Month: January 2015

Security Engineering: Introduction and Illustrative Example

My adviser is teaching a new class at my institution on Security Engineering.
It derives a lot of source material from Ross Anderson’s book of the same name. Since the book is dated around 2008, it is missing a lot of material surrounding pervasive computing security and the like so this will be supplemented by relevant conference publications.

This semester, I’m planning on making frequent blog posts about the material learned in this class. A sort of challenge to keep my blog consistently updated and to make myself take better notes.

 

  • Architecture & landscaping help with physical security; using physical constructs to protect your valuables (i.e. a moat or large windows).
    • Airports have TSA checkpoints.
  • Need to avoid running into snake oil concepts in security.
    •  Examples of Snake oil: “Military grade encryption”, “AES is bad because there is 256bit key but we have 1024bit key”, etc. typical nonsense.
  • Class Exercise: Threat Modeling
    • Threat modeling is the act of analyzing the security of a situation in a systematic fashion using actors, attacks, and defense scenarios.
    • Scenario: prepaid service cards! These can be things like purchasing airtime minutes for AT&T or online play time for Xbox Live.
    • What are the types of threats against prepaid services? To do this, we need to begin looking at the different actors & stakeholders.
    • Actors: Person who buys the prepaid card. Person who sells the prepaid card. Person who manufactures the prepaid card. Person who uses the prepaid card. The provider.
      • System’s goal is to distribute money without having a credit card or billing to a main account. So the idea is that you are avoiding this by maybe purchasing this with cash.
        • Prepaid identifies a subset of people who don’t have credit cards or are unwilling to use it. This information might be sellable by the service toa dvertisers who might want to sell to them.
      • Prepaid cards are one-shot, AND itemized. So one person knows where the card was sold from and who currently owns it. So you can make a connection there between where they go to purchase cards (tenuous, it can be a gift).
      • Prepaid cards can be fraudulent; they could contain absolutely no money at all. So one actor can just be selling a used card without the other person knowing if there is a way to read below the surface of the strip.
      • When you activate the prepaid card on the telephone, it may be possible to trace that transaction information to a specific phone number, compromising user privacy again.
      • Can brute force the card; if there is an algorithm flaw then you can lose the money from it. You could prevent people from using the service properly by shutting it down thus making the card worthless.
      • The manufacturer can be compromised; you can force the distributor at the printing press to print flawed cards or ones with mistakes and pocket the money in the original code yourself.
    • Official Actors:
      • End user
        • Attacks: Fraud -> lie to company that the card didn’t contain any money.
          • Defense: You bought it, you lost it. Its your fault. We have no obligation to you.
            • Banks call it ID theft instead of fraud for a legal liability reason. They make it your problem, not theirs.
        • Attacks: Lost it -> sell it -> plan to use later.
          • Defense: You bought it, you lost it. Its your fault. We have no obligation to you.
  • Service provider
  • Retailer provider/store/cashier
    • Attack: They don’t activate the prepaid card when its purchased.
      • Defense: Point of sale. You can’t ring up the card for sale without activating it at the same time.
      • Defense: Receipt needs to say that a card has bene sold and it has been activated.
    • Attack: Read token/copy the code.
      • Defense: The code can’t be scratched off, but this prevents weakly.
      • Defense: Tamper resistant enclosure. You want to prevent people messing with cards inside large boxes that can be actiovated en masse.
    • Attack: Using the token attack?
    • Attack: Fraud – selling false cards
      • Defense:Use holographic/physical design just like with money to prevent being sold false goods.
      • Defense: Buy from a brick and mortar or a trusted brand place where fraud is less likely (like Amazon or eBay).
  • Whole sale provider/warehouse
  • Gift giver
  • Billing/authorization
  • Manufacturer
  • Hacker
    • Attack: Guessing/brute forcing PIN codes.
      • Defense: Simple database of used PINs.
      • Defense: Difficult to reverse-engineer codes with long strings that are difficult to figure out. A huge password space without many of the possible passwords being used.
      • Defense: Track people who have multiple failed attempts and ban their information from the service? Or employ throttling.
  • Petty thief
  • Counterfeiter
  • Copier
    • Is this all of the actors?