Upload
napier-university
View
464
Download
0
Embed Size (px)
Citation preview
Keysight IT Security & Compliance
Bare Metal ForensicsDoug CarsonBig Data in Cyber Security
10th May 2016
Page
1
The Evolving Cyber Threat LandscapeBare Metal Forensics 210/5/2016
The consequences of innovation and increased reliance on information technology in the next few years will probably be far greater in scope and impact than ever. Devices, designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and US Government systems.
Senate Armed Service Committee Feb 9th 2016James R. Clapper Director National Intelligence
Current perimeter based approaches of IT enterprise security cannot address such highly connected and diverse Cyber Physical Systems
Page
2
Who Protects Cyber Physical Systems?Bare Metal Forensics 310/5/2016
Page
Measuring Endpoint DevicesBare Metal ForensicsBare Metal Forensics410/5/2016
Exploit industry interconnect standards to gain visibility into devicesExploit manufacturing test ports to control execution of deviceUse precision analog measurements to detect side channel leakage
Highly embedded, highly diverse connected devicesImpossible to embed scanning agent Uncertain supply chain with custom SoCsNo compliance regime in placeMinimal testing to meet market windows and costs
Page
Bare Metal Forensics PrincipleBare Metal Forensics
510/5/2016Cyber SystemPhysical ImplementationUsing Standard Components
Observed Phenomena
Inferred operationAnalyse BussesSpoof BussesPower & EM channels
DataAnalysis
PageComponent StandardisationBare Metal ForensicsBare Metal Attack Surface610/5/2016
PageInfiniium Bus Analysis Support
Power rails8B/10BCANDigRF v4DVIHDMI FlexRayI2C/SPIJTAG LINMIPI CSI-3MIPI D-PHY MIPI LLI MIPI RFFE MIPI UniPro MIPI UFSPCI e Gen1 and Gen2 RS-232/UART SATA/SAS SPISVID USB 2.0 USB 3.0Super Speed Inter-Chip 710/5/2016Bare Metal Forensics
Page
Presentation Title5/9/2016Confidentiality Label7
The Big Data AngleBare Metal Forensics
810/5/2016160GSa/s = 1.28Tbps
NoisyPartialTraining data
Gigabytes!
PageData Science on Measurement TracesBare Metal ForensicsPrevious Research910/5/2016
400 tracesof 25K points
2 hours on 256 cores at UK National Supercomputing Centre
Correlation matrix of behavioural tracesBehavioural similarity network
Page
Bare Metal Forensics ProjectBare Metal Forensics10 High speed signal capture and generationSignal analysis softwareDevice measurement scienceWorld class cyber forensics research, teaching and trainingAccredited MScPrivate and public sector partnershipsLocal cyber industryPublic bodies
10/5/2016
Page
10
Side Channel AttackBare Metal Forensics
1110/5/2016
PlaintextMessageEncrypted MessageCryptographic FunctionSecret KeyPowerHeat Time Sound
Side Channel MonitoringA side channel attack is carried out by monitoring the physical outputs of a device (e.g. power consumption, time taken to carry out an operation, emission of heat, light and sound).
Side channel signal
PageExploiting Side ChannelsBare Metal Forensics
1210/5/2016
PageSide Channel Attack DemonstrationBare Metal Forensics1310/5/2016
PageSummaryInsecure embedded devices in the IoT will lead to widespread vulnerabilities in critical infrastructureCurrent OS agent based techniques do not address these devicesDevice operation clues can be inferred from electronic measurement tracesData science research underway to develop analytics to detect vulnerabilities from measurement traces
Bare Metal Forensics10/5/201614
Page