame 21253) Video thumbnail (Frame 22281) Video thumbnail (Frame 23141) Video thumbnail (Frame 24549) Video thumbnail (Frame 29484) Video thumbnail (Frame 30513) Video thumbnail (Frame 31332) Video thumbnail (Frame 32207) Video thumbnail (Frame 40277) Video thumbnail (Frame 42278) Video thumbnail (Frame 43795) Video thumbnail (Frame 45279) Video thumbnail (Frame 46137) Video thumbnail (Frame 47532) Video thumbnail (Frame 48362) Video thumbnail (Frame 49534) Video thumbnail (Frame 50580) Video thumbnail (Frame 55424)
Video in TIB AV-Portal: Booby Trapping Boxes: Running Private Services as a High Value Target

Formal Metadata

Title
Booby Trapping Boxes: Running Private Services as a High Value Target
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English

Content Metadata

Subject Area
Abstract
Ever worry about the hardware you leave behind? In a world where servers are co-located, and notebooks get left in hotel rooms, the ability to resist tampering, and if necessary actively respond to attack, has become increasingly important. And of course everybody knows the best booby traps are the ones you don't know are there. This talk will prepare you for life in 1984, where the maids are evil, and step brothers can't be trusted. Whether your running servers as a high value target, or simply want to protect your Monero private key, this talk will show you to achieve FIPS 140-2 level 4 security, without the FIPS 140-2 level 4 price tag. Specifically, we'll cover acquisition considerations, physical hardening, firmware mitigation, tamper detection and more.
Point (geometry) Time zone Integrated development environment Strategy game Key (cryptography) Multiplication sign Revision control Booby trap Booby trap
Point (geometry) Slide rule Server (computing) Presentation of a group Divisor Correspondence (mathematics) Mereology Web 2.0 Hacker (term) Operator (mathematics) Encryption Cuboid Information security Metropolitan area network Covering space Email Key (cryptography) Operator (mathematics) Personal digital assistant Telnet Video game Speech synthesis Hacker (term) Family Sinc function
Integrated development environment Code Encryption Information security Computer
Asynchronous Transfer Mode Befehlsprozessor Multiplication sign Universe (mathematics) Computer hardware Instant Messaging Booby trap Endliche Modelltheorie Hacker (term) Backdoor (computing)
Standard deviation Building Multiplication sign Computer Public key certificate Cryptography Performance appraisal Integrated development environment Software Computer hardware Energy level Modul <Datentyp> Process (computing) Information Information security Uniform boundedness principle Information security
Radical (chemistry) Standard deviation Information Integrated development environment Multiplication sign Virtual machine Energy level Computer Metropolitan area network
Mobile Web Server (computing) Projective plane Black box Cryptography Coprocessor Public-key cryptography 6 (number)
Area Optical disc drive Computer hardware Electronic mailing list Local ring
Facebook Server (computing) Explosion Computer file Personal digital assistant Server (computing) Factory (trading post) Non-standard analysis Routing Router (computing) Hand fan
Execution unit Server (computing) Digital electronics Server (computing) Multiplication sign Non-standard analysis Online help Sign (mathematics) Uniform resource locator Telecommunication Computer hardware Computer hardware Reflektor <Informatik> Interface (computing) Remote Access Service Information security Firmware
Covering space Digital electronics Personal digital assistant Different (Kate Ryan album) Physicalism Quicksort Information security Physical system
Degree (graph theory) Server (computing) Dialect Process (computing) Forcing (mathematics) Order (biology)
Module (mathematics) Email Virtual machine Thermal expansion Whiteboard Physical system
Personal digital assistant Computer hardware Bit Whiteboard
Pell's equation Email Operator (mathematics) Interface (computing) 1 (number) Bus (computing) Mereology Thermal conductivity Physical system
Type theory Server (computing) Different (Kate Ryan album) Sampling (statistics) Physicalism
Module (mathematics) Server (computing) Existential quantification Digital electronics Information Connectivity (graph theory) Multiplication sign Execution unit Mereology Frame problem 10 (number) Hand fan Power (physics) Type theory Integrated development environment Personal digital assistant Computer hardware Order (biology) Lipschitz-Stetigkeit
Area Medical imaging Email Motherboard Interface (computing) Microcontroller Tracing (software)
Personal identification number Scripting language Type theory Email Dependent and independent variables Causality State of matter 1 (number) Right angle
Point (geometry) Dependent and independent variables Server (computing) Game controller Multiplication sign Chemical equation Uniqueness quantification 1 (number) Bit Moment of inertia Line (geometry) Software maintenance Computer Integrated development environment Personal digital assistant Operator (mathematics) Hard disk drive Data center Cuboid Software testing Fiber (mathematics) Physical system
Personal identification number Process (computing) Tape drive Bit Mereology
Revision control Scripting language Module (mathematics) Group action Key (cryptography) Software repository Physical system
Server (computing) Thread (computing)
Email Asynchronous Transfer Mode Group action Multiplication sign Insertion loss Function (mathematics) 2 (number) Power (physics) Magnetic stripe card Mixture model Moore's law Goodness of fit Iteration Semiconductor memory Term (mathematics) Computer configuration Single-precision floating-point format Operator (mathematics) Computer worm Information Booting Metropolitan area network Physical system Scripting language Default (computer science) Enterprise architecture Information Gradient Projective plane Bit Category of being Type theory Digital photography Integrated development environment Personal digital assistant Password Universe (mathematics) Revision control Hard disk drive MiniDisc Pattern language Encryption Cycle (graph theory) Whiteboard Spacetime
Module (mathematics) Code Patch (Unix) Flash memory Bit Black box Power (physics) Software Natural number Encryption Utility software Routing Physical system
Multiplication sign Execution unit Event horizon Power (physics) Data mining Mixture model Type theory Hacker (term) Term (mathematics) Different (Kate Ryan album) Energy level Software testing Finite-state machine Ranking Proxy server Booting Physical system
Digital photography Semiconductor memory Motherboard Whiteboard Probability density function Physical system Power (physics)
Personal identification number Term (mathematics) Semiconductor memory INTEGRAL Multiplication sign Direction (geometry) Source code Plastikkarte Mereology Power (physics) Physical system
Ocean current Data management Digital electronics Semiconductor memory Computer hardware Encryption Energy level Whiteboard Booting Power (physics) Physical system
Domain name Broadcasting (networking) Default (computer science) Existence Game controller 1 (number) IP address Firmware
Webcam Multiplication sign Perspective (visual) Medical imaging Mathematics Bit rate Computer configuration Semiconductor memory Encryption Stream cipher Symmetric-key algorithm Quantum computer Information security Physical system Graphics tablet Covering space Scripting language Area Algorithm Block (periodic table) Physicalism Bit Public-key cryptography Digital photography Exterior algebra Hash function Order (biology) Hard disk drive MiniDisc Advanced Encryption Standard Row (database) Asynchronous Transfer Mode Point (geometry) Dataflow Server (computing) Implementation Random number generation Link (knot theory) Virtual machine Streaming media Login Power (physics) Internetworking Hacker (term) Computer hardware Energy level Software testing Router (computing) Module (mathematics) Information Key (cryptography) Software maintenance Cryptography Elliptic curve Uniform boundedness principle Integrated development environment Personal digital assistant Communications protocol
all right good morning I say good morning because I know by this point in Def Con we're better off using the same time zone as Tokyo which makes this about 7:00 a.m. so thank you for getting out of bed the good news is we have an
interesting topic ahead we'll get to spend the next hour talking about boobies or more specifically strategies designed to protect an execution environment for manipulation with a specific eye towards ensuring cryptographic keys can't be excellent rated via physical access try three times fast oh man there we go yeah I tried to
change the slide over here and Google was asking me for a question your presenters today or myself ludar Levison and i'm honinbo honinbo tails what we're going to be talking about are essential skills for life in the world of 1984 where the maids can't be trusted and your big brother is out to get you for my part I'm the operator of lavabit and encrypted email service I'm a technological warlock a corporate kingpin and some would say a team linchpin my assistant hyung-nim BOE is the proprietor of hacking in coffee and he enjoys robbing banks under the cover of darkness listen come on man I'm your web host at this point I'm a little more than that let's uh about security as an
industry I think we've come a long way speaking for myself it's been a few years since I've seen anybody try to log into their box via telnet one of the key factors pushing that security is encryption and its proliferation encryption is important because it provides a mathematical guarantee that the data can't be accessed without the corresponding key of course the problem
is that as we've evolved so have the attacks unfortunately as good as we are at architecting and build secure systems we still need a reliable
and friendly environment to run on run our bug-free ultra secure code with encryption specifically we've seen a new breed of attacks where all the security measures we put in place get simply via
physical access now there's a picture of an Altair because that was probably the last computer you could look at and kind
of understand how it worked on the inside before we go any further we should talk about our assumptions for our purposes were focused on targeted physical attacks which means we're making the assumption there is no Universal backdoor and x86 hardware as
always when it comes to assumptions your
mileage may vary unfortunately we don't
have time to cover it today but it makes sense that if your threat model requires you to install booby-traps in your hardware you probably want to do to your IME as well for those of you who spent
some time in this building what we're talking about will look familiar
essentially we're taking commodity
Hardware and modifying it to afford you some of the security guarantees provided by fifth level four so we can run our
Common Criteria EA L 4 plus software in a secure environment unlike the actual FIPS level for our recommendations don't come with certificates from the government though if you are familiar
with those standards don't fret it only means you haven't spent much time working for the man for those folks I'll summarize by saying fifth level 4 is what the State Department would use for a classified information terminal they have located in the basement of the American Embassy in Taylor someplace
interesting like that if a machine can stay secure in an environment like that
is that a come that the same computer would be worthy of being placed in a co-located facility and be safe from legal extra legal and illegal access probably there are plenty of commercial
solutions available and they'll work great if you don't mind paying much for
five-year-old technology personally I have a problem trusting blackbox crypto modules particularly when the vendors largest customer happens to be the government that you may be trying to protect yourself from
there's some notable open projects the most notable being or as in 1984 and for
those of you looking for a secure solution to place at home just to protect your Manero private key that might be a good way to go unfortunately running a service like lavabit takes a few more myths than a 6th gen mobile processor can give you unfortunately
there were even if that was enough unfortunately their rack solution leaves something to be desired so I decided to
go with commodity Hardware and while I have my concerns about Dell it's easy to find warehouses that let you pay cash and carry away the equipment it's always good to purchase your gear anonymously as a tip if you have trouble finding a
local vendor try searching eBay for
sellers selling what you want in your local area odds are if they have multiple listings they're simply a vendor with a warehouse full of gear more than happy to sell it
to you whoa am i ok sure a high-value
target I'd certainly recommend against ordering equipment online and having it shipped you never know what can happen to it in route in case you didn't catch the subtext in this note Apple even has problems with their servers being intercepted and modified during shipping if the largest company in the world can't do it what chance do we have interesting factoid if you look at the SEC filings for Intel you'll find out the three of their biggest customers for custom a x86 chips are the NSA Google and Facebook makes you wonder what customizations they're having done to their particular chips they're any FOIA fans in the audience they may want to go after those details be sure to pick a
commodity hardware vendor with a reasonably robust and competent security team gone so you could probably meet a
big portion of the security team here and you can make your own judgments about whether or not they're competent you also want to look for one that's going to use sign firmware updates and we'll be continue to publish firmware updates for some time after you
purchased the hardware unfortunately when it comes to commodity Hardware most servers do ship with tamper detection circuits but they tend to be rudimentary and thus easy to bypass it doesn't help that their location is known in advance that's one of the benefits the do-it-yourself approach you can randomize the location even at a reverse switch to demonstrate just how easy it is to bypass these tamper detection circuits hone in BO is going to demonstrate on this r7 10 so we need some volunteers in the audience you can see the front LED and tell us if he manages to trip the circuit the trick in
this case is to take the shim and go through the regulatory label hole in the top of the case find the tamper circuit depress it they said it would be fast you know that always helps who's got something Hey you try getting up in front of a thousand people at 7:00 in the morning and doing this once you have the tamper circuit depressed you can lift the top cover
safe good pop up and remove the case remove the lid giving you access to all sorts of different ways of attacking the system most notably being those exposed JTAG ports yeah moving on if you think about security as an absolute where something is either secure or it isn't then you're going about it all wrong I like to think about security in the same way physical safe manufacturers do
the first and most important job of a safe is to defend against spoofed access if you can break into the safe without leading a trail like by using this particular dialing shot that was demonstrated last year the safe has failed so our first mission in modifying our servers was to ensure that nobody could access them without us knowing the
second consideration is the degree of difficulty than an attacker would need in order to brute-force their way past the locks presumably with a physical safe it's a blowtorch with our approach it's the same thing and the goal is that the amount of force and heat required to remove our modifications efficient to
destroy the machine thus accomplishing our goal to continue turn the mic over
on Nimbo who's going to talk about how
we made those modifications
so the first thing to know about all of these dell systems is there's a very
large debug headers expansion modules
and available on these boards some of these are for legitimate things for businesses you've got your idrac you've got various OpenManage you've got
sometimes have additional like whatever hardware you end up with
and you got to do a little engineering and in our case we took a little bit
messy approach for some of this so some
people may recognize this is PC seven epoxy that we went go through a lot of the boards so anything that can't be physically removed from the board we basically to remove it that they're not
going to be able to practically do it while the sensors are still in place so all over others and the things that will
we also do nectars so these whole sides of the chassis is all free only very easy spots to pick probes through and with those probes there are various things like the the front header of the USB bus on the underneath front bezel and part of this not just to debug interfaces but the ones that you're actually using the conduct operation you have because there's only so much you can actually turn off and still have a
working system the PCI risers we just went ahead and go for that and just wear
some gloves take skin off I know this the hard way one thing some people may
note is I have some very credit otter joints on here there's a reason for this is if someone were to start physics
which we the server fail off so you may notice that we have a few different types of contacts here for one we have just a sample of a simple lever switch or the roller and next to the original Dell chassis sensor so we have a few
different types again so everybody's
been interesting so we take advantage of the actual disassemble as for these servers in this case assembly module inside of one of these Dell are seven tens fan module comes out as a big tray and we can pull out ends Oh luckily for us Dell alerts doing is in modules we had circuit rigging sensors for some of the some of the units and part of this is is that in order to get to the initial components not only do you have to try and bypass our sensors but at the same time you've got the existing Gnostic sensors that weren't even tamper intrusion working for you so all of these extra fans that the the speed sensors there are tons of diagnostic information that lets you know something's wrong with your environment it's inside of a colocation facility any decent quality dinner you know what the environment is and you take that whether or not the airflow is starting to lessen that something's in the room with you whether or not the temperature is really going up in a way that's not related to hardware and it comes down to a lot of
monitoring I just like to add that airing this in the assembly here you'll notice the lip which protects an attacker against an attacker accessing it unless they go directly which is because they can't get the shim past this little lip here it's important advantage of the natural character in your particular server when deciding where to place yep so we take advantage of that from the top but also we actually will modify the frame as well one thing to drill to the top and risk power squatter causing some kind of faults which spice enough and do this with various types of equipment from a hole on the Tiber laser on the on the
government side but going through the actual motherboard on the bottom you're getting into the the SATA buses that run underneath the particular area that we chose and you're getting into a lot of other interfaces where if you started drilling through it's going to be very very difficult to get to those sensors big image of everything from your traces
to your layout just how tiny you can get these little microcontrollers in place
so we use the internal headers for connecting up our equipment rather than running it back out obviously and we just slathered everything on there and you may notice we explicitly did not use
pin headers again just very very Kerdi solder joints in this epoxy as as a lot of people like my challenge here know is
that is very easy to make a mistake and cause something to slip and we want to take advantage of that we're a minor slip that normally wouldn't trigger will
cause damage as again failing off is exactly what we want and when you get to
the code but that we have available
right now it's currently in its older state it's just a simple Arduino script that's currently up we're uploading our new vs. talked and we've since added tilt sensors we've added other types of contact sensors besides shown and one of the ones that were actually working on right now is a challenge response NFC tag inside of some of the components and with that you'll actually be able to authenticate not just a little magnetic Reed sensor but the particular tag inside of the chassis being used we're
doing great on time so keep talking when we get into these trial and response systems in the Box village just next door you will notice that a lot of people just bring magnets and bypass the sensors directly one of the unique things that you can get away with when you get into this into the DIY approach is you can have sensors that aren't documented outside of your own design so we actually can have unique tags per contact point inside of this chassis on top of the more traditional methods as in a certain environment you may be a to get the NFC signal out reliably for practical purposes these servers might as well be Faraday cages as well as their well grounded if someone were to try and tamper with the power supply to trying to damage that you have another Dell sensor that has a potential to kick in and with this environment you also have some other interesting approaches you can take so we actually also controlled the server cabinets as well and with control the server cabinets you know whether or not someone's supposed to be doing maintenance or whether or not someone's opening your doors to try and get access to the fiber line that's running into it and it actually this is where you get to a little bit of the balance act that you have to do is that it is very easy to shoot yourself in the foot with these sensors so protip test your switches before you install them yes test our switches before you install them the hard drives that were originally going to come here so came succumb to that the other thing the test is not just whether or not your owns the individual server sensors work but whether or not what you're sensing for the environment as a whole is not going to just come back to bite you so overall any any operation any home lab any rack and a data center it's gonna need maintenance so if I were servicing this box right now I could easily just shut off the sensors from the servicing purpose lock the data do whatever is necessary but what about the server above and below it well contact sensors won't be an issue but let's say you start adding in things like various motion tilt and one of the more interesting ones to play with is light sensors you have to maintain good airflow through your servers still so such sensors become very effective at detecting anything in your environment that's changed but at the same time you have to make sure the servers are still functional and what you can actually block off the the tilt sensors are actually one of the ones that we found the most problematic as so those server racks in particular if you're not fortunate of do I have the ones anchored to the ground will vibrate quite a bit when unwrapping the server beneath it and promptly lock or erase everything yeah I mean I can take over yeah the the great thing about those ball bearing tilt sensors is that if somebody tries to pull the server out on its rails the tilt sensor will get switched from the movement the inertia so try drilling a hole in the top of a case when you've got two other computers on top of it that are equally protected like I said it's about taking advantage of your environment I wanted to talk
about briefly how you go about building
these particular modifications it's a pretty simple process takes a little bit of practice but it involves purchasing
switches like this along with some ribbon cables you solder it to the two pins mount it in your chassis in various
parts and then wire everything back to
the port on this little Arduino which we protected with electrical tape and the
key will be a surrounding epoxy and then of course epoxy did in you then connect that to your internal USB port and you
can use the Python script the rudimentary version of it which is in this repo to monitor that our dream o and detect when any any of your switches or detection modules get tripped and then choose to take the appropriate action presumably if your have a fully encrypted system it would be to shut down once you get all your modifications
in place one of the things we like to do I didn't bring it is use thread Locker
to ensure you can't even unscrew it we didn't have the screw in this particular lid but most of these servers have at least one optional screw that you can use
another great tip is to cover your joints with something like varnish or my
personal favorite nail polish the more glitter the better sprinkle that on take a photo of the glitter pattern and if anybody tries to remove the the case they won't be able to replicate the exact dispersion of the glitter for man's holographic seals now I'd like to
talk a little bit about operational considerations when you're working in a high threat environment and you have one of your sensors actually get tripped one of the recommendations that I would make is to take advantage of the fact that lux supports multiple key slots I don't have a photo of it here but you can see that it supports up to eight different passwords all you need to do is write a little script that when somebody enters the password in one of those high low high numbered key slots it wipes the slot that way if you need to tell somebody the boot password they can type it in and if that password were intercepted they wouldn't be able to use it again we we didn't talk about it earlier but one of the reasons that we used PC seven epoxy is because it has the right thermal and electrical properties you want to pick something that isn't going to create a short-circuit with your board or trap the heat and destroy the various chips that you're trying to protect we also chose PC seven because it's incredibly difficult to remove as he mentioned don't get it on your hands there are also other advantages or things that you can take advantage of if you're not using enterprise grade equipment one of the things you want to look for for example is ECC registered memory the reason being it's incredibly difficult to remove ECC memory and still read the information off the chip after the system has shut down because ECC memory by default cycles itself every time it powers on you also want to add things like this project USB kill which will detect if anybody inserts a USB Drive into any of your ports and could take appropriate action in that situation as well anything else we should cover let me pull up my notes feel like I'm forgetting something important so actually that's a really good question so there's a couple of options repeat the question oh so he asked how are we killing our hard drives so the first method is simple if you have lux enabled you're going to observe out your memory and shut down the second is a little more aggressive and the reason that I had to drive out here the hard drives that we use for some of the equipment actually has a two-ounce thermite charge embedded inside of it next to the platters and we're gonna mention that well good luck dealing with it yeah don't nobody tell our kool oh it's okay just a little smoke it won't throw much fire so the big trick to using a thermite drive however is choosing the right composition the most common alloy uses fe3o4 based I'm sorry fe2o3 and fe 3 or 4 is the variant that you want to use it has a higher instantaneous heat output and depending on how aggressive you really want to get there's various other types of compounds that can be added in with it using a hobby rocketry igniter with a potassium permanganate mixture gives a reliable ignition at a low voltage that can be delivered by the computer's power supplies in terms of actually building the drives the big difficulty is doing it in a clean environment so with the hard drives there they're so dense now that a single speck of dust can kill a lot of sectors so either a if you can finagle your local university to let user clean room a little bit for a little bit in exchange for some beer which is what I did or you can instead do the improvised cleaner method in which you actually raise the humidity very high inside of an enclosed space but the problem is that when you do this you have to have some very good method of drawing out the drives air after the fact I did take some fresh desiccant and I make sure it's in every Drive when I do this so when the air has a high moisture content the dust will actually stick to the ground and you have a safe working environment to modify your drives don't don't assume a single Drive will have good sectors afterwards they won't but over a large array of drives like a SAN you'll end up with enough reliability that you can safely do it yeah one of the things to consider is the fact that the old-fashioned spinning magnetic discs are easy to destroy all you need is to
breech the case and like you said get a little dust in there and it'll be impossible to read the data Oh the problem with SSDs is they're a little bit more robust and that's where the thermite patch or something of that nature might be required to physically destroy so now we're not recommending
you go that route because we like to think that encryption software still provides the mathematical guarantee that you need so that if you shut power off to the device it's just as good as if you had destroyed it physically in lieu of that if you're using something like opal to do your encryption you can do an instant key erasure on the flash ROM and then nobody will ever be able to recover that data the downside to opal is is that it's a black box module it's implemented by the drive manufacturer you're never going to get a chance at looking any code for it there's a free PBA available from the drive trust alliance and the self encrypting Drive utilities however that's just that just talks to the drive the actual encryption is still done on the drive itself which if you choose a trust Samsung or a micron or one of the other manufacturers it's very fast in high-performance encryption system that actually erases it instantaneously the downside of busting a black box
again did we talk about the NFC switches I guess we have time for questions I wasn't expecting that any questions how do we test it so I'll tell you right now do not test and prod so what we actually do is all have usually a couple friends of mine that are various involvements and levels of tamper evidence or bypassing and I will not tell them what I did to a particular system and I will let them have at it beer goes a long way to bribe hackers pay your testers yeah we intended to actually bring a system out here for the tamper-evident village but travel disruptions got in the way yeah but basically in terms of testing you have to think about your the entirety of your state machine what possible attacks that you're considering what your switchers are designed to do and what exactly you're in the event of an intrusion so
you may choose to say I have different ranks of intrusion that I'm going to switch to just simply raising an alert or actually shutting down or even erasing the data so for example the internal contact sensors when we test those we'll have people using various types of shims various types of cutting tools and various types of probes to try and bypass them we actually use a randomized mixture per deployment on whether or not it's an openly contacted switch or a normally closed switched so that way you actually don't know and accept per device for the person who built it whether or not that switch is going to open or close if someone tried the shorter bypass it so when testing will load up some data and the goal is for whoever is looking at it can they get this data off whether they do it through a cold boot attack via USB whether they do it through actually pulling out a drive and trying to keep power to her if you're using an opal method or whether or not they can simply get if they can get the chassis off without triggering it that's considered a failed unit and just get
the lid off regardless of whether or not they do any memory based attacks yet yeah one of the photos that we showed Chromebooks having trouble keeping up with the separatist the 700 megabyte PDF
is we actually epoxy the power cable from the PSU to the motherboard to ensure that somebody couldn't swap it out and remove the board that way while maintaining power to the system and this is a photo that we took after just doing
the connector we actually slathered parts cables as well that are exposed one of the the attacks that I've actually is done for forensic purposes is you will they will actually slice the sheath of a power cable and apply power from a secondary source to try and keep this as time cranking yeah hot jacking and with that as a concern we took kind of precautions in terms of epoxy over the existing power so that basically any attack that will remove that approve the sheathing with it and cause a short so we we will accept the hard fail and data corruption as a path in that environment be sure to epoxy all of the places that an attacker could plug into and get direct memory access as you can see here we covered up the ports on the riser card so that nobody could insert anything into them and add something to the system I didn't show it but you want
to look for the BIOS chip and we don't have a picture of it here but the pins on the side of some of these integrations you also want to
cover those up so that nobody can add a lead to it and directly manipulate the integrated circuit you also want to cover up the battery so nobody can kill
power to your BIOS particularly if you're using hardware level protection methods like opal so the most of the
modern UEFI BIOS is for opal well actually if it detects a warm reboot it will send a lot commands to the drives however if you don't have the ability for the bias to actually process an update to the current system status then that enables a possible hot jacking attack this is again specific to opal when you have the encryption on the drive itself rather than using a method such as Lux where you're offloading it to memory also be sure you don't overlook your integrated lights-out management board one of the problems we found with Dell equipment in particular is that
possible to disable ipv4 access to the Drac controller what we ended up doing was what setting the IP address 2/32 yep make your subnet all 255 so that it can only talk to itself and then you can sit there and wonder what it's saying yeah a non-existent broadcast domain is something that and some of the Dell firmware is you can actually set so take that to your advantage since they don't allow you to actually turn the features off you also want to cover up some of these unused ports in the back you can
swap out these default covers which have convenient little holes in them with ones that you don't really have to worry
about air flow because the rear air can still eject out the back of the power supply and of course it's a lot easier or luck sorry a lot harder to get into the machine by sticking a fiber optic camera through an active power supply yeah we we tried this and it ended in a lot of fireworks we were curious we had an old system any more questions yeah we do it in the rack level one of the things you want to look for is a motion oh sorry he is asking if we install webcams inside of the hardware so we can watch anyone trying to manipulate it so we install the webcam at the rack level and then if you have a good one that can trigger on motion you can see when anybody approaches the environment and then presumably email the photo to you make sure that the photo actually gets transmitted you don't want to have a situation where the only copy of the image happens to be in the device in the environment that the person is accessing we actually also recommend that you have a secondary link that going out besides your primary routers especially in a Colo facility where the facility provides every bit of internet access otherwise we actually experimented with cellular modules calex actually has the the Sprint devices and you can also of course for the various embedded hardware various Arduino add-ons etc as GSM chipsets as well for excellent rating don't overlook hardening your your routers as well we use pfSense machines which run on commodity hardware so we can do the same modifications to that as we do to the machines that run the encrypted services so the question was is that it seems this is geared around denying access and an undetected fashion to our data and whether or not the switches should just kill power to the system all right so the reason that it doesn't just immediately kill power in every case is at first some of the sensors are particularly sensitive regular maintenance in the racks around it will cut will trigger them so you first want an alert for that because you do have to balance what your actual operational goal is and what your security goal is the contact sensors are designed to just kill things immediately because the contact sensor is not something that will go off the traditional rack maintenance like the tilt sensor might yeah you'll find out through experimentation which sensors are more reliable than others that's where the the testing comes into play and if you
look at that Python script I posted a link to all it does is monitor the sensors the area of the script where you actually have to decide what happens is left blank but presumably as I mentioned earlier our recommendation isn't physical destruction it's to rely on the mathematical guarantee provided by the encryption when you cut power that at least get affords you the option of restoring you do have to be careful about using the same hardware that may have actually been tripped so if you have a confirmed breach situation you may just want to remove the hard drives and place them in a new chassis I actually have a funny story at hope a couple of years back the guys from rise up had the server that the FBI had confiscated and held on to for a year and they brought it back and they to the hacking conference they lifted at the top of the cover off and the challenge was to see if he could spot the modification any more questions we're almost out of time all right not yet we've had a few false alarms when the facility prior facility of ours would actually do maintenance and our racks without notice and that's they generated zero audit logs when they did this they didn't tell us they told no one they wouldn't tell us what they were doing at one point and I had to pride that information out of them and and while they didn't open up any of the chassis they were moving the racks around and at one point reeked abling well some of the we found out later with a PDUs when he looked at the camera so while that wasn't an act and a particular intrusion attempt from a of the hard drives perspective the sensors did catch it and that's already a very suspicious thing just to be inside of someone's records memory cabling above the racks is very typical wreak abling the PDU inside of the rack is a very rare thing so the question is what encryption do we recommend to guarantee the security of the drives I use aes-256 for my symmetric cipher I've traditionally for all my pub key stuff have been switching to elliptical curve although I heard yesterday at one of the talks that it's possible the National Security Agency might have a quantum computer in the very near future capable of breaking ECC and is now recommending that we use very large RSA keys I don't know if I believe it yet because I'm not looking forward to switching back to 8k RSA keys when it comes to the AES you also have to choose what mode you want to use whether you're using something as XTS or the CBC modes stick with an authenticated protocol if you can you if you have it and it supports it you want to be operating in GCM block mode unfortunately that won't work with a full disk encryption because it's a change cipher so in order to decrypt a block you have to know the previous block so it's a stream cipher sorry you you have to use a block mode like XTS I do have pretty high hopes I haven't implemented it yet in Prague but cha-cha and poly 1305 look very prompt as very look like very promising replacements for AES but when it comes to crypto what I like to say is that speed kills you move too fast and you're guaranteed to make a mistake and do something wrong particularly when it comes to picking a new cipher or a new implementation it's always good to go with the tried and true the nice thing about symmetric ciphers is that they're much harder to break because of the mathematical principles behind them they're essentially random number generators that are doing a one-time pad so if nobody can break the random number generator either by brute forcing the key or by taking the stream and determining what comes next the algorithm states Carrie it's the public key algorithms that you have to worry about and on a related note cryptographic hash algorithms are an interesting discussion because traditionally shot to 256 and 512 have been very secure alternatives but what we're seeing is that with the emergence of Bitcoin and all of the investment in Asics is the speed at which they run reduces the security of those older algorithms one more question if we have it all right well if you think of something later just come find me at the pool I'll be at the 303 party tonight
Feedback