Presentation is loading. Please wait.

Presentation is loading. Please wait.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

Published byTheresa Richards Modified over 9 years ago

Similar presentations

Presentation on theme: "1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005."— Presentation transcript:

1 1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005

2 2Copyright © 2005 InfoGard Laboratories Proprietary Agenda Introduction –Objective –Threat Models –Threat Taxonomy –Access Threats Physical Security –Role –Technologies –External Environment Attacks & Mitigations –Attack Points –Level of Effort –Mitigation Strategies Challenges –Standard –Validation –Lifecycle Constituents Summary

3 3Copyright © 2005 InfoGard Laboratories Proprietary Objective “It should be very clear that compromised physical security always means that all security layers have been compromised. All security discussed in this solution is based on the assumption that physical security has been addressed.Without physical security, no other security measures can be considered effective. “It should be very clear that compromised physical security always means that all security layers have been compromised. All security discussed in this solution is based on the assumption that physical security has been addressed. Without physical security, no other security measures can be considered effective.” Microsoft Website Discussing System Security

4 4Copyright © 2005 InfoGard Laboratories Proprietary Physical Security Role Physical Security Protects all other Module aspects Critical Security Parameters Data, Information or Cargo Module Integrity Physical and Logical Physical Security at Cryptographic Boundary Physical Security is Access Control

5 5Copyright © 2005 InfoGard Laboratories Proprietary General Threat Models Low Threat Environment User/Owner benefit by module security High Threat Environment User/Owner benefit by module compromise Custom Threat Environment High Value Data Unique Environment Typically 140-2 Level 1 and Level 2 Modules Typically 140-2 Level 3 and Level 4 Modules External Environment Effect Space Vault Data Value Cost of Loss Cost of Loss of Integrity

6 6Copyright © 2005 InfoGard Laboratories Proprietary Threat/Attacker Taxonomy Class I - (Clever Outsiders) - opportunistic –Intelligent; limited system knowledge –Limited access to module, and limited equipment and tools –Exploit obvious weaknesses *IBM Systems Journal v30 no 2 (1991)

7 7Copyright © 2005 InfoGard Laboratories Proprietary Threat/Attacker Taxonomy Class I - (Clever Outsiders) - opportunistic –Intelligent; limited system knowledge –Limited access to module, and limited equipment and tools –Exploit obvious weakness’ Class II - (Knowledgeable Insider) - motivated –Specialized education, knowledge and experience –Significant access to module; sophisticated equipment and tools –Exploit subtle vulnerability, create opportunity *IBM Systems Journal v30 no 2 (1991)

8 8Copyright © 2005 InfoGard Laboratories Proprietary Threat/Attacker Taxonomy Class I - (Clever Outsiders) - opportunistic –Intelligent; limited system knowledge –Limited access to module, and limited equipment and tools –Exploit obvious weakness’ Class II - (Knowledgeable Insider) - motivated –Specialized education, knowledge and experience –Significant access to module; sophisticated equipment and tools –Exploit subtle vulnerability, create opportunity Class III - (Funded Organization) – highly motivated –Teams of specialists, complimentary skills, extensive experience –Virtually unlimited access to module; advanced analysis and tools –Exploit hidden vulnerabilities or create vulnerabilities *IBM Systems Journal v30 no 2 (1991)

9 9Copyright © 2005 InfoGard Laboratories Proprietary Availability of the module is a major factor in assessing risk –Time that a threat has access to the module(s) Growing risks to module access –Distribution of systems and other lifecycle phases –Flexibility and configurability –Administration, maintenance and remote access roles Invasive vs. Non-Invasive –Skills require specific knowledge, skills and practice in performing a non invasive attack –Non Invasive compromises can be particularly damaging as compromise may not be discovered for considerable time Availability Risk

10 10Copyright © 2005 InfoGard Laboratories Proprietary Physical Security Technology Detection Ckt Zeroization Ckt Analog Circuits Electromagnetic RF and Emissions Adhesives Solvents Light Radiation Sound Thermal System Requirements Risk Assessment Vulnerability Assessment Security Policy, Manuals Plastics Metals Composites Design Tolerances Fasteners Assembly Processes Cryptographic Module Logic, Function And Data “Crown Jewels”

11 11Copyright © 2005 InfoGard Laboratories Proprietary External Environment Physical Security Usually only works for limited threats and roles Vulnerabilities and mitigation are often hidden in the Details Interfaces between technologies can be vulnerabilities Cryptographic Module Logic, Function And Data “Crown Jewels”

12 12Copyright © 2005 InfoGard Laboratories Proprietary Attack Plan Identify the weakest points in the “system” –Physical inspection –Available documentation Develop “attack” plan based on vulnerable points Acquire resources –Skills –Tools –Materials Test “attack” plan and refine as necessary As currently defined, FIPS 140-2 evaluation is a physical security evaluation not a full attack

13 13Copyright © 2005 InfoGard Laboratories Proprietary Mitigation Strategies Tamper Evidence Tamper Resistance Door and Cover Tamper Detection and Response Production Grade Envelope Tamper Detection and Response Security requires trust; Trust requires reliability Commercial Grade equipment is expected to be reliable User detectable Evidence vs. Forensic Evidence or Warranty evidence is effective when User is motivated to trust the module Feature to sense basic threat conditions and respond with defensive action – zeroization of critical security parameters Adding complexity, difficulty and risk to compromising a module Feature to sense any breach of the cryptographic boundary and respond with defensive action – zeroization of critical security parameters Includes concepts of obscurity, vents and pick resistant locks

14 14Copyright © 2005 InfoGard Laboratories Proprietary Attack Level of Effort (LOE) Increasing Level of Effort is directly related to an increase in Tamper Resistance not security features Range that effectiveness or tamper resistance of the implementation can have on security L O E T r u s t a n d L e v e l o f E f f o r t f o r S u c c e s s f u l A t t a c k 1 2 3 4 Level of Security Effectiveness Range

15 15Copyright © 2005 InfoGard Laboratories Proprietary Specification Challenges Standard –Security Effectiveness definition vs. Security Feature Definition –Tamper Resistance Definition –The affect module embodiment has on tamper resistance –Allowance for innovation Module designs Attack methods Tools and techniques

16 16Copyright © 2005 InfoGard Laboratories Proprietary Testing and Evaluation –Testing Efficiency Establishing a DTR to have an effective test that costs significantly less then the value of an attack –Testing Consistency Establishing test, lab and personnel requirements that allow multiple test entities and personnel to consistently obtain similar results Validation Challenges

17 17Copyright © 2005 InfoGard Laboratories Proprietary Basic… Manufacturing Initialization ScrapOperational Typical Transportation Points Cryptographic Module Typical Lifecycle Current FIPS 140-2 requirements are applicable in the operational environment

18 18Copyright © 2005 InfoGard Laboratories Proprietary Manufacturing Initialization ScrapOperational Typical Transportation Points For high security devices physical security threats exist throughout the module lifecycle High Security Crypto Module Lifecycle Expanded…..

19 19Copyright © 2005 InfoGard Laboratories Proprietary Summary 140-1 and 140-2 have done a remarkable job of establishing a great foundation A high Level of Physical Security is complicated and cannot be an after thought Recognize that effective physical security requires different skills then used during 140-2 logical and assurance compliance Recognize the role of Tamper Resistance as a key characteristic in physical security effectiveness 140-3 is an opportunity to review, revisit and improve

Download ppt "1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005."

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Software Quality Assurance Plan

Software Quality Assurance Plan
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
FIPS 140-3 Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.

FIPS Section 5 – Physical Security Randall J. Easter Director, NIST CMVP Ken Lu CSE CMVP September 28, 2005.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.

Trusted Hardware: Can it be Trustworthy? Design Automation Conference 5 June 2007 Karl Levitt National Science Foundation Cynthia E. Irvine Naval Postgraduate.
Security Controls – What Works

Security Controls – What Works
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
Wireless Directions University of California, Davis Wireless Technology Team February, 2001.

Wireless Directions University of California, Davis Wireless Technology Team February, 2001.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Similar presentations

Ads by Google