We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byTheresa Richards
Modified about 1 year ago
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005
2Copyright © 2005 InfoGard Laboratories Proprietary Agenda Introduction –Objective –Threat Models –Threat Taxonomy –Access Threats Physical Security –Role –Technologies –External Environment Attacks & Mitigations –Attack Points –Level of Effort –Mitigation Strategies Challenges –Standard –Validation –Lifecycle Constituents Summary
3Copyright © 2005 InfoGard Laboratories Proprietary Objective “It should be very clear that compromised physical security always means that all security layers have been compromised. All security discussed in this solution is based on the assumption that physical security has been addressed.Without physical security, no other security measures can be considered effective. “It should be very clear that compromised physical security always means that all security layers have been compromised. All security discussed in this solution is based on the assumption that physical security has been addressed. Without physical security, no other security measures can be considered effective.” Microsoft Website Discussing System Security
4Copyright © 2005 InfoGard Laboratories Proprietary Physical Security Role Physical Security Protects all other Module aspects Critical Security Parameters Data, Information or Cargo Module Integrity Physical and Logical Physical Security at Cryptographic Boundary Physical Security is Access Control
5Copyright © 2005 InfoGard Laboratories Proprietary General Threat Models Low Threat Environment User/Owner benefit by module security High Threat Environment User/Owner benefit by module compromise Custom Threat Environment High Value Data Unique Environment Typically 140-2 Level 1 and Level 2 Modules Typically 140-2 Level 3 and Level 4 Modules External Environment Effect Space Vault Data Value Cost of Loss Cost of Loss of Integrity
6Copyright © 2005 InfoGard Laboratories Proprietary Threat/Attacker Taxonomy Class I - (Clever Outsiders) - opportunistic –Intelligent; limited system knowledge –Limited access to module, and limited equipment and tools –Exploit obvious weaknesses *IBM Systems Journal v30 no 2 (1991)
7Copyright © 2005 InfoGard Laboratories Proprietary Threat/Attacker Taxonomy Class I - (Clever Outsiders) - opportunistic –Intelligent; limited system knowledge –Limited access to module, and limited equipment and tools –Exploit obvious weakness’ Class II - (Knowledgeable Insider) - motivated –Specialized education, knowledge and experience –Significant access to module; sophisticated equipment and tools –Exploit subtle vulnerability, create opportunity *IBM Systems Journal v30 no 2 (1991)
8Copyright © 2005 InfoGard Laboratories Proprietary Threat/Attacker Taxonomy Class I - (Clever Outsiders) - opportunistic –Intelligent; limited system knowledge –Limited access to module, and limited equipment and tools –Exploit obvious weakness’ Class II - (Knowledgeable Insider) - motivated –Specialized education, knowledge and experience –Significant access to module; sophisticated equipment and tools –Exploit subtle vulnerability, create opportunity Class III - (Funded Organization) – highly motivated –Teams of specialists, complimentary skills, extensive experience –Virtually unlimited access to module; advanced analysis and tools –Exploit hidden vulnerabilities or create vulnerabilities *IBM Systems Journal v30 no 2 (1991)
9Copyright © 2005 InfoGard Laboratories Proprietary Availability of the module is a major factor in assessing risk –Time that a threat has access to the module(s) Growing risks to module access –Distribution of systems and other lifecycle phases –Flexibility and configurability –Administration, maintenance and remote access roles Invasive vs. Non-Invasive –Skills require specific knowledge, skills and practice in performing a non invasive attack –Non Invasive compromises can be particularly damaging as compromise may not be discovered for considerable time Availability Risk
10Copyright © 2005 InfoGard Laboratories Proprietary Physical Security Technology Detection Ckt Zeroization Ckt Analog Circuits Electromagnetic RF and Emissions Adhesives Solvents Light Radiation Sound Thermal System Requirements Risk Assessment Vulnerability Assessment Security Policy, Manuals Plastics Metals Composites Design Tolerances Fasteners Assembly Processes Cryptographic Module Logic, Function And Data “Crown Jewels”
11Copyright © 2005 InfoGard Laboratories Proprietary External Environment Physical Security Usually only works for limited threats and roles Vulnerabilities and mitigation are often hidden in the Details Interfaces between technologies can be vulnerabilities Cryptographic Module Logic, Function And Data “Crown Jewels”
12Copyright © 2005 InfoGard Laboratories Proprietary Attack Plan Identify the weakest points in the “system” –Physical inspection –Available documentation Develop “attack” plan based on vulnerable points Acquire resources –Skills –Tools –Materials Test “attack” plan and refine as necessary As currently defined, FIPS 140-2 evaluation is a physical security evaluation not a full attack
13Copyright © 2005 InfoGard Laboratories Proprietary Mitigation Strategies Tamper Evidence Tamper Resistance Door and Cover Tamper Detection and Response Production Grade Envelope Tamper Detection and Response Security requires trust; Trust requires reliability Commercial Grade equipment is expected to be reliable User detectable Evidence vs. Forensic Evidence or Warranty evidence is effective when User is motivated to trust the module Feature to sense basic threat conditions and respond with defensive action – zeroization of critical security parameters Adding complexity, difficulty and risk to compromising a module Feature to sense any breach of the cryptographic boundary and respond with defensive action – zeroization of critical security parameters Includes concepts of obscurity, vents and pick resistant locks
14Copyright © 2005 InfoGard Laboratories Proprietary Attack Level of Effort (LOE) Increasing Level of Effort is directly related to an increase in Tamper Resistance not security features Range that effectiveness or tamper resistance of the implementation can have on security L O E T r u s t a n d L e v e l o f E f f o r t f o r S u c c e s s f u l A t t a c k 1 2 3 4 Level of Security Effectiveness Range
15Copyright © 2005 InfoGard Laboratories Proprietary Specification Challenges Standard –Security Effectiveness definition vs. Security Feature Definition –Tamper Resistance Definition –The affect module embodiment has on tamper resistance –Allowance for innovation Module designs Attack methods Tools and techniques
16Copyright © 2005 InfoGard Laboratories Proprietary Testing and Evaluation –Testing Efficiency Establishing a DTR to have an effective test that costs significantly less then the value of an attack –Testing Consistency Establishing test, lab and personnel requirements that allow multiple test entities and personnel to consistently obtain similar results Validation Challenges
17Copyright © 2005 InfoGard Laboratories Proprietary Basic… Manufacturing Initialization ScrapOperational Typical Transportation Points Cryptographic Module Typical Lifecycle Current FIPS 140-2 requirements are applicable in the operational environment
18Copyright © 2005 InfoGard Laboratories Proprietary Manufacturing Initialization ScrapOperational Typical Transportation Points For high security devices physical security threats exist throughout the module lifecycle High Security Crypto Module Lifecycle Expanded…..
19Copyright © 2005 InfoGard Laboratories Proprietary Summary 140-1 and 140-2 have done a remarkable job of establishing a great foundation A high Level of Physical Security is complicated and cannot be an after thought Recognize that effective physical security requires different skills then used during 140-2 logical and assurance compliance Recognize the role of Tamper Resistance as a key characteristic in physical security effectiveness 140-3 is an opportunity to review, revisit and improve
1Copyright © 2005 InfoGard Laboratories Proprietary NIST CMVP Physical Security Conference Physical Security Protections September 25, 2005.
FIPS Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.
Information Systems Security Computer System Life Cycle Security.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.
Stephen S. Yau CSE , Fall Security Strategies.
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
NUAGA May 22, IT Specialist, Utah Department of Technology Services (DTS) Assigned to Department of Alcoholic Beverage Control PCI Professional.
Graciela Saunders. Introduction / Review Challenges to Embedded Security Approaches to Embedded Security Security Analysis & Attack Taxonomy
© 2016 Pearson Education, Inc., Hoboken, NJ. All rights reserved.
Page 1 ©1999 InfoGard Laboratories, Inc Centre for Applied Cryptographic Research workshop, Nov. 8, 1999 Third party evaluations of CA cryptographic implementations.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
1 Hardware Security AbdelRahman abu_absah Teacher: Dr. Sanaa al_sayegh.
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Randy Beavers CS 585 – Computer Security February 19, 2009.
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Summary Device protocols tied intimately to applications. A need to significantly reduce critical data update times. Current network bandwidth consumption.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© UNCTAD ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer.
EFFECTIVE METHODS FOR SOFTWARE AND SYSTEMS INTEGRATION PRESENTED BY: DR.BOYD L. SUMMERS 1 September 25, 2014.
Introduction to Network Defense INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Database Security Security Architecture. 2 Objectives Define security Describe an information system and its components Define database management system.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Information Technology Audit AIG Presentation 6/16/
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
SEC 410 cart Expect Success/sec410cartdotcom FOR MORE CLASSES VISIT
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
The NIST Special Publications for Security Management By: Waylon Coulter.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics SAFE Blueprint Overview Achieving the Balance Defining Customer Expectations Design.
SEC835 Database and Web application security Information Security Architecture.
Adapted from the IEEE Standard for Software Test Documentation Version: (n) Company Name Software Quality Assurance Plan Date: (mm/dd/yyyy) Copyright ©
FIPS Status and Schedules Allen Roginsky CMVP NIST September 28, 2005.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch February 4, 2010.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Website Hardening HUIT IT Security | Sep
Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.
SecSDLC Chapter 2. Phases of the SecSDLC INVESTIGATION Directive from management Creation of security policy Teams: – Analyse problem – Define Scope.
© 2017 SlidePlayer.com Inc. All rights reserved.