1 Copyright © 2014 M. E. Kabay. All rights reserved.

HardwareCSH6 Chapter 4

“Hardware Elements of Security”

Sy Bosworth & Stephen Cobb

2 Copyright © 2014 M. E. Kabay. All rights reserved.

Topics

Introduction Binary Design Parity Hardware Operations Interrupts Memory & Data Storage Time Natural Dangers Data Communications Cryptography Backup Recovery Microcomputers

3 Copyright © 2014 M. E. Kabay. All rights reserved.

Introduction

Other hardware-related chapters of CSH6:Ch 5 – Data Communications & Information

SecurityCh 6 – Network Topologies, Protocols, & DesignCh 22 – Physical Threats to the Information

InfrastructureCh 23 – Protecting the Information Infrastructure

4 Copyright © 2014 M. E. Kabay. All rights reserved.

Binary Design

Von Neumann ArchitectureJohn von Neumann, 1946Apply binary representation to computer

implementationElectrical/electronic systems could handle

high/low or on/off states to represent binary 0 and binary 1

Rapid switching = pulsesPulse characteristics

Ideally square wavesBut cope with sine waves and other

waveforms

5 Copyright © 2014 M. E. Kabay. All rights reserved.

Circuitry

Original 1940s computers used vacuum tubesRelatively large – room-sized

machines with power of later calculator-wristwatches

Consumed power & ran hotShort MTBF (mean time between failures)

Solid-state transistorsPatented in 1925 (Lilienfeld) & 1934 (Heil)

but never developedWilliam Shockley & colleagues at Bell Labs

developed effective transistors starting in 1947

6 Copyright © 2014 M. E. Kabay. All rights reserved.

Coding Convention for representing data Early codes include

Baudot (hence “baud rate”)Binary-coded decimal (BCD)Extended BDC (EBCDIC, used by IBM)American Standard Code for Information Interchange

(ASCII) Bits → bytes (8 bits/byte) → words (n bytes/word) Prefixes for length of numerical codes (B = bytes & b = bits)

KB = kilobyte (1024 bytes) (aka kibibyte!)MB = megabyte (1024 KB) (aka mebibyte)GB = gigabyte (1024 MB) (aka gibibyte)TB = terabyte (1024 GB ) (aka tebibyte)

7 Copyright © 2014 M. E. Kabay. All rights reserved.

Error-Detecting CodesError-detection systems started with parity bitsWrite additional bit into hardware storage (e.g.,

disk, RAM, data-comm, tape…)Even parity bit = 0 when sum of bits is evenOdd parity bit = 0 when sum of bits is oddRecompute parity bit when reading data backCheck to see if computed parity bit = recorded

parity bitExtensions led to

error-correcting codes; e.g.,Cyclical Redundancy

Checks (CRCs)Self-checking codes

8 Copyright © 2014 M. E. Kabay. All rights reserved.

Hardware Operations

Fundamentals ops: Input, Output, ProcessingTypical hardware-implemented error-handling

Read-after writeEchoOverflow errorsValidationReplication (e.g., RAID-1

arrays of disks)

9 Copyright © 2014 M. E. Kabay. All rights reserved.

Interrupts

Changes of state can allow operating system to examine its own integrity as well as integrity of data

Types of interruptsI/OSupervisor callsProgram checkMachine checkExternal

For a detailed computer engineering review,see “Investigating Interrupts” by Garth Wilsonhttp://tinyurl.com/42dqcuk (← q not g)

10 Copyright © 2014 M. E. Kabay. All rights reserved.

Memory & Data StorageMemory Hierarchy (of speed) CPU registers (architectural registers)

Nanosecond access time Main memory (primary memory, RAM)

Microsecond access time Secondary storage (disk, tape, flash memory …)

Millisecond access time – on disks, mostly due to head positioning

Hardware safeguardsHardware-locking devices can prevent accidental writeBad-sector compensationReformattingSMART (Self-Monitoring, Analysis, and Reporting

Technology)Head-withdrawal systems for hard-drives

11 Copyright © 2014 M. E. Kabay. All rights reserved.

Time

Synchronous processesOperate according to

strict rhythmIntrinsic frequency of hardwareSystem clock cyclesDefined # cycles= tickDefined # ticks may generate interrupt

Deviation from clock cycle may indicate error

Asynchronous processesNo particular rhythmE.g., keyboard inputs, packet streams

12 Copyright © 2014 M. E. Kabay. All rights reserved.

Natural Dangers

Power failureHeatHumidityWaterDirt, dustRadiation

May cause downtime

See CSH6 Chapters 22 & 23

13 Copyright © 2014 M. E. Kabay. All rights reserved.

Data Communications

DC hardware can be criticalTerminals must be protected to prevent

unauthorized accessWired facilities

Dial-up lines (increasingly rare)Leased linesDSL (Digital Subscriber Lines)Cable

Wireless

See CSH6 Chapters 5 & 33

14 Copyright © 2014 M. E. Kabay. All rights reserved.

Cryptography

Essential tool for information assurance Increasingly available in hardware

implementationsEncrypting disk drivesEncrypting data-communications

equipment (e.g., STU-III)

ROCSAFEhttp://tinyurl.com/qw36aa

ROCSAFE

Secure Telephone Unit III

See CSH6 Chapter 7

15 Copyright © 2014 M. E. Kabay. All rights reserved.

Backup

All systems may failTherefore all systems storing meaningful data

should be backed upDefinition: backup is independent copy of data

Thus must have at least 2 instantiations of dataThus cannot backup and then destroy original:

would have no backupBackup also includes operational components for

business continuityPeopleHardwarePower

See CSH6 Chapter 57

See CSH6 Chapter 58

16 Copyright © 2014 M. E. Kabay. All rights reserved.

Recovery

Effective recovery requires planning & testingBackups

Test backups at time of creationUse verification modeReads data back and compares with

originalTest backup restoration periodicallyKeep in mind that backup media may

deteriorate over timeArchives may become unreadablePlan for re-recording if necessary

See CSH6 Chapters 58 & 59

17 Copyright © 2014 M. E. Kabay. All rights reserved.

MicrocomputersGeneral threats to microcomputers

Small sizeEase of access (e.g., laptops)Widespread knowledgeStrong motivation to steal informationLots of opportunity

Specific threatsPhysical damageTheftBad electrical power & static

dischargeData communicationsMaintenance and repair

See also following slides

HP110 from c. 1982

18 Copyright © 2014 M. E. Kabay. All rights reserved.

Physical Damage

Susceptibility to shockDisk drives in particular

Damage from liquids and greaseSpilled beverages into keyboardsDirty fingers on connectors

Obstructed cooling ventsDirtBlockage

by papers, books, other equipment

19 Copyright © 2014 M. E. Kabay. All rights reserved.

TheftTheft of laptops → loss of

control over confidential dataConfidential data must

be encryptedPersonally identifiable

information (PII) in particular must be encrypted

Use whole-disk encryption for simplicity

Computer lo-jack systems available

http://www.absolute.com/products/lojack

20 Copyright © 2014 M. E. Kabay. All rights reserved.

Bad Electrical Power & Static DischargeReduce or eliminate use of

multiple-access to power outletsAdd voltage-regulators

Prevent spikes and brownoutsMany UPSs include voltage

regulationDon’t allow vacuum

cleaners (etc) on same circuit as computer systems

See Kabay (2009) “Preparing for the Next Solar Max”http://www.mekabay.com/infosecmgmt/solarmax.pdf

21 Copyright © 2014 M. E. Kabay. All rights reserved.

Data CommunicationsExplosion of interconnectivity

<1980 almost all computer networks were local

Simple terminals hardwired to mainframes Smart terminals with some local

processingIn 1980s LANs interconnected PCs locally

WANs and MANs implemented internetworking

Internet grew to 1.1M nodes by 19911990s saw explosion in size of Internet

.com TLD (top-level domain) opened ~1993WWW established early 1990s

22 Copyright © 2014 M. E. Kabay. All rights reserved.

Maintenance and Repair

Organizations must establish official program of maintenance and repair for PCsOn-site by employeesOn-site by contractorsOn-call repairCarry-in service to repair centersRemote repair using shipping

Have loaners on standby for immediate replacement of damaged units

Consider securityimplications

23 Copyright © 2014 M. E. Kabay. All rights reserved.

Now go and study