Protecting Data in Untrusted Locations
-
Upload
jan-schaumann -
Category
Internet
-
view
518 -
download
0
Transcript of Protecting Data in Untrusted Locations
![Page 1: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/1.jpg)
Jan Schaumann @jschauma
99CE 1DC7 770A C5A8 09A6 0DCD 66CE 4FE9 6F6B D3D7
Protecting Data in Untrusted Locations An exercise in “Real World” threat modeling.
![Page 2: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/2.jpg)
Me. Errday.
![Page 3: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/3.jpg)
![Page 4: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/4.jpg)
https://t.co/Ej94YI4Ovr
Threat ModelObliga
tory
James M
ickens
“This World of O
urs”
reference.
![Page 5: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/5.jpg)
https://t.co/Ej94YI4Ovr
Threat ModelObliga
tory
James M
ickens
“This World of O
urs”
reference.
![Page 6: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/6.jpg)
![Page 7: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/7.jpg)
gonna tweetTweeters
![Page 11: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/11.jpg)
Threat Actors:
• hackeris vulgaris
• organized crime (fsvo “organized”)
• local governments or intelligence services
• foreign governments or intelligence services
Threat Model
![Page 12: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/12.jpg)
Threat ModelAssets:
• Physical Equipment
• Local Service Access Point
• Access/Entry point to Infrastructure
• TLS keys
![Page 13: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/13.jpg)
Access/Entry point to Infrastructure
• physically protected systems
• no “secrets” permanently stored on systems
• traffic severely restricted
• all traffic must be mutually authenticated
![Page 14: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/14.jpg)
![Page 16: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/16.jpg)
![Page 17: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/17.jpg)
TLS keys
![Page 18: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/18.jpg)
Y U NO HSM?
TLS keys
![Page 19: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/19.jpg)
No time to explain - get in the llama!
![Page 20: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/20.jpg)
![Page 21: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/21.jpg)
![Page 22: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/22.jpg)
![Page 23: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/23.jpg)
BootingFirst time:
• boot into single-user mode
• generate TPM-backed CSR
• submit CSR to service in datacenter
• cert generated, used to encrypt client puppet key
• encrypted puppet key stored in host image
Nth time:
• iPXE via TLS
• init script decrypts puppet key using TPM
• puppet does its thing
![Page 24: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/24.jpg)
http://cm.bell-labs.com/who/ken/trust.html
Obligatory
“Reflections o
n Trusting Trust”
reference.
![Page 25: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/25.jpg)
Wile E. Coyote has an MBA.
Value of Asset
Cost of Attack
Wile’s ROI
![Page 26: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/26.jpg)
Wile E. Coyote has an MBA.
Value of Asset
Cost of Attack
Wile’s ROI
![Page 27: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/27.jpg)
Raising the cost of attackWile E. Coyote needs:
• physical access
• ability to attack running system
• persistent undetected presence
![Page 28: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/28.jpg)
Wile E. Coyote has an MBA.
Value of Asset
Cost of Attack
Wile’s ROI
![Page 29: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/29.jpg)
Wile E. Coyote has an MBA.
Value of Asset
Cost of Attack
Wile’s ROI
![Page 30: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/30.jpg)
Reducing the value of TLS keys
• Forward Secrecy
• tightly scoped certificates
• short-lived
• alert if observed outside of expected env
![Page 31: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/31.jpg)
Possible scenarios• hardware compromised prior to us
racking it
• resources compromised through temporary physical access (ACME backdoor)
• ACME fake hole, ACME rocket powered roller skates, ACME do-it-yourself tornado kit, ACME earthquake pills, ...
![Page 32: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/32.jpg)
![Page 33: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/33.jpg)
![Page 34: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/34.jpg)
Lessons: You can’t just rub some crypto on it.
http://youtu.be/YsY2-yi5W74
![Page 35: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/35.jpg)
Lessons:Know your assets, know your adversaries.
![Page 36: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/36.jpg)
![Page 37: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/37.jpg)
![Page 38: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/38.jpg)
![Page 39: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/39.jpg)
![Page 40: Protecting Data in Untrusted Locations](https://reader035.fdocuments.in/reader035/viewer/2022081401/55a2058d1a28abe9648b467a/html5/thumbnails/40.jpg)
Jan Schaumann @jschauma
54FE 193F 64ED DD0B CFDE 40D6 1983 626F 1E52 3D3A
Thanks! (now get in the llama!)