Postmortem: NSA Exploits of the Day

When I decided to post an exploit a day from the TAO implant catalog, my goal was to highlight the myriad of capabilities of the NSA’s Tailored Access Operations group, basically, its black bag teams. The catalog was published by Der Spiegel along with a pair of articles on the NSA’s CNE—that’s Computer Network Exploitation—operations, and it was just too much to digest. While the various nations’ counterespionage groups certainly pored over the details, they largely washed over us in the academic and commercial communities. By republishing a single exploit a day, I hoped we would all read and digest each individual TAO capability.

It’s important that we know the details of these attack tools. Not because we want to evade the NSA—although some of us do—but because the NSA doesn’t have a monopoly on either technology or cleverness. The NSA might have a larger budget than every other intelligence agency in the world combined, but these tools are the sorts of things that any well-funded nation-state adversary would use. And as technology advances, they are the sorts of tools we’re going to see cybercriminals use. So think of this less as what the NSA does, and more of a head start as to what everyone will be using.

Which means we need to figure out how to defend against them.

The NSA has put a lot of effort into designing software implants that evade antivirus and other detection tools, transmit data when they know they can’t be detected, and survive reinstallation of the operating system. It has software implants designed to jump air gaps without being detected. It has an impressive array of hardware implants, also designed to evade detection. And it spends a lot of effort on hacking routers and switches. These sorts of observations should become a road map for anti-malware companies.

Anyone else have observations or comments, now that we’ve seen the entire catalog?

The TAO catalog isn’t current; it’s from 2008. So the NSA has had six years to improve all of the tools in this catalog, and to add a bunch more. Figuring out how to extrapolate to current capabilities is also important.

Tags: antivirus, exploit of the day, hardware, implants, malware, NSA

Posted on March 12, 2014 at 6:31 AM • 50 Comments

Comments

Evan • March 12, 2014 7:18 AM

It makes me think about how out of date most computer security mechanisms actually are. They’re designed to thwart the wrong person sitting down at a workstation, or at most logging in remotely, and doing something to retrieve data or intentionally or unintentionally wreck the system – so we have things like passwords and tell people not to write them down, as if not having a post-it note can prevent computer thieves from getting at your data.

But – and the NSA exploits are but one example of this, there are so many others – increasingly attacks don’t come in the form of unauthorized users, they come through subversion. Subversion of authorized users’ accounts (trojans, spyware), subversion of reputational trust (phishing), subversion of physical infrastructure (MITM), subversion of hardware (numerous TAO implants), subversion of even the standards and protocols of security itself (Dual_EC_DRBG). While it’s no longer the case that physical access to a machine is enough to extract all the interesting data, it remains enough to compromise it and wait for an authorized user to access it to take whatever, so user authentication can provide at best only a last line of defense against modern attacks.

It sounds a bit cliché, but I really do think we need to rethink the current approach to securing communication and data storage. As it is we’re far behind the curve and falling further and further every day.

Milo • March 12, 2014 7:34 AM

I would like to see website statistics on this set. Personally, although I love technical details, I started to check out about halfway through. I just stopped caring about all the bad ways the NSA can affect us. What happened to the greater public over the past (and upcoming) months happened to me just within the scope of this data set. I wonder if the group of us “interested folks” had a similar response.

Jeff Martin • March 12, 2014 7:51 AM

What I wonder about is how much of this is only in the hands of the NSA. I had the impression from the leaked documents that these capabilities were available for other intelligence agencies to purchase. How many of those would lose or resell them to third parties, and so on?

Petrobras • March 12, 2014 7:59 AM

If your are a journalist and have something to hide to NSA or its equivalent:

buy a second-hand 386 far from home.
put it on APC (disconnected when the computer runs) in a room like
https://www.schneier.com/blog/archives/2014/01/loudauto_nsa_ex.html#c3843125
install an OS that you know very well (bonus if it is secure like OpenBSD),
only store secrets in encrypted containers.
only bring inside or outside a dedicated floppy, dedicated clothes, and, when
the computer is switched off, the dedicated electric outlet to charge your
APC.
do not bring your phone or any other additional computer in that room.
hire good security guards to report any failure about last two points.

If you have some more time, you may use DSP chips (look at comments containers “DSP in
http://www.schneier.com/blog/archives/2013/11/friday_squid_bl_400.html and
http://www.schneier.com/blog/archives/2013/12/friday_squid_bl_404.html) for more secure chips.

If you have additional time or a hiring budget, you may build computers
following comments of
https://www.schneier.com/blog/archives/2014/01/friday_squid_bl_407.html
containing “3D”, create an OS like okl4.org, dev.b-labs.com, http://www.capros.org
which fit on its small memory footprint, using a language like E, Oberon,
Parasail, Forth. And publish all that to public scrutiny.

If you have millions to spend on that, look at comments containing “fab” in
http://www.schneier.com/blog/archives/2013/11/friday_squid_bl_400.html and
http://www.schneier.com/blog/archives/2013/12/friday_squid_bl_404.html to build faster
computer chips. And publish everything to public scrutiny.

jackson • March 12, 2014 8:03 AM

I’m unclear why these exploits are so old.

Jon • March 12, 2014 8:05 AM

I hope that the major security software publishers will grab this opportunity to dominate the market by creating and advertising software that detects, reports, removes and prevents re-installation of these threats. I’m sure the firmware and system software developers already have new agendas designed to secure their creations. Publishing the NSA intrusions has exposed at least a few new opportunities for independent spyware and malware manufacturers. There’s money to be made by the bad guys and the good guys alike. The race has already begun.

Conspiracy-Theoretic thought: do Snowden and the NSA have an adjoining mission?

ATN • March 12, 2014 8:11 AM

About O.S. re-installation which keeps old data on hard disk, people should clear the sectors in between the partitions, and before the first partition (used to get an aligned start), and at the end of the last partition (before the end of the disk). There may also be space in between the end of the filesystem and the end of the partition.
I do not know of a tool to do that.

Da Bears • March 12, 2014 8:17 AM

“Interdiction” is already a criminal tactic MITM yoinking shipments of POS terminals and power bars and replacing them with their own, or just sending them and pretending they are upgraded replacements.

Malware hiding in the GPU is showing up on arxiv, soon to a blackhat forum no doubt. GPUs req no permission to run anything except for openbsd.

Exploitation of phone baseband stacks probably heavily used by NSA now.

Benni • March 12, 2014 9:06 AM

SPIEGEL has a history of revealing secrets from the military of the secret services.

It was DER SPIEGEL which published, that the Bundeswer can not defend itself against the sowjets in 1962: http://de.wikipedia.org/wiki/Spiegel-Aff%C3%A4re This lead to the imprisonment of the Spiegel editor in chief by defense minister Strauss Strauss said that he saw an abyss of treason in the country (“einen Abgrund von Landesverrat im Lande” ). Eventually, the spiegel editor was set free, and Strauss, together with five ministers had to back from their chair.

This here, is an SPIEGEL article on the nsa from 1989

http://www.spiegel.de/spiegel/print/d-13494509.html

It says that the nsa has build up large computers for cryptoanalysis. It also mentions that the nsa does espionage on the german economy, with a technical system that allows nsa the mass surveillance of german communications, reaching as far as the collection or private details in the live of german celebrities.

The article says: “Niemals zuvor in der Geschichte der Menschheit hat irgendeine Macht der Erde Vergleichbares zustande gebracht – Lauschangriffe rund um die Erde. Was Präsidenten oder Minister in Kabinettssitzungen reden, was in Königshäusern oder auf Vorstandsetagen gesprochen wird, ob Generale saufen oder Botschafter fremdgehen, alles auf Band: Die Vertraulichkeit des Wortes ist aufgehoben, die Privatsphäre verletzt.”

never in the history of mankind has some power on earth achived similar things. Surveillance around the earth. What presidents or ministers tell in their meetings, what is discussed between royals or in the directors meetings, whether generals drink or embassy personel cheat on their partners, all is collected. the confidentiality of the word is abolished the privacy is violated.

This here is an article of SPIEGEL in 1996, on an nsa collaboration with the german secret service bnd to deliberately weaken crypto boxes:

http://www.spiegel.de/spiegel/print/d-9088423.html

“In der Branche weiß doch jeder, wie das läuft”, meint Bühlers Ex-Kollege Polzer. “Natürlich schützen solche Geräte davor, daß unbefugte Dritte mithören, wie es im Prospekt steht. Die interessante Frage ist aber doch: Wer ist der befugte Vierte?”

“In that business, everybody knows how this works, says Bühlers ex-colleague Polzer. Of course such devices protect you from an unauthorized third person hearing your call, as it is described in the advertisement. The question is just: Who is the authorized fourth person”

This is how project BULLRUN looked in 1996.

The published TAO list is just the continuation of the above early journalistic investigations by SPIEGEL on the NSA.

the TAO devices are used to spy on companies and allied politicians. the TAO devices are used for error prone drone assasinations without any human intelligence interfering. Because of this abuse of that devices, their publication was justified.

For now, one can just wait, what SPIEGEL publishes next.

lorenzo • March 12, 2014 9:31 AM

A disturbing thought is that it’s only a matter of time before somebody else will exploit an implant for other means than its originally-intended national security. What if a mission-critical system would have been secure otherwise – but the NSA’s intervention had made it vulnerable?

Given the sheer number of implants advertised by the latest article in The Intercept (https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/) there is a high chance of some implant “left behind” on a mission-critical system.

What happens if a malicious, well-funded “enemy” (be it an actual terrorist organization, enemy country or a mentally disturbed individual) uses a NSA exploit to disrupt an emergency service? What if they disrupt a city’s power grid? What if people die? What if the system would have been otherwise secure (i.e. patched, antivirus, firewall, and so on)?

In a nutshell – what if at some point we can prove that the NSA’s intervention actually harmed people?

And what if this happens in a foreign country? In other times, this would be considered an act of war.

Benni • March 12, 2014 9:35 AM

Bruce, in your lecture, you say you do not know what QuantumHand is:

Well, here’s a description, its a faked facebook server:

https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/

It is also mentioned that they do ordinary pishing.

But well, i would be more interested to see all these new slides the incercept article is based on.

TIM • March 12, 2014 10:33 AM

@ ATN

I don’t think that a kind of signature on the hard-drive is the main problem. Take another drive and sell the old on ebay, if you want to handle this problem.

I think, that in sum the implants have the goal to make a system identifiable within the mass data collection (I don’t mean the NSA definition;).
If you have the chance to identify a single system that was categorized a worthwhile target before, then the NSA (or whoever is able to use this kind of identification mark) can concentrate on this target again after the system was re-installed or hardware was changed or a new firewall was set in front or whatever someone changed to make access a bit more tricky (in case of a new firewall I would suppose the NSA has the signature of the firewall, too, and only adds one more script to jump over this barrier first).

Before you ask, yes, I’m a pessimist post Snowden.

John • March 12, 2014 10:59 AM

@Jon : They had the same mission, but Snowden decided to actually try to carry it out, where as the NSA ignored the defense role and focused on offense.

yesme • March 12, 2014 11:00 AM

@Petrobras

If your are a journalist and have something to hide to NSA or its equivalent:

… then you should use tails.

I thought that on the black hat conference there was a presentation about the NSA which also mentioned tails. Google it and you will find out.

Art • March 12, 2014 1:06 PM

Can we have some comment on what we didn’t see? As a thought experiment, imagine pre-Snowden, someone asked you to hypothesise what the NSA’s implant catalogue looks like.

I would have expected to see:

using Microsoft’s signing keys to install malware (i.e. without resorting to MD5 collisions, but by forcing Microsoft to hand them over)
more serious SIM card malware (e.g. surreptitious voice recording)

Any others?

Jeff • March 12, 2014 1:16 PM

Why haven’t we seen any of these (or newer ones that could be attributed to the gov’t) in the wild? I’d think people would report if they found, say, one of the doctored USB cables on their machine, or one of the s/w exploits. Sure, they’re designed to be undetectable, but never a detection, especially the ones involving hardware and now knowing the sort of thing to look for? Perhaps the targets of these exploits are secretive, too. Or the exploits are rarely (maybe never) used.

Nathan • March 12, 2014 2:04 PM

I think physical security is once again highlighted as being just as important as network security. Look at all of these physical taps that allow the NSA to receive retransmissions of communications when the tap is illuminated with an RF signal. It’s typical that taps like these are only discovered when a user notices a problem with a component (maybe caused by the tap, maybe not) and a system administrator happens upon the tap in the course of troubleshooting. Physical security would preclude an attacker’s ability to leverage a tap such as those common in these NSA TAO catalog entries.

Arclight • March 12, 2014 2:18 PM

I agree with Bruce, today’s “black program state of the art” is tomorrow’s “organized criminal attack.” Think about it this way: we can already buy hardware and software keyloggers, small wifi bridges that run on USB power, purpose-built articles like the Pwonie Express for audit/network exfil tasks, GPS tracking apps for phones, hardware GPS trackers that use the OBD-II port in your car, and lots of other similar tech from China and USA vendors. Many of these are “dual-use,” and some are clearly meant for offensive purposes. The NSA catalogue is just the logical extension of what was already available on the white, grey and black market.

In terms of “up and coming,” I think the elephant in the room is hypervisor security. Already, 90% plus of large companies deploy everything on VMWare, Xen, Hyper-V or similar technologies. The problem here, is that security and AV stuff (as limited as it is) lives primarily on the network or at the guest VM level.

So once I’ve compromised the hypervisor, I have:

Full control of the hardware
Full control of the network, including the ability to bridge/reroute VLANs and sniff or modify all incoming and outgoing traffic
Full control of all storage, including the ability to inspect or modify each individual read or write
Control of all hardware calls. I could even do things like intercept a PRNG call or mess with the hardware clock, things that can make crypto functions return predictable values.
Make my exploits in the guest OSs persistent without having to modify any firmware. Really, I can modify the firmware image or just tell the hypervisor what to do. Much simpler.
A bunch more things I’m certainly forgetting.

Given that network and IT vendors operate on tight margins, I don’t see a lot of interest in the kind of end-to-end assurance work that thwart these sort of attacks. Something fundamental would need to change in our architecture approach for better security/not trusting the hardware and hypervisor to become common.

Arclight

Greg A • March 12, 2014 6:45 PM

Looks like they’ve just found a 2014 NSA exploit in all Samsung Android phones…
https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor

GregW • March 12, 2014 7:00 PM

In terms of countermeasures, there are all the classic techniques that have been discussed here of high assurance software and hardware, detection of frequency emissions etc.

I’d like to toss out my half-baked thoughts trying to think about the problems the TAO list raises.

Personally, what I’d really like to be able to recognize is that some data is getting exfiltrated. That is my cue that somehow I have lost control of my hardware/software.

Given that some implant can broadcast the data away over RF even if my PC/server is not internet-connected, what I really want alerting from is if a particular piece of data is ever retrieved from physical storage.

To me this implies I need some primitive like “guard data” surrounding or interwoven with critical data such that, if the guard data is ever retrieved from storage, which in normal usage it should never be, then alerts are triggered. To avoid subversion the primitives for guard-data placement, detection and alerting would need to be baked in at a very low level (instruction set? ram/harddisk circuitry? separate monitoring hypervisor circuitry?) which are not subject to the normal sorts of manipulation available to general-purpose turing machine code. Ie this is not a pure harvard architecture machine.

Has this sort of thing been considered/pursued? Is there a name for this sort of salting/yellowpages technique? Is it a fundamentally defective idea?

BP • March 12, 2014 7:04 PM

Why did Snowden steal the 8 year old stuff. Why not the modern documents. That just makes the whole Snowden thing smell funky. Is he a diversion for some newer technology that Snowden wasn’t given as part of his task?

Nick P • March 12, 2014 9:00 PM

@ GregW

You’re essentially asking about the detection side of what’s now called Data Loss Prevention. Either way, it’s really about being able to measure file accesses and reliably store the logs. You have several options:

Add to the filesystem a feature for marking certain files and logging reads on them. This can be bypassed by a full compromise of the machine, esp kernel or lower layer.
Use a solution like Virtual Private Filesystem (or improved jVPFS). These build on top of a microkernel with security critical stuff in an isolated compartment and the rest considered untrusted. You could add your requirement as another check in the secure layer. Although, I’d recommend having a second storage area for logs that untrusted partitions couldn’t access at all. This method might be vulnerable to sophisticated software attacks or attacks below it.
Put the file system on a dedicated device whose interface stores all file access operations in a log in append only storage. (Or at least isolated storage.) You can use techniques that make code injection impossible as this is a simple combo of software/hardware. The chip/disk that handles actual filesystem operations is untrusted and can’t physically access other chip’s log.

(Note: Option 3 has some empirical validation in that one Australian product for protecting classified information moved security policy enforcement on files into the hard drive. The hard drive had a computer in it that performed checks, required authentication, stored logs on security-relevant data, etc. So, this kind of thing has been done before.)

Final thing coming to mind is certain academic projects where they make a processor tag data in memory and trace what happens to it during execution. This is common with “provenance” tracking systems. Based on the tag, the processor might prevent the data from going on the network (confidentiality), might prevent data from going to the kernel (integrity), and might prevent the machine from functioning (alpha release). Far as I know, most of these are prototypes although there might be something mature out there. I just don’t follow provenance-based systems as they’re better suited for intelligence/analysis applications than system issues.

Of all these, option two will be the easiest for most developers to put together. Option three will be the best for your requirement as one heuristic in security engineering is to put the protection mechanism close to where it needs to be used. You just want to know if certain files were read or tampered with. Best in layer that deals with files. Option 3 puts that at an interface between main system and file system that is simple enough to construct using highly secure hardware/software methods. So, it’s the best bet.

Nick P • March 12, 2014 9:17 PM

@ BP

“Is he a diversion for some newer technology that Snowden wasn’t given as part of his task?”

Their reaction to him was comparable to their reaction to Wikileaks. That they want to capture and imprison the guy isn’t lip service. That their opponents now know many of their specific methods can’t help either. The leaked capabilities cover a whole spectrum so Snowden can’t be about advancing one tactic or another. Then, there’s also political scandals and economic fallout on top of it.

It’s highly unlikely that Snowden is working for NSA or US govt interests.

Now, whether or not he’s working for the Russians is another story. I’m not saying I’ve seen any evidence one way or another on that one. Yet, it’s the one claim people make about him worth investigating. By default, I doubt that he was a double agent as his actions seem to fit with his stated motives and personality. Occam’s Razor.

pianissimo • March 12, 2014 9:26 PM

GregW: it sounds like what you’re after is a data-classification and mandatory access control system. This is not new at all and is one important part of “high assurance” to Rainbow Book B1 standards.

Software alone can’t protect data, though. Any intelligent device with access to the system bus can snoop and steal data. Several years ago there was a stupid scare about the FireWire port and an exploit that could dump all physical memory to a device running an attack script. But any form of physical access can be exploited. Computer companies that use removable DIMMs didn’t expect that they could be frozen and removed to make a near-perfect physmem image, but that attack is incredibly easy.

I think you need to think harder about your idea, based on your likely attack scenario. If your memory modules can be tampered with, then fully encrypted ram seems to be the only viable countermeasure. If you depend on special sentinels to protect some data, there will inevitably be times when the protection is turned off, or all you’ve made is a memory hole. Why can’t an attacker just wait for the protection to go off?

Buck • March 12, 2014 9:45 PM

@Nick P
I will add about point three…

3. Put the file system on a dedicated device whose interface stores all file access operations in a log in append only storage.

Excellent reccomendation! It does still retain the burdensome requirement of physical security, requires somewhat sophisticated skill-sets to accomplish properly, and lets be real… Any commodity appliance that claimed to achieve this would likely be prime target for subversion!

@Grew
Great ideas regarding DLP!
If implemented as defaults instead of only for ‘mission-critical’ use cases, they could probably eliminate some of the low-hanging fruits in the current dilemma of widespread non-detection.
Not entirely sure how the UI folks could figure this problem out for their general users… But it sounds especially promising for server environments!
The expected access times of my private keys from disk/memory can be pretty well defined programmatically. If this logging were enforced at the kernel layer (and kudos if it writes to an append-only external device ;-), it could at least notify a sys-admin of a possible security breach from application level processes…
Maybe even faster than multiple months later..?

Andy • March 12, 2014 11:08 PM

@ BP and others wondering why the stuff is so old.

Despite whatever the media writes, it has not been Snowdens desire to weaken national security, endanger operatives and moles or disclose any technologies that, upon publication, could be used as guidelines or blueprints to develop state of the art espionage tools or build a procedure for escaping the NSA scopes.

He wanted to outline the abuse of power, the technologies directed against US citizens domestically and Kindle a public debate on the topic.

I would expect some of the more recent, still in use tech ologies and also maybe even names of operators to be part of hos life insurance package.

Figureitout • March 13, 2014 12:07 AM

Anyone else have observations or comments, now that we’ve seen the entire catalog?
Bruce
–That I can’t understand how anyone can consider a computer you just go and buy from a store to not already be subverted. And that (I know I blab about this way too much) bluetooth exploits were missing. If every chip in every product that processes info has a bluetooth stack, it’s a global backdoor.

Petrobras
–Nice little list; the details are non trivial though. Not sure if you’re aware, but Brian Benchoff over on Hackaday is building a Motorola 68K computer as a server it sounds like; basically publicizing the build. Hopefully it gets up and running w/o too much trouble. That’s what I’m going to do too (starting w/ a simpler chip, Z80; and I kind of like its ASM), except make it explicitly step-by-step so importantly non-computer science/engineer can build it too. Aspie sent me all the designs for his minimalist Forth PC, I’m going to build that too (when I get the damn time…). My goal is to make it TEMPEST secure as much as possible and minimize leakage; we’ll see how that goes…

We need a secure delivery business, that’s kind of on my mind. It won’t be cheap though, b/c my vision is me and trusted/vetted associates hand-deliver hardware. That just shifts the vulnerable period to Fab’s; which is a fundamental hole…

yesme
–Tails is pretty nice; security mostly enabled by default, which is how it’s supposed to be. You have to learn to be risky/dangerous/stupid. Still, to be a functional OS meant for internet surfing, it’s going to have bugs galore…And getting a verified clean copy from the internet is difficult.

GregW • March 13, 2014 7:36 AM

@NickP, @pianissimo,

I have some hobbiest-level familiarity with about the general-purpose attempts to solve this issue with general purpose software: the custom filesystem approach, the virtual private filesystem, mandatory access controls, etc. None of those survive TAO-class attacks, firewire and physical ram-sniffing techniques.

I do think your options 3 and 4 Nick are helpful and thought provoking. With option 3 (discrete logged storage) I fear the audit log never ends up leading to a fast-action alert without some complex subvertible additional addon, and option 4 (hardware-enforced security-labels/tags on data) is more oriented around protecting data in a general way (good!) but not as oriented to noticing that layers of protection above it have been subverted somehow. But there are probably some ways to think about the problem buried in that research… appreciate it.

My angle is a bit different from all that stuff. Having perceived the difficulty of developing a subversion-resistant system, and even the challenges of a “data protection/data loss prevention” system, I’m trying to discern if relaxing those constraints and reframing things to build a “data retrieval detection/alerting” primitive (in hardware) can provide some useful properties, thinking about Bruce’s challenge.

I don’t have to protect the data, I just have to notice if some data which nobody knows about and which by its nature should never leave the barn seems to be “leaving the barn”.

That itself is a pretty interesting problem. Just knowing you are compromised is an extremely valuable bit of information. How can we shift the burden of defending against all these possible attacks to one where we can leverage intelligent human response post-incident? The key is recognizing we have an incident. Can we make that easier to do in light of TAO-class attacks?

As you said pianissimo, “software alone can’t protect data” and my line of thinking does include that as a premise, although without even going so far as protection which I have ‘given up on’. I’m interested in merely alerting if sentinel/canary-in-the-coal-mine data that should never be accessed is accessed, and doing that detection and alerting at the hardware level of the disk/flash/ram storage device.

At a high level, this is somewhat similar to the concept of having an above-top-secret document which contains nothing of value, but for which any attempt to access it alerts that someone poked around.

But I’m thinking of that notion on a lower-level system primitive basis– as a low-level string of “canary data” that if it ever gets read off the hard disk controller or sent over the memory bus (or perhaps even circuitry closer to the storage than that) creates an alert, not because of some software feature but because of some segmented hardware feature.

Could this be made into something useful/workable for detecting unauthorized TAO-type access?

My mushy concept seems to have two challenges though: first, while you can sprinkle some canary data around, a general-purpose way of doing that which gets exposed to the user/developer-level APIs in a user/developer-level discoverable way isn’t obvious. I’m happy for the purposes of this thought experiment to eliminate the requirement for some general-purpose approach to managing/mixing-in canary data and just settle for first understanding of being able to do it at all, even in a single case of canary data placed by hand!

Second, whatever alerting mechanism you’d seem to build would seem to be, in many cases, subject to disablement by an attacker with the skills to add an implant to your device. I’m not sure how you’d build an alerting mechanism for which an attacker can’t “cut the wires” so to speak. Unless perhaps your alert signal is itself some form of fairly integrated disablement of access to all data that is irreversible and thus likely to be noticed by standard monitoring and verifiable as an attack via physical access check?

Anyway I wonder if some variant of this idea can be made to work or whether it’s just fundamentally flawed.

P.S. Backing up data containing canaries should generate alert/disablement, right? So backup is probably a third problem faced by a canary-oriented general purpose solution. But I am willing to give up backup capabilities for the purposes of this thought experiment so we don’t need to tackle that up-front. (The use case could be constrained to situations where you might backup/publish data to this device and use it there, and thus never have to backup from it since your original is physically protected offline elsewhere.)

GentooAndroid • March 13, 2014 9:07 AM

@Figureitout: “Aspie sent me all the designs for his minimalist Forth PC”

The only public reference I found on schneier.com about that is here:
https://www.schneier.com/blog/archives/2013/12/friday_squid_bl_404.html#c3002048
https://www.schneier.com/blog/archives/2013/12/friday_squid_bl_405.html#c3060408

Did one of you happen to have posted anonymously something on the web ?

Did one of you recieve any e-mail answer after contacting the e-mail address on homepage of http://www.cs.bris.ac.uk/~dave/transputer.html ?

GentooAndroid • March 13, 2014 11:31 AM

@Petrobrass: “And I do no know how much transistors they have put inside, it is made at 90nm by fab contractors, so auditing is not possible :-(”

It could be possible to send one XCore and some money to http://visual6502.org/wiki/index.php?title=Chips_in_our_collection but who knows if they can evaluate the number of processors.

The XMOS XS1-L can replace a DSP chip with 70K-200K ASIC gates (7K-20K logic elements) according to their ad http://www.catagle.com/23-1/xmos-wp-xmos-vs-fpga.htm (this is by the way a nice pure html simulation of an embedded PDF reader, without javascript).

But I don’t undertstand if XS1-L is or not the same processor as the XMOS X-Core.

@Nick P: “What parts did they accept? And to be used in what?” posted at https://www.schneier.com/blog/archives/2013/11/friday_squid_bl_400.html#c4952140

Granted, unless XMOS let full public access to they fab and their IP, this is more an answer to your plan at https://www.schneier.com/blog/archives/2013/11/friday_squid_bl_400.html#c3047486 that to my plan https://www.schneier.com/blog/archives/2013/11/friday_squid_bl_400.html#c2986171

I will now try to explain how it is an answer to your plan:

Replace each of your processes running in your typical session by separate XCore processors (xterms, Xorg, firewall, network, TrueCrypt, root xterm, disk, …). The following will limit the description to this short list of processes, but I hope that you will easily be able to generalize the following to your real session.

an XCore keyboard processor that will be able to feed keystroles to another XCore hosting your currently focused xterm through “native firewire link”, and physically connected to each key of the keyboard (analog connection). When you want to swich to another xterm, you just disconnect the firewire link, and reconnect it to the other xterm.
an XCore network processor whose firewire connection will be only connected to the following XCore processor.
an XCore firewall processor, only connected to the above processor, and also to each of the XCore hosting processes that you allow to connect to internet.
an XCore processor hosting your Xorg driver (Wayland and libhybris would be better to fit in the 64ko of available memory), connected to the VGA cable, and also to each of the processes that are showing a window.
an XCore processor hosting the filesystem driver, connected through firewire to a firewire disk, and also to each of the processes that are have access to raw files (TrueCrypts, root xterm, …).
an XCore processor for each TrueCrypt, linked to the previous processor, and also to the XCore processors with xterm allowed to write in that encrypted partition.

The general idea is that none of these processors will have enough usable connections or memory to host NSA’s stealthy loggers (but use a Faraday room because they will be passive emissions ?).

Nick P • March 13, 2014 1:24 PM

@ GentooAndroid

Thanks for the explanation. Your design is approaching some of my own, including one or two I fielded. Here’s a few of mine in the past, with their evolution, and some current approaches I’m looking at with this type of design.

Originally used several computers connected by KVM and interface through a guard. Computers getting smaller and cheaper mean they could be in a box. The last incarnation of my design used VIA Artigo’s as they had onboard TRNG, virtualization and x86 support. Total cost of a multiple single level system supporting 4 levels was a few grand.
I was big on separation and security kernels. I wanted to eliminate the extra hardware by simply forcing POLA on everything in system, mediated by trusted kernel. Many designs were largely successful at this but had issues due to hardware level of things. My hacked together solution was to put IO on separate, cheap computer. Example: Trusted PC on separation kernel hosts the web service, while TCP/IP & Ethernet interface is on separate PC running hardened Linux/OpenBSD. The IO is essentially queued up, then delivered to the trusted PC using an extremely simple protocol over a safer piece of hardware. Not great for real-time but it worked & got all that code out of the TCB.
My first efforts to decompose the hardware extended that approach to have an Artigo dedicated to each major subsystem, then a few as compute nodes. A high-speed interconnect would be needed. I invented a networking over PCI scheme. Then I found out it was already invented and commercialized. (shakes head) So, I’d start with a useful microkernel system already designed as distributed, message-passing system. Then, I’d simply put certain processes on physical nodes, restrict communication with hardware+microkernel, and have a system where no one risky IO system could screw up the master node that controls them.
Then I discover PCI backplanes and look at SBC’s to find they’ve grown up into real computers. 🙂 Goodbye Artigo’s. Inspired by SCOMP and LOCK systems, I decide I can vastly simplify the security by putting memory enforcement in a specific chip controlled by a master node running trustworthy software. Clive’s “prison” approach was inspiration too. The backplane would have these chips at each SBC connection point. The chip would do DMA, IOMMU, and relay commands from master node. Each SBC could be built with just the right hardware and software for its job, much like PCI cards in desktops used to be. Each would also employ security measures best for its function.
Looking at EAL6 separation kernels, tagged/segmented architecutres, mainframe channel IO, etc I sought a way to unify all that while maintaining performance and my physical separation mechanisms. This led to my newest exploration in a security architecture based on NUMA/MPP technology. It might bring new challenges as Clive pointed out but it has advantages. The isolation mechanism can be made very easy, IPC/IO will be insanely fast over the interconnect, nodes can be customized like my PCI system, and the overall system can evolve with new technologies without stopping. Discovering the old Alewife machine made me think my architecture is doable and might be able to use message passing more directly.
A side exploration is building a timesharing, mainframe style machine out of strictly old technologies. I believe the combination of interrupt-less architecture, channel IO style dedicated IO chips, and certain protections built into processor/IOchip can make a highly secure machine that’s still useful. Reason I’m aiming for time sharing and old system approaches is the old B3-A1 systems showed us that this architecture could be highly secure, while using ancient tech might reduces patent risks. Use cases for this type of system include limited transaction processing, online services (with separate node gatewaying to Internet), databases, SCM systems, authentication, timestamping, key mgmt, security-critical mgmt tasks, and so on. I give an example or two in another post.

So, given that evolution of things the XCore plan seems closest to my PCI scheme but without the custom enforcement chip. So, it can definitely work and do the physical isolation. Whether it’s better to use it or one of the other architectures I’m looking into is still an open question. The message-passing style strongly integrates IO activity/interrupts and computation. I’m not sure if this is a good thing for verification as more success was had in systems that split it up. Another open question.

yesme • March 14, 2014 3:30 AM

@Figureitout,

“–Tails is pretty nice; security mostly enabled by default, which is how it’s supposed to be. You have to learn to be risky/dangerous/stupid. Still, to be a functional OS meant for internet surfing, it’s going to have bugs galore…And getting a verified clean copy from the internet is difficult.”

Two weeks ago I talked about “Rethinking the internet”. When things like http could be a virtual filesystem and TOR a VFS built on top of httpfs, you can use a simple text editor, “cat file | less”, “ls -la”. You don’t NEED a browser. You can use your standard tools.

It’s the browsers that are mostly the cause of the bugs galore.

Right now, TOR is a software package with TOR itself, a control panel, an outdated Firefox browser and a bit more software. And it is 65 Mb!

I think that the people working with TOR know what they are doing. With something like torfs, it would surprise me if the total amount of code would be more than 10 kLOC. And then it is “easy” to understand the code.

I think that any journalist working with tails is able to (learn to) understand the commandline tools and use simple text editors.

About getting a clean copy from the internet, that’s indeed a problem and I don’t have an answer for that.

Figureitout • March 14, 2014 11:39 AM

Did one of you happen to have posted anonymously something on the web ?
GentooAndroid
–Lol good one, I have a way for obfuscating my identity but it involves crime so I avoid it. I just made a little throwaway email, BM-2cToSg9V5qsJUP9qSv6rBG2DLrfmE9mw59@bitmessage.ch

Feel free to email if you want the code and a hand-drawn schematic (true homebrew lol). Understand I’ve been under and continue to see persistent attacks, so just FYI it could spillover. Aspie also got attacked (which is why he’s vacant), and he suspects someone on this site…Decided not to delete (yet) b/c he and I understand the state of email comms (read state 0 compromised) and I want the info to be publicized. His overarching principle is to separate from current computers, I share that as a lot of malware will not run on it.

Mine I’m working on is different, I’ll post it when (or if) I get a working system, which could be a while (Bruce could die tomorrow and the site’s down) but I’m on hackaday and going to be putting it on the internet.

I’ve never contacted that individual (to my knowledge) either but he has a nice site.

yesme
–I can kind of see how your system would work, would it involve putty perhaps?

It’s the browsers that are mostly the cause of the bugs galore.
–Can’t make an educated opinion, but yeah there’s still memory wipe bugs from intel chips. But still it’s excellent in that there’s a lot of “security by default”.

I’d say the journalists can learn command-line if they aren’t obsessed w/ touchscreen graphics. And if devs at Tails decided to sell CD’s and mail them those will be highly targeted for interdiction; need hand delivered.

GentooAndroid • March 14, 2014 4:52 PM

I do not want to try to keep my identity anonymous from NSA and the likes (I have published things on a variant of github, for example).

I only want to prevent web robots from linking me to my public activities on internet. Think of 123people.com for example. This is why I refuse Google+.

My lynx browser might already have been QUANTUMhacked, for all I know.

I understand that someone may want more obfuscating of identity that I do.

@Figureitout “FYI it could spillover. Aspie also got attacked. (which is why he’s vacant)”

You freaked me out. Don’t have the time to recover from attacks.

Nick P • March 14, 2014 5:41 PM

@ figureitout

Things dont have to be command line to be secure. Old TX system, EROS Window system, and Dresden’s Nitpicker GUI all show how to design a secure graphics layer. In such designs, most of graphics stack operates in user mode with each app having separate copy. A simple layer of trusted code tracks which has focus, handles user interaction, ensures user can identify windows’ owners, and draws virtual screens to real screen. You can even have a dedicated chip for the last part so software onlg has to initialize it.

In contrast, getting the shells and other UNIX functions operating in MILS/MLS was so hard that they just gave a whole system to each application (virtualization). Least they could run legacy software like email and browsers.

Nick P • March 14, 2014 5:52 PM

Edit: forgot to add that it’s often easier to use software rendering rather than graphics card as we cant trust them. The dedicated graphics chip I referred to was mainly there to offload sending data from memory to monitor. However, it could have a CPU accelerating certain graphics operations. However, it would have to be MILS architecture or controlled exclusively by trusted software to prevent it from being an attack point.

Figureitout • March 15, 2014 10:58 AM

nick p
Things dont have to be command line to be secure
–I know, but TEMPEST is a major personal concern. It means an attacker is relatively close to me and it breaches the airgap. You may not have agents breaking in your home when you go for a run, being your neighbors w/ Sat-links back to home base, but I do. VGA cable hacks like Ragemaster (funnily enough in the ferrite bead which is supposed to shield from RF) would bypass that protection too, no?

GentooAndroid
–I’m sorry, I’ve been attacked so much it’s just a normal day now. But it’s good training, that’s for sure. They’ve shown me a lot of their cards.

Nick P • March 15, 2014 12:01 PM

@ figureitout

TEMPEST is irrelevant: it works against command line and everything else you use. An EMSEC tent is your best bet as I doubt any hardware you acquire is TEMPEST certified and free of subversion.

Figureitout • March 15, 2014 4:36 PM

nick p
–No it isn’t; and I’m going to do some experiments to hopefully show you why. And no dip, all hardware is questionable; I don’t trust it anyway. It took like a week longer for my arduino to come in the mail than my dad ordering a part at the same time.

Nick P • March 15, 2014 7:22 PM

@ Figureitout

re odds of success for amateur EMSEC

EMSEC was something that took decades for US military/intelligence to understand well-enough to believe in their protections. The certifications are per product, very rigorous, and result in costly/bulky products. There are few countries whose engineers have been able to pull it off. There was also an attack on them using ultrasound in recent years showing even they hadn’t thought of everything.

In other words, it requires enough electrical engineering expertise, esoteric knowledge, and development money that even NSA couldn’t get defense part right for decades. Their attacks, on other hand, are spot on as TAO catalog shows. That you’ve worked out a shortcut to making COTS computers EMSEC-secure on the cheap is a groundbreaking work. The entire TEMPEST industry will be out of business with your tech ending up in cheap Chinese boards.

If you’re right, that is. Otherwise, they’ll just point their radar units at your house and read what you’re typing, while letting you think you succeeded. Hope your experiment works, though.

Figureitout • March 16, 2014 2:36 AM

Nick P
–Hey you finally spelled my name right, f*cker. :p Congrats. You really irritate me sometimes…

Oh and you’re going to call me amateur and give me the lecture about all the brilliant military engineers failing to solve this problem (I really would’ve loved to worked w/ these guys/gals, really, if they didn’t work ultimately for evil); I love being written off. Some of these agents that seem to be “the best” at infiltrating a target secretly turned out to be a major fail and I could’ve given them a lot of pointers to be better at their job, but nope they can suck my…

It’s such a hard problem, I don’t even know if it’s possible to solve due to just simple physics (for instance, how do I cool my fricken chips w/ holes in my shields?!); that’s why it’s really attracts me…

All my experiments that I’m constructing right now are going to prove, is yet another hole in the swiss cheese that is TEMPEST security and a potential plug that will take a lot of self-discipline.

GentooAndroid • March 16, 2014 5:34 AM

@Figureitout “breaking in your home when you go for a run”

Then go run with your arduino in your pocket. And buy one of those small tents weighting less than 1kg to deploy when using your arduino at home, and bring it with your when running.

Below are my best uneducated bets about keyboard, screen and delivery.

I assume you known about the fiber-optic keyboard https://www.schneier.com/blog/archives/2008/10/remotely_eavesd.html#c320239 but you cannot bring it with you when running.

Setup twin cameras to locate the 3D position of your fingers above a photography of keyboard, so that you don’t need to actually touch the keys. And bring the cameras with you when running.

About the screen: buy a small flat VGA screen (4 inches, 5 volts), and bring it with you while running. It also may be a freerunner, a https://www.genesi-usa.com/products/smartbook, an N900, or another “open-source” smartphone, on which you can severe the wireless antennas and the mobile chip.

As for “degradations” (NSA calls it “interdiction”) of your parcel deliveries: find an electronic store on a real street, in a big city.

Figureitout • March 16, 2014 1:12 PM

GentooAndroid
–Appreciate the suggestions but lol you’re funny; I won’t go running w/ my arduino (it went thru a 9V battery in like…less than 5 min, but it was just for a servo motor). I like my runs b/c the only tech. on me is shoes and clothes. I do like being mobile though when I need to do some things on my graphing calculator.

That was a good thread.

Oh your link has a comma at the end that sends me to the homepage. But uh I like the idea but This product has been discontinued. Also the same old things I have no use or want for in my computer, wifi, 3G modem, bluetooth(!)shudder, camera, microphone, and speakers. I don’t want any of those. Keyboard, mouse and screen (the screen needs to be re-evaluated); all highly shielded. I’m ok w/ a lot of ports but they need little metal covers when I don’t need them. I want to see some attacks on IR, brings the range down and it’s line of sight. Encrypted protocol that I would change when I “get a little frisky”. I see some of the commercial products, but bluetooth…

Figureitout • March 16, 2014 1:17 PM

GentooAndroid
–The covers on the ports would have covers too. So the waves die hopefully trying to escape. Maybe I need a vacuum sucking heat out, through a zigzag of metal. I’m only going to find if these things would work by experimenting, b/c I’m no Newton, Hertz, or Faraday…

Nick P • March 16, 2014 8:31 PM

@ Figureitout

“Hey you finally spelled my name right, f*cker. :p Congrats. You really irritate me sometimes…”

Haha

“I really would’ve loved to worked w/ these guys/gals, really, if they didn’t work ultimately for evil”

Same here. Least we get discussions with the likes of Clive and RobertT. Close enough for me.

“It’s such a hard problem, I don’t even know if it’s possible to solve due to just simple physics (for instance, how do I cool my fricken chips w/ holes in my shields?!); that’s why it’s really attracts me…”

The physics of it are indeed interesting and way above my knowledge. If you’re just exploring, there’s actually a book or two I can recommend on the topic. TEMPEST is generally classified. However, electromagnetic shielding is used in the public so people have written about it. I think a TEMPEST-certified engineer wrote at least one book. I could try to dig them up and post them if you like.

GentooAndroid • March 17, 2014 4:13 AM

@Figureitout: “–Appreciate the suggestions but lol you’re funny; I won’t go running w/ my arduino (it went thru a 9V battery in like…less than 5 min”

🙂
I was talking of bringing all of that with you, but powered off, just to avoid fishy home clening services from tampering with them.

9 volts in battery 5 minutes ? My Android can compile for hours on battery, you might have done something wrong.

Cutting all the wires of the 3G/wifi/bluetooth/mic/… antennas might be more efficient than covering them, if you go for a smartphone.

GentooAndroid • March 17, 2014 4:22 AM

@Nick P: “how do I cool my fricken chips w/ holes in my shields”

big and fat plates of something electrically isolant but thermically conductive (fat, glass, sugared water, diamond, …) ?

Build two shielded rooms, and alternate between them, leaving the door of unused room opened ?

Figureitout • March 17, 2014 9:12 AM

I could try to dig them up and post them if you like.
Nick P
–What do you think, Nick? My reading list is already a small shelf, another book wouldn’t hurt. Yes please and thank you if you offer.

GentooAndroid
–Oh ok, quit cracking me up! :p I’d need a small trailer to bring w/ me; well actually that may be nice weight training…Maybe b/c it was a motor (it was stepper actually). I’m just using the ‘duino for controlling stuff and messing w/ some neat peripherals. Yeah it’d be more efficient but I won’t be able to relax…

Nick P • March 17, 2014 12:18 PM

@ GentooAndroid

That was figureitout’s comment, not mine.

@ figureitout

Couldn’t find my bookmarks so did some new research. Results I posted in Squid thread and submitted to Slashdot. Hopefully, some EE/CompSci students or pro’s see the links, then get to work.

Figureitout • March 17, 2014 12:19 PM

Nick P / GentooAndroid
–Oh and to make me even more paranoid…Hackaday recently featured this: http://wp.josh.com/2014/03/03/the-mystery-of-the-zombie-ram/

He tested that an LED was powering RAM after shutdown from external light, you initially think Light Emitting Diode as in current flowing 1-way, but there is always a little leakage backwards. Clive hinted one time about LED’s betraying encryption keys one time…I think this could be “designed out” but still…So you really do need a dark room…And likely this would work w/ IR LED’s…

Leaves me wondering, if you can power RAM from external lights to LED’s, can you write to it?

Schneier on Security

Postmortem: NSA Exploits of the Day

Comments

Leave a comment Cancel reply