Presentation is loading. Please wait.

Presentation is loading. Please wait.

Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005.

Published byVirginia Clark Modified over 9 years ago

Similar presentations

Presentation on theme: "Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005."— Presentation transcript:

1 Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005

2 Software vs. Hardware Software is preferable to hardware due to cost & flexibility Plus: Ease of deployment Ease of upgrade Diversity Generality Malleability

3 Barriers to Software Solutions Environment Crypto Culture Attacker Expertise Hardware good, software bad: Tampering is more difficult to hide with hardware Harder to “turn” hardware away from its intended purpose Reliability & redundancy Cracker sophistication needs to be higher Independent of host applications Cracker opportunities typically require physical access

4 Meeting FIPS 140 Level 3 Cryptographic module ports and interfaces Notion of a “data port” nebulous in software Interfaces may be viable points (i.e., APIs) Can be expected of “good programming practices” Roles, Services, & Authentication Identity-based operator authentication Two factor authentication should suffice Software module should be self-authenticating as well Design Assurance High-level language implementation is standard software practice

5 Meeting FIPS 140 Level 3 Physical Security Parts are hardware specific Anti-debug technologies would need to be deployed Obfuscation can meet many of the requirements Some are too hardware specific and would have to be ignored Must remember that there are a lot of reverse engineering tools, and so must ensure software crypto solutions are adequately prepared Tamper detection hard when software can easily be replicated OS-level and OS-hardware interaction can help alleviate above

6 Meeting FIPS 140 Level 3 Operational Environment EAL3 requirement Can be met with EAL3 operating systems Cryptographic Key Management White-box cryptography resolves this issue EMI/EMC Software can manipulate EMI/EMC signals However, the bandwidth may be too low to provide sufficient attack significance Furthermore, white-box cryptography with its use of consistent lookup tables should aid in resisting timing attacks

7 Circumvention Research Interesting research coming out of Canada Wurster’s Generic Attack Hyper-Threading Vulnerability Similarities in that unprivileged users can modify the execution stream of certain popular processors without detection: Difficult to detect attack code Feasible even where emulator-based attacks fail Attack code is generic and not program dependent Further research necessary to determine the true threats posed At present it seems there are no viable solutions to the above threats

8 Conclusion Notwithstanding current circumvention research, efforts must be made in examining viable software crypto standards Obfuscation and other tamper resistant techniques should be examined Research must be pursued that accurately defines: What is necessary for Level 3 software crypto Adequate tests for Level 3 crypto Impact of software crypto on the industry

9 Thank You! Eugen Bacic Chief Scientist Cinnabar Networks Inc. ebacic@cinnabar.ca

Download ppt "Software Hardening & FIPS 140 Eugen Bacic & Gary Maxwell September 27th, 2005."

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.

1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Larry Wagner Sr. Director of Engineering

Larry Wagner Sr. Director of Engineering
Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.

Cynthia Kuo, Mark Luk, Rohit Negi, Adrian Perrig Carnegie Mellon University Message-In-a-Bottle: User-Friendly and Secure Cryptographic Key Deployment.
CS 411W - Notes Product Development Documentation.

CS 411W - Notes Product Development Documentation.
1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.

1Copyright © 2005 InfoGard Laboratories Proprietary 2005 Physical Security Conference Physical Security 101 Tom Caddy September 26, 2005.
Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chapter 1 Software Development. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2 Chapter Objectives Discuss the goals of software development.

Chapter 1 Software Development. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2 Chapter Objectives Discuss the goals of software development.
University of Kansas Construction & Integration of Distributed Systems Jerry James Oct. 30, 2000.

University of Kansas Construction & Integration of Distributed Systems Jerry James Oct. 30, 2000.
1 Software Engineering II Presentation Software Maintenance.

1 Software Engineering II Presentation Software Maintenance.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Notion of a Project Notes from OOSE Slides - modified.

Notion of a Project Notes from OOSE Slides - modified.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.

1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani Free University of Bozen-Bolzano Lesson 1 – Component-Based.

Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani Free University of Bozen-Bolzano Lesson 1 – Component-Based.
SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.

SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Similar presentations

Ads by Google