CIS 551 / TCOM 401
Computer and Network Security
Lecture 7 Class Notes
Feb 2nd, 2006
V.S.Surya Prakash Bachoti
Covert Channels :
In information theory, a covert channel is a communications channel that does a writing-between-the-lines form of communication. (two components of a system that are not permitted to communicate do so)
<![if !supportLists]>- <![endif]>it can be anything from a wire to a socket(an abstract channel)
<![if !supportLists]>- <![endif]>not intended to be used as an explicit channel
Exchange of information about disallowed topics by encoding contraband information in the legitimate traffic.
Example channels / information hiding strategies :
Behavior of programs (branching)
Eg. Machine addressing from higher security to lower security
Adjust the formatting of output:
use the \t character for 1 and 8 spaces for 0
Vary timing behavior based on key
Eg. Web server response time, password exchange with response time
Use "low order" bits to send signals
Grabbing/releasing a lock on a shared resource
A technique which allows an individual to add hidden copyright notices or other verification messages to digital audio, video, or image signals and documents. Such hidden message is a group of bits describing information pertaining to the signal or to the author of the signal (name, place, etc.). The technique takes its name from watermarking of paper or money as a security measure.
Differential Power Analysis:
A method of attacking a cryptosystem which exploits the varying power consumption of microprocessors while executing cryptographic program code. It is a side-channel attack.
Solutions Smooth the power curve(less efficient)
<![if !supportLists]> <![endif]>Introduce noise (but has been well studied by electrical engineers)
The tradeoff is efficiency.
TEMPEST(Transient Electromagnetic Pulse Emanation Standard) Security:
A U.S. government code word for a set of standards for limiting electric or electromagnetic radiation emanations from electronic equipment such as microchips, monitors, or printers. It is a counter-intelligence measure aimed at the prevention of electronic espionage. The term TEMPEST is often used more broadly for the entire field of compromising emanations or Emissions Security (EMSEC).
computer monitors and other devices give off electromagnetic radiation
these emanations can be intercepted from a remote location(such emanations are sometimes called "van Eck radiation", and the eavesdropping technique Van Eck phreaking)
<![if !supportLists]>- <![endif]>filtering out high-frequency components from fonts before rendering them on a computer screen will attenuate the energy at which text characters are broadcast
<![if !supportLists]>- <![endif]>Adding random noise to the less significant bits of pixel values can render the emanations from flat-panel displays unintelligible to eavesdroppers
Policy is set in National Communications Security Committee Directive 4
Guidelines for preventing EM reception
Shield the device using heavy metals (expensive)
Shield a location
Defenses for Covert Channels:
Automated program analysis:
-static program analysis
-use resources in the same way while branching (this makes resources useless)
-a lot operations cant be performed if branching is disallowed on secret information
-turn off optimizations(use NOPs not so useful)
-different instructions take different amounts of time
-processor ordering is different
It is difficult to eliminate all covert channels.
Eg.: instructions cannot take same time and power
Is a system is secure enough?
How much incentive does a hacker have?
Security isnt a target, its a process over time
Tiger team - The term has become popular in the computer world, where the security of computer systems is often tested by tiger teams; one of the earliest examples was with the Multics operating system. A subset of tiger teams are professional hackers, testing the security of military computer installations by attempting remote attacks via networks or supposedly "secure" communication channels.
Assurance methods what do companies use?
<![if !supportLists]>- <![endif]>valid and invalid inputs
<![if !supportLists]>- <![endif]>it is impossible to do exhaustive testing
<![if !supportLists]>- <![endif]>Progressive testing
<![if !supportLists]>- <![endif]>Automated tools to generate test cases
<![if !supportLists]>- <![endif]>less rigorously specified than testing
<![if !supportLists]>- <![endif]>refinement and iteration over time
<![if !supportLists]>- <![endif]>design reviews
<![if !supportLists]>- <![endif]>external certification
A series of computer security standards published by the United States government in the 1980s and 1990s. These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria.
Orange Book Requirements (TCSEC):
TCSEC = Trusted Computer System Evaluation Criteria
Evaluation Assurance Levels:
EAL 1: Functionally Tested
EAL 2: Structurally Tested
EAL 3: Methodically Tested and Checked
EAL 4: Methodically Designed, Tested, Reviewed
EAL 5: Semiformally Designed and Tested
EAL 6: Semiformally Verified Design and Tested
EAL 7: Formally Verified Design and Tested