Schneier on Security

Nick P • December 29, 2013 1:21 PM

Nice list of high security devices from many countries

We’ve been doing several things here:

1. Trying to design highly private communications and computing schemes using both old school and new approaches.
2. Trying to deal with the “subverted by country X” problem.

Well, the easy solution to 2 is buying from a competing country unlikely to subvert the product. Still some risk there. I’ve always said for No 1 we should look at how NSA and such protect their biggest secrets, then copy such tech and approaches. Same applies to NATO. So, here’s the list of products NATO endorses for various classification levels and purposes.

http://www.ia.nato.int/niapc/Classification/COSMIC-TOP-SECRET_4

In emulating things, it’s best to emulate devices doing COSMIC TOP SECRET with NATO SECRET a 2nd best. Notice how different the designs/operation strategies are between those products and the ones certified at RESTRICTED/CONFIDENTIAL. It’s like they come from entirely different design schools. Hint: they do and only one approach actually works against strong attackers.

Each solution on the list also has the country that contributed it. Composing solutions from different countries seems to be the best approach. For instance, I might use a secure terminal from one country, a crypto chip from another, and connect via a link encryptor from yet another. OSS based security (eg OpenBSD) on diverse hardware can be injected in different spots for extra prevention or intrusion detection.

Bonus: This link is one of their devices for key generation. Looks like something the Ghostbusters would carry with them. Notice they use dedicated, highly assured devices to generate their keys and then other devices to move them. Most COSMIC TOP SECRET equipment has a “FILL” port where key fill devices connect. Now days, they also support Over-the-air-rekeying with their FIREFLY protocol (based on Photorus). Leads to requirements: “Key is managed by dedicated devices and extra engineering is put into safely moving key to devices that need it.”

Bonus: This device reminds me of a very cheap word processor or electronic organizer. Again similar to my own trusted path design except very bulky, likely due to EMSEC & MILSPEC. This is a device that we might emulate for secure messages, commands, key generation, key storage, etc. The screen is too tiny, though, hence my preference for the old electronic organizer type devices whose screen was as large as a cell phone.

Those were just two I found looking into a tiny portion of the site. I’m sure there’s more fun products for the rest of you to find. Another thing is that I got a memory jolt that many high security products are available from Konsberg, located in Norway. If you trust Norway & Konsberg is loyal to them, then they might be a good company to do business with. They have existing products and the expertise to make new ones with military grade security properties.

@ regulars in subversion discussion

What do you all think of Konsberg? Any bets on other companies on the list? Remember that knowing which could be trusted on a future project is more important than which have products we need now.

Final, totally unrelated note: Looking at Groupe Bull mainframes I noticed they have their own secure cell phone made entirely in France. I’d get the simple one instead of the smartphone as the latter is highly vulnerable due to complexity & android support. I put their offering in same category as Cryptophone: secure against many attackers but endpoint is probably weak against NSA. People wanting that kind of safety (French made) should contact Thales about the phone they made for French govt. Notice how simple it was. Those who aren’t worried about NSA spying at all, but fear other countries, should go straight for the GD Sectera line.

Nick P • December 29, 2013 11:04 PM

Thanks for the link on laptop intercepts. There were people here worried about this when I posted my recommendation to buy old hardware. The names seem to indicate it’s new stuff they’re intercepting but I assume they could get old stuff too. There are two solutions to this:

1. Drive to an area that has the hardware present and buy it there. Make sure you anonymized both the browsing and the call to the seller to hold it for you.
2. Pay someone to buy it for you. Make sure they have a legitimizing cover such as working at college comp sci dept, computer repair shop or integrater.

“The report indicates that the NSA can even exploit error reports from Microsoft’s Windows operating system.”

Good that I always hit “Don’t Send.” Wasn’t sure about specifics at the time but had a feeling it might be a problem at some point. I felt this way even more after seeing the extremely clever academic paper on automatically producing exploits from Microsoft patches. Made me rush my patches too. (shudders)

@ Bauke Jan Douma

I doubt you’ve been targeted by a hardware intercept. No offense but you don’t seem that important to them. I’d expect them to send it to people with good intel or who cause them big problems. If I were you, I’d be more worried about vanilla USB threats and software-based attacks (by hackers or NSA). Remember most of their attacks are via insecure routers, fake certificates, MITM injections, and so on.

Dark Reality

My way of looking at it is assuming they’ve compromised every aspect of the computer I’m using to connect here. I’ve assumed they are building a profile of me and everything I do online, along with capturing digital secrets on the machine. They are probably doing this for Schneier and everyone who has supported him here. They know someone will challenge them eventually so they’re keeping an eye out across the board, collecting dirt to use in court and other hit lists. Without going through extreme and expensive measures, there’s few ways to stop them that their engineers can’t bypass.

So, use the Web as if you’re already compromised by nation states is the best advice I can give you. Make the protections make sense. Try to stop the rest of the attackers. Restore the PC from clean slate on non-writable media occasionally, update it, and back that up to similar media. Occasionally replace the PC. Past that, though, there’s no reason to assume your defenses worked against NSA and others’ million dollar plus security programs failed. PC’s + the Web is a dangerous combination.

Far as air gapped machine, it needs to have been purchased for that purpose and never been connected to your Internet. Disable things like its wireless in the BIOS and lock the BIOS. If you’re serial porting it or to it, you might be fine long as you carefully set up the software doing the transfers to have minimal access. Non-x86 and non-Windows can reduce the effect of vanilla malware too.

Nick P • December 31, 2013 1:38 PM

@ Clive Robinson

Thanks for the link on M#. I like keeping up with MS Research tools because they’re often useful at some point. There are several projects that come to mind that might hint where they’re going.

1. Verve OS. Much of OS written in C#. Used typed assembler and theorem provers for riskiest code. Gives us an idea of how they might do verification.
2. COSMOS. OS written in C# and X# (a high level assembler). Gives us an idea of how a C# OS might work.
3. Sanos. I found this one recently. Originally targeted at including just enough OS to run a java application server. He now targets C. I could see it inspiring others to make a library type OS that does just enough.
4. MirageOS. The Ocaml container that runs on Xen. It’s a “Just enough OS” project that puts as much code in safe Ocaml as possible. Then the apps use Ocaml to leverage that. Result is a deployable, self-contained image of an OS + application.

So, much of what Microsoft wants to achieve was done in various ways. Now, they just have to put it together in a way that would have people ditch C++. That’s quite a challenge. I’ll be interested in seeing how they accomplish this.

@ Bryan

“For M#, look up BitC.”

BitC was interesting but it’s mostly a dead project. It had plenty of activity when Shapiro ran it as part of his COYOTOS project. When he went to work for Microsoft, both projects stopped making much progress. I doubt BitC has a trustworthy or practical compiler yet given such little support it has. (Last news post was 2010.)

Importance of layered solution to language problem

Personally, I think such projects try to do too much at once then fail. Quite similar to new OS developers. My advice for someone trying a similar goal is to decompose the problem into different levels. The lowest level might be something like Typed Assembler, Cyclone, zero runtime Ada, H-layer, etc. It’s for implementing the lowest operations with some safety behind interfaces that might also provide safety. The next layer is typesafe language optimized for performance, control of data structure memory layout, etc with optional garbage collection. Ada, Modula, and certain ML/LISP languages with low level focus come to mind. It should be easy to build high performance alogithms, state machines, etc. in this language so much of OS or platform libraries can use it. The next layer is a language that focuses on productivity and other modern concerns, maybe even being a modern language. Java, C#, Go, Python, Common LISP, Haskell, Ocaml, etc. all come to mind. They’re all good enough with correct coding practices.

The reason I advocate this is that it might work. If each layer is developed in sync with another and developed well, then they will be easy to implement by volunteers, easy to inspect for issues, and easy to use to build real systems. Additionally, by limiting each layer to a certain aspect of the problem one can focus tools (eg static analysis, formal verification) on the layer that work best for it. Proving high level user code and proving low level kernel code processing interrupts are so different that it’s a huge strain to reuse tools across these problems. However, there are specific tools for each job and strategies for safe composition of them via good interfaces/linking. So, why is everyone trying the hardest approach (and mostly failing) when we can just decompose this problem like so many others?

We won’t get anywhere if they keep trying to build the perfect one-size-fits-all solution. Next group of industrious individuals need to look at a solution, break it into pieces, find the best assurance activities for each piece, use them, and then use whole system assurance activities to supplement that. Focusing on ease of use, repeatability, and tool availability will also benefit. Then we will actually have something to use rather than develop further, maybe.

@ anonymous

“I’m certainly going to keep my antique cellphone”

Throw it away. Cellphones are insecure by design and there were catalog items in old days for compromising them. No cell phone or mobile device is trustworthy from targeted attack if it includes wireless functionality.

@ Figureitout

“Don’t get caught up in other things (I’m still looking for a “second opinion” on fabbing a secure chip but it’s going to take me a while b/c I have other things I need/want to do now) and let this problem “float away”. This needs to be done by people who really care and want it. Also, you mention people w/ “the right background”, tell me a project you’ve worked on that had all people w/ perfect backgrounds, got along perfectly, etc…I say trustworthy people that won’t intentionally subvert the project, is the main and biggest problem. How to verify that w/o resorting to TLA-cavity/background searches..?”

I’m still working on my part of it. Lack of support and funding are the main obstacles. I’m working on my security investigations. Stopping all this is actually simple: put the NSA in their place from above and around them rather than fighting their tactics. Their tactics will always win as they’re smarter, bigger and better funded. So, one must change the NSA itself (traits or incentives) to win. Any solution would be initiated by the public or wealthy private parties motivated to act. I see no opportunities on that front yet. So, I’m still sidelined and focusing on my area of expertise (high assurance INFOSEC).

re radio

My main interest was for comms that don’t rely on centralized Internet infrastructure. I expect them to do surveillance or blocking of the comms. I was thinking they might be able to help with a few things used with the most critical communications:

1. Communicate with main links are down using just radio and batteries/generator.

2. Dodge the massive amount of attackers depending on the Internet.

3. Leverage all the cheap, easier-to-inspect hardware for transport stack that is harder to do with Internet protocols.

4. Building relay networks similar to meshes or anonymous remailers supporting decentralized messaging (maybe key or directory exchange).

5. Be more fun than installing a router. 😉

So, it’s not a hobby I’m about to jump into or a security solution against NSA. It’s more like an area I think has potential to reduce certain risks and better manage others. Might even help against NSA. Might not. (shrugs) Also thought someone might read it, enjoy the idea, and start on a fun project. There mere concept of hitchhiking a ride on meteor trails to get a message a thousand miles with cheap equipment is… amazing.

Nick P • January 1, 2014 6:17 PM

@ Iain

“I think your “mainframe and I/O” concept and my concept of a front end I/O and back end application processor communicating over some kind of internal message-based interface for a secure machine are actually quite close ”

More than you know: “your” idea is one I’ve posted here before quite a few times. 😉 It was in my transaction appliance for secure banking. Idea is that the protocols and processing are inherently risky. So, do them in a dedicated device that then sends commands/requests in a simpler, safer way over safer hardware to trusted device. Certain operations also speed up as the front end can act as a filter against all low capability attackers whereby the main device never has to check such requests. If comms system isn’t trusted, then the main system can do checks as well but will have an easier time of it. (Not to mention might use secure hardware/software techniques.)

Side note: servers also do a form of this called TCP/IP offloading for performance boost.

“the TU Dresden one with a ‘k’ I presume, not the Iranian hardware product”

Wow. Didn’t know about them. I better get the spelling right next time. Should I tell German intelligence that they named their IPSec variant after an Iranian hardware company? Lulz.

” I think what we are both discussing is a re-partitioning of that single processor architecture over multiple CPUs and hardware. ”

Close. I was talking about two things. What you just said in that quote and abstract strategies. The abstract strategy in Mikro-SINA is that they extracted security critical processing into a dedicated component, Viaduct, with these properties: very low TCB, straightforward interface, internal state protected by microkernel. At that point, they could incrementally improve their system assurance by reducing the TCB/complexity of transport stacks. If I recall, they went from a full user-mode Linux to a barebones stack on internal network. So, I think how the systematically minimized risk and decomposed the system is illustrative. I think similar approach can work with dedicated hardware too. So, onto that…

Regarding your three categories, they each have merit in different forms. My thoughts on each one.

1. “Two processor architecture with front end doing security & backend being a PC.”

Believe it or not, you’ve just described the original government standard for network security (Red Book). The overall approach was putting a very secure device between the computer and network. The device would do packet labeling, encryption, access control, filtering, etc. Depending on vendor, it might be a PCI card or a dedicated server (eg guard). DiamondTEK LAN, GEMSOS GNTP, and Boeing SNS Server (“MLS LAN”) are examples. Boeing’s OASIS contribution also had an “Embedded Firewall” on a PCI card that did stuff like this.

So, what are the benefits? Well, obviously it will be pretty good at dealing with transport attacks and can be uniquely hardened. That such devices achieved A1-class assurance in the past gives us hope. A little known benefit is that the secure front end can be modified to store a trustworthy image of backend PC and do recoveries by powering it off to force trusted boot. It can also send configuration/administrative commands. It can also be configured to store or pass along audit data from the backend so it can’t be deleted upon compromise. Far as IO, dedicated cards with trustworthy hardware or non-DMA hardware can be used between the systems. Naturally, they’d support TCP/IP or something useful over that physical medium. Probably the best benefit of such an architecture is it can be done plug and play with transparent, always on protection.

Drawbacks? The main drawback is that it can’t stop application level attacks. This should be assumed, anyway, because we know PC architecture provides attackers nearly limitless opportunities. Security on the front end, unless its application layer guard, will not stop application layer attacks targeting OS app, comms stack, etc. The application might be attacked to leak data through both overt and covert channels. The backend system might also be attacked in first stage, with second stage using it to target a vulnerability in front end. This is easier if front end is something like a NIX that they undoubtedly have a 0-day for. So, against most bad guys the architecture is quite effective but has inherent risks against top TLA’s due to PC.

1. ” A two processor solution with a minimised front end managing storage and networking for a secure back end which passes only encrypted data out to the front end. I think this is what you had in mind ? For me this is optimised for protection of data originating in the back end.”

This is conceptually similar to how my mainframe-inspired scheme would work. The concept is separating almost all risky IO from CPU/memory doing trusted computation. Matter of fact, the backend pretty much just does computation and distrusts other components. Hence, it does input validation on any incoming data from IO system and uses crypto for privacy + integrity for anything leaving. It’s security-critical internal state must be protected from other components. You were wise to notice what it’s best for. I used this architecture in designs for root of trust services, software build systems, key management, serving static authenticated content, asynchronous guards, and high integrity datastores. It used OpenBSD, Linux & RTOS’s then. The mainframe/transaction processing stuff is a recent development for me as a response to both IO risks and concurrency issues.

The good news is that IO can be isolated and managed. Mainframes also show that offloading most IO, not just certain protocol processing, can result in faster and more reliable systems. Proper memory layout and MMU’s/IOMMU’s can do most of the heavy lifting on isolation if designed right. There’s also huge covert timing channels that get knocked out in one fell swoop. The final benefit is that the computing node can use hardware or software protection methods that “would be secure except IO and interrupts break our model” (common gripe in academia). Precedent for high security is that some capability-based machines did it this way. Enough said, right?

This architecture has drawbacks. Although mainframes today are highly interactive, it took them forever to pull that off. I bet whatever we design wouldn’t work for low-latency or real-time applications without seriously good engineering for that. This will probably make it incompatible with modern Web. (sigh) If the user interacts with it directly, its primitive command shell will make for an uglier, less convenient experience. I’ve seen enough highly usable terminal/text apps that I don’t find this drawback hopeless. Just hard to market. The last drawback is that this design might take custom hardware or at least plenty extra hardware. It might be larger, use more power and cost more than a fully integrated hardware/software system.

1. “A three processor implementation of the Nizza concept mapping the untrusted (front end), security, and trusted (back end) roles to 3 separate processors.”

My favorite one. It’s very flexible as it can actually implement no 1 and no 2. The thing I like most about it is that the center component can be highly secure. The center part might be one simple chip or a whole set of them. There just needs to be a way for each side to communicate with it. It must also be able to implement the security functionality. It should also, in theory, reduce risks. Probably the simplest example of this is the NRL Pump.

The Pump is a data diode that supports TCP. Most diodes are strictly one way so TCP with its ACK’s isn’t an option. The Pump is one-way with an exception for allowing ACK’s. This creates a timing channel but that’s not so bad as developers reinventing TCP is riskier. The architecture has three pieces: internal network, security enforcing middle, external network. Each part has its own physical memory. The extra memory mainly prevents one side from having direct access to another. Internally, data transmission uses safer method. The end result is a device that does its job with highly assured protection.

Seeing how this works, this tells us the middle device in VPN-type device needs a CPU, its own untouchable memory, an IO interface to each network, and buffers for messages to/from each. It might be scheduled similarly to a DSP where it works on each end for a fixed amount of time. Each interval it pulls in data over IO, processes it, and (if needed) sends output somewhere. Just keeps doing this. The devices on each side probably also have transport stacks configured to act as if middle node isn’t really real-time to reduce dropped packets. Might be a step in there for admin tasks. The result here is that this computer can be very simple. It can be customized even down to the ISA level to securely do its job & nothing more. It’s hard to see how the security critical component can get more secure. It might also have a “maintenance” or “admin” mode where it is configured over a dedicated interface by an admin/user.

“Options 1 and 2 could be prototyped using two PCs communicating using ethernet over a crossover cable or else SLIP or PPP over a fast serial link – the latter is possibly harder for a 3rd party to subvert without tailored code. ”

Cross over cable is easiest. It’s what I use by default as setup is a simple checklist of steps. For other method, one thing I did in one design was use ATA in a non-DMA mode. Cheap embedded devices often support ATA/IDE by default. ATA PIO 2 can almost send as much as 100Mbps Ethernet, with ATA2 PIO4 sending more. The cycle time is ns. I basically used it like a serial port. Side benefit there is that people worried about NSA subversion can use old hardware to eliminate DMA risk. (Still a risk that ATA controller get’s attacked but one can always roll their own ATA card.)

“Option 3 could be prototyped using an industrial single board computer with its own (textmode) LCD and keypad for crypto configuration and security alerts connected between the two PCs. ”

Yes. Many SBC’s have crypto acceleration now, too. If NSA isn’t in threat model, then both Freescale and VIA have chip with excellent crypto, performance, power and cost tradeoffs. If NSA is in threat model, a foreign equivalent should be obtained or one can just use a DSP/GPU. I’ve seen good acceleration done on the latter for way cheaper than commercial products’ charge.

“I don’t have the time spare to work on (3)”

Unfortunate as it’s the best against TLA’s. You could always do it incrementally starting at the software level on a generic hardware base.

“I don’t have the time spare to work on (3) but I think I may have a go at (2) using a CD-booted laptop (Knoppix) as the secure back end and some old PC with two network ports and a big disk as the front end. I have verified that I can use encfs on top of sshfs in Knoppix to mount physical storage on the front end which is encrypted at the back end (strictly I could use any network file system instead of sshfs but it is convenient and securely authenticated). Similarly I can readily use
ssh -D to proxy Web Server traffic via an SSH connection over the front end. What remains is to prove a secure messaging / email solution and provide a secure persistent key and configuration store (clearly not an SD card based on your last post …) for the “back end” to use …”

If this device is only used for secure messaging, then this is an interesting start. Far as I know, NSA didn’t subvert SSH like they did SSL and IPSec so that’s a good choice. If you’re using Knoppix, though, I’m not sure what your eventual security is going to be like. Your TCB is Linux which is something many TLA’s are capable of hitting easily. Before I do any real commenting on your design, could you explain how you intend for it to be used? Will it run Web browser, server or dedicated client-server app? Will your setup be on one or both parties’ ends? Very importantly why are you motivated to chose option 2?

“So for me the Internet today is no more hazardous a medium than a radio link 30 years ago, even knowing all that has emerged during 2013. ”

That’s an interesting (and accurate) perspective. Perhaps Internet users should adopt such a view.