CIS 551 / TCOM 401

Computer and Network Security

Lecture 7 – Class Notes

Feb 2nd, 2006

by

V.S.Surya Prakash Bachoti

 

Covert Channels :

 

In information theory, a covert channel is a communications channel that does a writing-between-the-lines form of communication. (two components of a system that are not  permitted to communicate do so)

 

-         it can be anything from a wire to a socket(an abstract channel)

-         not intended to be used as an explicit channel

 

Information hiding:

 

Exchange of information about disallowed topics by encoding contraband information in the legitimate traffic.

 

Example channels / information hiding strategies :

– Behavior of programs (branching)

   Eg. Machine addressing from higher security to lower security

– Adjust the formatting of output:

use the “\t” character for “1” and 8 spaces for “0”

– Vary timing behavior based on key

  Eg. Web server response time, password exchange with response time

– Use "low order" bits to send signals

– Power consumption

– Grabbing/releasing a lock on a shared resource

 

Digital watermarking:

 

A technique which allows an individual to add hidden copyright notices or other verification messages to digital audio, video, or image signals and documents. Such hidden message is a group of bits describing information pertaining to the signal or to the author of the signal (name, place, etc.). The technique takes its name from watermarking of paper or money as a security measure.

 

Differential Power Analysis:

 

A method of attacking a cryptosystem which exploits the varying power consumption of microprocessors while executing cryptographic program code. It is a side-channel attack.

 

Solutions – Smooth the power curve(less efficient)

–        Introduce noise (but has been well studied by electrical engineers)

The tradeoff is efficiency.

 

 

TEMPEST(Transient Electromagnetic Pulse Emanation Standard) Security:

 

A U.S. government code word for a set of standards for limiting electric or electromagnetic radiation emanations from electronic equipment such as microchips, monitors, or printers. It is a counter-intelligence measure aimed at the prevention of electronic espionage. The term TEMPEST is often used more broadly for the entire field of compromising emanations or Emissions Security (EMSEC).

 

– computer monitors and other devices give off electromagnetic radiation

– these emanations can be intercepted from a remote location(such emanations are sometimes called "van Eck radiation", and the eavesdropping technique Van Eck phreaking)

 

Solutions

-         filtering out high-frequency components from fonts before rendering them on a computer screen will attenuate the energy at which text characters are broadcast

-         Adding random noise to the less significant bits of pixel values can render the emanations from flat-panel displays unintelligible to eavesdroppers

 

Policy is set in National Communications Security Committee Directive 4

Guidelines for preventing EM reception

– Shield the device using heavy metals (expensive)

– Shield a location

 

Defenses for Covert Channels:

 

Automated program analysis:

-static program analysis

-use resources in the same way while branching (this makes resources useless)

-a lot operations can’t be performed if branching is disallowed on secret information

-turn off optimizations(use NOPs – not so useful)

-different instructions take different amounts of time

-processor ordering is different

-reading cache

 

It is difficult to eliminate all covert channels.

Eg.: instructions cannot take same time and power

 

Is a system is secure enough?

 

How much incentive does a hacker have?

Security isn’t a target, it’s a process over time

Tiger team - The term has become popular in the computer world, where the security of computer systems is often tested by tiger teams; one of the earliest examples was with the Multics operating system. A subset of tiger teams are professional hackers, testing the security of military computer installations by attempting remote attacks via networks or supposedly "secure" communication channels.

 

Assurance methods – what do companies use?

-         valid and invalid inputs

-         it is impossible to do exhaustive testing

-         “Progressive testing”

-         Automated tools to generate test cases

Validation:

-         less rigorously specified than testing

-         refinement and iteration over time

-         design reviews

-         external certification

 

Rainbow Series:

A series of computer security standards published by the United States government in the 1980s and 1990s. These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria.

 

Orange Book Requirements (TCSEC):

• TCSEC = Trusted Computer System Evaluation Criteria

 

• Security Policy

• Accountability

• Assurance

• Documentation

 

Evaluation Assurance Levels:

 

EAL 1: Functionally Tested

EAL 2: Structurally Tested

EAL 3: Methodically Tested and Checked

EAL 4: Methodically Designed, Tested, Reviewed

EAL 5: Semiformally Designed and Tested

EAL 6: Semiformally Verified Design and Tested

EAL 7: Formally Verified Design and Tested