/299$30c3-talk-5600

Hallo Du!
Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles oder https://rocket.events.ccc.de/channel/subtitles erreichen.
Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen.
Vielen Dank für dein Engagement!

Hey you!
Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles or https://rocket.events.ccc.de/channel/subtitles .
Please don't forget to mark your progress in the progress bar at the talk's website.
Thank you very much for your commitment!

======================================================================

our next speakers eric here he founded tool us started many hacker spaces and worked in the u.s department of energy developing attacks and defenses for tamper evidence seals now he runs a physical security company called rift recon ryan has launched the data haven havenco uh built satellite wireless networks in iraq and uh afghanistan and now he runs a trusted computing company cryptoseal together they've been developing novel seal and cryptographic technologies to thwart physical attacks on computing devices such as what you'd find from an evil maid so turn it over to you guys awesome

cool yeah it's on yes thank you very much thank you thank you christy and christy also i look forward to when you pass the bar uh we're world friends so and when you do first drinks on me all right so let's get started so this is thwarting evil mate attacks uh physically includable functions for hardware tamper detection my name's eric michaud and this is ryan lackey in case hair no hair you can separate us string to talk it's easy anyway so let's get started so um what are we going over today first off what are evil mate attacks and then we're going to go over who is at risk it turns out everyone in this room is probably at risk at some point more so than they were a few years ago how is it done what are the methods of attack that are common and more esoteric and then how can we be safer and what new steel technologies are coming out that you can implement yourself so all right so yep uh here's a little bit about here's my cv just a little bit of it i was the co-founder of tool us some of you may know some of you might not know i started uh tool us 2004 and i co-founded a few hacker spaces in rift i'm really i mean like i don't really have any engineering degrees but i am a self-taught engineer a machinist a hacker and now now an actual ceo i have staff i have to look after and have great responsibilities i've always been a breaker of physical systems i love breaking things i've figured out attacks for multi-locks some of you might be aware of medico certain alarm sensors and many other high security systems including voting machines while i was at argonne national lab we did the verification of the voting machine hacks from princeton university and we invented a lot of new stuff there too and also now i'm currently through a partnership of rift and exploit hub some of you don't know who that is it's a uh soft our non-o day site uh we built their we're building their whole hardware directory so check it out cool i'm ryan lackey i started uh havenco with a couple ot
her people back in around 2000 it's the world's first offshore data haven in the north sea nearby i worked on anonymous electronic cash payment systems using blinded protocols i'm a security consultant in payment technology and cryptographic hardware and i founded a satellite and wireless networking company in iraq and afghanistan so a pretty high threat environment back during the uh the conflict and uh i also operated u.s military medical imaging systems in iraq afghanistan and kuwait and now i'm one of the co-founders of crypto seal we do trusted computing technology development and we actually ran a vpn provider for a while it was a consumer vpn we were just using as a sort of demo of some of our technology and when this whole lava bit fiasco happened where they were compelled to disclose their keys we preemptively shut it down because our current system wasn't resistant against it but we're working on a system that actually will so hopefully next year we'll have something great in that regard so stick around so what is an evil mate attack an evil mate attack is a attack performed by a trusted entity specifically in you know the hotel industry if you will you suspect that the the maid that comes to clean your room is someone who's benign but in fact often they're used by nation states intelligence agencies or corporations in many cases where it's really their staff and they come in to really clean up so to speak um american idioms aside but uh you know bug your laptops steal intellectual property or any number of different different things and i would say this really came to mass uh knowledge uh in the security committee back in 2009 when johanna rozkowski from invisible things lab published a paper about attacking truecrypt using invisible made attacks and that sort of shows one of the interesting things about these attacks is they have some unique characteristics their way to get persistent access and pivot to other systems and they bypass a lot of conventiona
l defenses a lot of the things that you've already built for security uh make certain assumptions about the integrity of your physical hardware and they just sort of like hand wave away say if somebody gets access to your physical hardware uh all bets are off but the problem is people get access to your hardware all the time so it's really not very helpful to say if they get access to your physical security we're not going to help you so we had to come up with some stuff and the security community needs to come up with things that will work in that environment so who is at risk originally it was you know government entities intelligence community or major criminals but nowadays it's travelers with business science and engineering and intellectual property how many of you how many of you in the room um i mean some of you are young so you might not be working at a large company or even not that you want to but working in an area where you're developing something that's unique that's valuable raise your hand whether it's source code uh you know a new uh actually pretty much all your hands up i have to explain any further so it doesn't even need to be a company it could be your academic research so people that are phd students or working on anything or even a personal project that somebody wants access to uh you don't have to tell us but how many of you are activists raise your hand some of you okay this is definitely relevant for you um how many of you play poker i saw i know some of you have seen pokerstars bags going around but uh but our online gamers in some way you deal with cash or some other value exchange cool and uh journalists some journalists in here yep let's see a few hands and uh people who have lived or are living we have family members who live in war zones so i mean i see a few hands go up okay yeah you guys are actually at risk it's no longer the the people the top of the food chain so what changed yeah so really what's happened is it's a few things t
he government sort of has changed its focus it used to be that intelligence agencies primary adversaries were other major state intelligence agencies now most of the big intel intelligence agencies are focused on small groups terrorists non-non-state actors so they've developed a lot of technology that's sort of targeted on that kind of smaller threat people travel in internationally a whole lot more it's really cheap it used to be expensive and difficult but we flew here from the us for this conference a lot of people fly across international borders all the time and it's pretty frequent they also carry a lot of vulnerable stuff with them it used to be travel with maybe a physical notebook and a pen and maybe a film camera and now you travel with laptop cell phone tablet e-reader camera uh fitness device device uh flash drive all sorts of stuff and just in one bag so people carry a lot of stuff around with them and items that actually carry a lot more information than just a it's a lot easier to do notebook yeah in addition to the nation state threat there's a lot of ways that commercial entities can now make a lot of money by compromising accounts in the news there's been uh there's been a bunch of big attacks on major retailers where huge numbers of credit cards were compromised all sorts of compromise so it's very profitable now to have a commercial or criminal organization attack also if you get first to market when a new technology is about to come out and you beat them to it you get first mover advantage so the thing is it's it's it really pays to not pay for research it turns out yeah so it's a pretty scary world yeah so to illustrate this we've come up with some scenarios on exactly how users can be attacked while they're in in various environments so we've got business travelers that are doing international travel we've got activist organizations the gaming user uh journalists and people that live in war zones and we'll go through those and describe some s
ecurity threats they face some counter conventional countermeasures they have and how those countermeasures are defeated through physical attacks so first up is the international business traveler and it's not really an executive necessarily it could be anybody it could be some it could be a student it could be an engineer actually engineers and scientists are among the main targets for this right now and uh one of the things they do is they carry a lot of intellectual property on the device they have source code they have research findings they have everything else so there's information that the adversary wants to steal from their devices there's also the access systems back at home they they keep online to keep working because it's kind of crazy to go on a vacation or a work trip and not have access to your systems so they can attack your system while you're in a country and use that to attack your systems back at home and the scariest thing is they can actually attack your uh device while you're in a country and leave something on the machine take it you take it back to your home network plug-in and it keeps attacking your home network which might be protected so that's a pretty big threat one of the unique threats that these people face is border checkpoints so in a lot of countries you have pretty good rights and personal personal liberties uh when you're inside the country um in the u.s and the eu lots of other places uk the problem is at borders a lot of those rights are either limited or suspended and as we've seen that's pretty scary so they can require that you turn over a machine to them for a certain period of time and they'll give it back to you they can require that you type stuff into your computer and all sorts of other stuff so you might think oh i'm just going to encrypt all my drives uh there's an obvious attack to that they just tell you you must decrypt it and if they're pointing a gun at you or holding you in a checkpoint or something you can'
t really like say no i'm not going to do it i mean you can but it becomes a legal challenge uh and once they even if they don't get your encryption key they just image your drive so they've got an encrypted uh image and then they can go out and get your your key later and and decrypt your uh your data there yeah and that can be done through any number of different methods whether through video surveillance or other types of ways of driving that key or just brooding it over time yeah especially on something like a cell phone or something that you're accessing all the time you're gonna use a pretty short passphrase another threat is the hotel-made sort of the the the origin of the term evil made you so you run a hotel room it's expensive and small and you might want to have somebody clean it every couple of days so the uh the maid will come in they have access they don't have to wait for you to give them access to the room each time there's a door lock and the maid has access either a master key if it's a conventional system or another digital key and they can come in and you're gone and they know you're gone for a while you keep a travel schedule they know you're out at restaurant or they know you're in a meeting or whatever else so they know you're gonna be out of the room for a certain period of time and the threat is not so much that a maid becomes evil it's that an evil person becomes a maid an intelligence agent or a true true story true story yeah so in a in a country pacific uh bordering country actually a couple of those the um the nation states intelligence apparatus will send people into your room and image your drive while you're out if you're there for meetings and it's pretty widely known there's a lot of problems with that they can attack your machine they can also attack the room so they could bug your room and they could they have some control over what room you're assigned to so there's a pretty big vulnerability there so you might think that you can
use a safe though it turns out there's a lot of problems with those like master codes ways to bypass like on this safe right here um the bottom right of the panel there's a little you see a little off color you know circle that's actually a bypass key so if you know there's a lockout like the battery fails or some other mechanisms inside is not performing correctly you can pick that and all hotel saves are not rated for by any security standard that i'm familiar with they just say it's secure so it doesn't have any time to attack like takes 15 minutes of tools they're just they're not really that good and and you can also take the panels off this thing called spiking which is you pull the wires out to the solenoid because they're usually electronic not mechanical anymore and you just connect a 9-volt battery and it pulls the solenoid back and then you're in and there's a number of other ways too another threat which was recently in the news is uh the implant so as we said you get they can image your device when you're through a checkpoint or whatever else and they've got an encrypted image but they need to get a passphrase or they need to get physical access they need to get logical access to machine and do a various other stuff it's very difficult to detect hardware changes on physical hardware there's a variety of them you can go over yeah like i mean to be honest like how are you going to run antivirus on that keylogger in the left side honestly what if you have a firmware updated for your ethernet card i mean you don't there aren't really a lot of technologies available immediately today commercially to solve these problems um also what about what if someone removes the keyboard puts a single layer pcb with a via that logs your keystrokes and just transmits transmits it over rf there's many different ways to do it as as many different uh tools are available in your electronics catalog and stuff that you can come up independently you have a lot more resources li
ke coming up with a tool on the right called the cottonmouth probably doesn't cost twenty thousand dollars a unit to do this commercially yeah another threat that you face is of course network monitoring you're in a country where the cell phone company is most likely either an organ of the state or is highly licensed by the state so they can see a lot of traffic there they can do over-the-air upgrades they can do all sorts of stuff for your cell phone they control all the wide area network access they can monitor there they can do stuff with firewall so you might think like oh a vpn is a great solution to that and it is i mean i love vpns but they're they're not so great if your endpoint is compromised so the the countermeasure you put in place to protect you from network monitoring doesn't protect you if your endpoint gets compromised so another organization that has a lot of things to fear would be an activist organization say a group that gets a lot of highly sensitive documents given to them or they acquire them somehow and they're controlling them and a lot of people really would like those documents so they need to do things with them and they're um it's pretty pretty dangerous so they have access to documents the adversary would like to get access to them also knowing all the personnel that are involved in the organization is a big risk um because some of those people might not be public about their involvement with the organization and if they're exposed they might lose their privileged access all sorts of stuff like that uh subversion of the systems of the organization and potentially prosecution persecution all sorts of bad stuff can happen to you and it doesn't have to happen in your home country it can happen a lot of other places one of the unique problems that activist organizations have is they're usually pretty poorly resourced they don't have a lot of money they don't have a lot of dedicated hardware or anything else there's a few that that have bee
n raising a lot of money recently but in general they're especially outside of it they have very bad i.t your average like labor organization group or whatever has has very minimal computer security and resources for that so they're using a lot of their personal machines with no real security policy um no real full-time sysadmin nothing like that they're certainly not security a full-time security guy so it's pretty easy to compromise an end user in one of these organizations you just sort of put up a site that attracts users from that site and compromise them there and once you compromise their computer then you can access the systems of the organization they also face a fairly unique problem that you're familiar with at their physical premises so yeah so black bag operations are generally uh you know b and e breaking and entering operations so you need to get physical access some way and i can either picking a lock going through a window bypassing alarms and sensors and switches like i'm uniquely familiar with this uh as my company does uh teaches the defenses on offenses of it so we know what to look for and there's many many different ways you can do it i mean it one of the one of the things i learned years ago is like you know it's great to have a carpenter on staff because you can cut through drywall and repaint it very quickly and no one knows you didn't touch the rfid reader how many of you have worked in data centers where um there's no steel wall in in between the drywall yeah i see a few hands i'm pretty sure a lot more than you think um i've seen quite a lot of data centers in my time but yeah there's a lot of ways to do it um i mean even uh triggering requests to exit sensors as an example turns out you can put a little pocket warmer you know when you go skiing or snowboarding you open up a bag it heats up keeps your hands warm push that under the door you'll trigger the inside sensor to release the door lock from the inside as if you're a person leavin
g so there's many ways to do this and i just covered a very small percentage of them but it's it's really it's a big and real threat and i don't think your average activist organization is going to have a super high security physical office because they'd rather spend their money on on activism rather than physical facilities another class of users that are vulnerable are online gaming users so this is really anybody who's got an important online account it's not specific to gaming but one really really interesting example recently is uh f-secure came out with a report that a poker player likes to play poker a lot was in barcelona and this was back in december actually earlier in this month and uh he would play poker online he'd also play physical so he left his laptop up in the hotel room at sort of like a physical poker competition went down was playing poker and people were compromising his laptop and installing some subversion software on his laptop while he was away so his online poker accounts got compromised and the really scary thing about this is not that it's happened once it's that this they say it was not the first time is not particularly unusual has a purely commercial profit motive so it's sort of like a self-financing operation there's no reason to believe this doesn't happen frequently and on an increasing basis so one of the things that people think about uh if you're you know an evil maid you have the cards and keys to get in but what if you're not and maybe you maybe know local locksmith or you can bend some metal you can do something like this with the under the door tool where you don't need to touch the locking systems at all you just grab the door handle from the inside

it's about a minute yeah it's fine so you can talk to her yeah so what i'm pulling out here actually is a little uh wrap of steel uh with the cable inside um and uh that's called the under the door tool uh it works on lever locks so you know the handles with the lever so that one's all wound up we undo the velcro and then shove it under the door i actually have um it over there actually um starbug who did the uh touch id hack actually i have to give one to him so you guys can keep on here in the country um but yeah if you want to see it later come by the locksmith area actually lock picking area and we can do some demos yeah checking to see you know that the door is open or locked because sometimes it's actually left open measure the distance slide it under the door you see in the top left the tool going in

lifting up one two three on some of the handle

that's it and once i know it's there pull the wire jiggle

and i'm in

so another class of users that we care about that are that are at risk or journalists and there's a lot of definition of who's a journalist but really anybody reporting on this kind of stuff at this point is is doing journalism and uh journalists have often are very public people so they themselves are known but they have confidential sources and the reason why these sources are willing to give information to the journalist is that the journalist protects their uh anonymity very very strongly there have been journalists that have gone to prison for protecting uh to to protect people from from being compromised and uh certainly and worse in other countries uh so this is very important to journalists and there's some attacks that are uh that are pretty unique to journalists like uh well not terribly nature journalists uh you basically just arrest them and you have them you seize their equipment and you image it and you give it back to them potentially with um with malware installed or if they didn't bother to use crypto because the majority of them don't you've got the data there and they're they're usually not very rich so they're if you seize their equipment for a couple days they're really worried that they're not going to be able to get any work done when they get it back so they're not going to go out and throw it away and go out and buy new hardware they're going to take that equipment and keep using it as if nothing had happened and uh and yeah you win so yeah yeah and if there's no evidence that uh it's been tampered with it's gonna be really hard to pressure your boss to get you a new laptop yeah that's if you're not independent if you're not an independent uh stringer yeah uh and then the other category of people are people in war zones and that's really the whole range of people that are just sort of like families that live there if you've got a relative who happens to live in a country that becomes a war zone over time they're at risk because both your per
sonal physical safety is at risk i mean obviously it's a war zone and um going after contacts and networks you want to find out all the people that are members of certain organizations you find one of them and you sort of like do a network analysis and find all the people they talk to and all that stuff and uh there's a fairly unique problem for for people in these places where people on both sides are in middle eastern countries that are in war zones they will find somebody who's in a network they will compromise that person they'll imprison them they'll kill them whatever else take their systems and continue impersonating them and find everybody else who's in their network attract them and arrest or kill them so it's a huge risk for them it's pretty much the ultimate risk so you'd think as we said earlier the um governments were sort of the original people that uh that faced these kind of risks and they had some solutions but as we'll see they have solutions but they were really just for government they're not really applicable to a lot of other people in a lot of cases and they're not really foolproof either so government security is certainly not a bulletproof thing one of the things they've always built on is they have uh is physical security governments have have long like way before computers relied on physical security to keep their records facilities safe they have a bunch of standards i'm familiar with the u.s standards but a lot of countries have these things where the if you're going to use a computer at a very high security level you can only do it in a special kind of environment you don't go to a coffee shop with your laptop you don't go to a regular office environment with a laptop to process you do it in a room called a skiff a sensitive compartmentalized information facility it's basically a bank vault that is lined with some metal to block rf shielding has physical security so it's got very high security locks monitoring alarming everything else u
m super expensive like the seals on the doors alone are like 5 10 grand so you're not really going to buy these commercially they're restricted a lot of the standards are actually themselves classified in order to build one of these things they're required for defense contractors in america it's it's a big big deal um one of the things they have actually are embassies so they actually were able to get all the other countries to come up and do some treaties so there's vienna and other places where they um they decided that all countries embassies would be sort of in violent territory of other kind of of the country extraterritorially so they will not be able to be subject to local search or anything else which is great because a great way to defend against siege search is to just not be allowed to be searched unfortunately like private citizens can't really do that they have special couriers that will transport material between sites they'll have their own basically their own carrier service sometimes they use commercial carriers sometimes they have armed security guys that travel with the the item and and keep it protected that way uh they've got a lot of other stuff but basically the fundamental thing here is all this stuff is really really expensive and one of the things they do that's sort of like the least absurd thing they do is they have a dedicated travel pool of laptops that are the only machines that are allowed to be taken out of their facility so if you're a government user that wants to go to a foreign country for a conference you don't get to take your work laptop you take a special laptop that only has access to very minimal things doesn't have access to home systems everything else that works great if you've got like 500 000 employees and they don't really need to do a lot of work during that trip but if you're a private person who travels to a country to do work you have to take your stuff with you to do all your work while you're there good question

quick testing quick question who travels for work with their laptop everyone should look around really quick it's a lot of hands-on no don't keep them up keep up don't hide it now look around a lot of you do that yeah yeah that wasn't happening about 20 years ago fyi just like that the landscape has completely changed yeah and they do some cool stuff with those travel laptops they actually when they get them back they do uh various forensic analysis on them sometimes they they do physical inspection uh sometimes they x-ray them to see if components have been added to them they do all sorts of crazy stuff on these things and depending on who they are like certainly us agencies usually have more money than a lot of countries do so they're going to do more of this stuff but and if they're going to a high threat environment they might do more than if they're going to a friendly country but but they do a lot of stuff that's really difficult to do and they have so much money they can build their own custom procedures they can implement great policies and government employees are really good at obeying directives and doing it persistently and consistently so they can have a policy where they have to go do something every day and they'll actually stick to it but yeah custom hardware detailed accounting procedures everything like that

okay problem is it's not completely effective so it's super expensive and doesn't actually work so um turns out uh certain organizations when they come to problems like these they develop specialized tools so as i said at the very beginning i'm the co-founder of tool us i've been a sport picker for a long time then i worked for the united states government learning more stuff and how the mindset worked of like you know you need to get access in these hardened areas i never worked on those particular problems but i learned around that and eventually started learning about other tools and there's a man by the name of john fall who makes tools not generally for the public market he makes lock picks for the public market but he came up with this particular tool about 20 over 20 years ago i've been told it used to be a classified tool i don't think anyone has seen this ever in public and so this is basically we're dropping this right now this tool right here is called the universal pin tumbler decoder you come by the lock picking area later and take a look at it basically what it does is it is designed to not pick a lock but decode a lock this tool what it does is it has a very thin wire shim it doesn't lift the pin it slides between the pin and the cavity and it curves back and you can see i don't know if you can see it very well because the wire is so thin but stop by the lock picking area we'll have more videos online in a bit this tool is no longer classified so i'm not getting that kind of trouble but the tool i turn up the hypodermic syringe which carries a needle there's a little wire and it slides up and you can see at the top pin you might jump a little see it spins right there that means i touched it and i'll feel that on the plunger and when trained uh when you train enough with this tool you can decode locks and down in as low as 30 seconds and the other interesting thing is to the design of this tool is that you can come back years later as long as the lock
has not been repinned so if you only have time to like in a dark corner go by and try the first pin you figure it out go go away tell maybe one of your other black bag operators and say okay we got this one do this one and if you only have 10 seconds at a time you can do that and then eventually you'll have persistent access because you will be able to cut the key to code after the fact so these are tools that are as i said not available to the uh to the public market at all heavily restricted um hell i can't even really buy them but i do have one from a friend um and so i thought it would be interesting to show the public what kind of tools are available now i said this is 20 years old there are way more sophisticated tools today to give you some perspective as to what is available as you've been also seeing through the other talks there are other tools that most people didn't think existed and there's other tools the other thing that's unique about government is they are willing to spend a lot of money to go after a single target uh in the case of the us and the soviet union back from i think the 50s or 60s u.s built this great embassy in in moscow and uh they got a gift from the the soviets of a seal a great seal of the united states it was really really pretty and uh they did they thought oh does it have a microphone inside it it had no um active components or anything else inside it was just this nice seal so they hung it up in one of their sensitive meeting rooms and it turns out it actually had a piece of metal inside it that when you um irradiated it with a rf from outside thing from one of the soviet facilities turned it into a microphone that would remotely uh transmit a thing so they spent i don't know how much time coming up with this thing for a single room single attack but pretty effective and they'll and there's no reason to think they haven't continued doing that over time given the 50 billion budget for this kind of stuff every year so it's it's pr
etty crazy um but and the other reason why it also there's these weird technical things so those are the advantages government has but they also have some disadvantages one of their big disadvantages is actually their other strength is they're so big and they have so much money and so much staff that means they've got a lot of insiders and one of the biggest risks to them is that they have insiders that are going to either accidentally not comply with security policy or willfully not comply with security policy and pretty much over recently we've seen some of the consequences of that so uh they have that threat whereas a small an individual certainly doesn't have that threat and a small organization generally doesn't have that threat as frequently and sometimes they just grew up like they went to the u.s commerce secretary went to china on a big meeting they did everything right most of the time and they just sort of like left a laptop containing the commerce secretary's left a bag containing his laptop like somewhere and uh yeah so if the problem is they have to be right all the time and if you screw up once yeah that's not so great so where do we go from here um we have all these types of attacks and we think we have all these defenses and it turns out they're really not that good especially when you don't have a well-resourced entity to to take care of having a dedicated security staff to train employees and everything else well there's seals not this seal these kinds of seals so seals can in many shapes and sizes i actually uh i have a particular way of describing them but where i used to work at the vulnerability assessment team at argonne they have a great description of tamper evident devices and i'm just going to read it right here so tamper evident devices are used to detect and report an unauthorized entry let's take an idea of what it is and perhaps discourage it unlike intrusion or burglar alarms seals report unauthorized entry after the fact they must b
e inspected either manually or electronically so they can be you know tamper evident tapes stickers seals like the peel of an orange is actually a tamper indicating device if it looks like the wrong color then you don't need it that's its job but didn't help you prevent that um and they also um so a seal does not need to resist physical entry uh actually it's supposed to be broken um but it's supposed to indicate to the person um that it has been opened in other words a seal is not a lock indeed some seals are made of paper or plastic and can be easily removed or cut off certain security products known as barrier seals they do provide a physical barrier to entry but again they're not also very often reusable these are hybrid devices part lock and part seal barrier steel should be used with care barrier steel is often a compromise compromise of a product neither optimum as a lock or as a seal it's a dual function tends to complicate issues about how to best use the product so whether you use it like on a laptop or in your car on a shipping container etc etc seals also require a very strong procedure to be put in place to be effective if you don't have a policy of having someone check and actually checking things not just looking at it but seeing the serial numbers line up um does the does the device look like it's been messed with did it peel back did it change color any of these different factors if you're not checking for those things which can take it and require a trained eye they're not effective and so you need to have procurement and storage and keeping procedures to you know make these things work so anyway turns out physical steels also really suck um aside from having what you think are good thing good seals that you see on the market it turns out that um there's an event at defcon called the tamper village and they've been uh people have been taught in last few years and now there's competitions about how fast people can defeat these seals as you see on th
e table over here in the picture you'll see a lot of plastic wraps and beads and those often are defeated by you know shims made out of coke cans or beer cans people also use uh solvents for the paper materials and plastics like heptane acetone a lot of these things are over the counter uh and it turns out that uh it doesn't take a very long time to defeat seals the vat did a study uh over the years and they keep adding to it as they do more seals that they haven't seen but as you can see here the average time to defeat average seals even high-end ones is around a minute and a half and the median is even less than that like i i a lot of them i can defeat around that time frame myself and i teach that too um and now i know the defenses for these and it turns out it's not really expensive to do so um some some of them are really expensive uh but um yeah so so there's another problem is that users are lazy uh this this requirement that seals be verified by by the user and have a big security policy and everything else we've we've got some sort of analogs in the regular computer security world of things like ssl certificate checking and ssh keys and everything else people just click through they don't they don't really put any effort into it so when they've got a choice they're gonna they're gonna skip ahead so it's really unlikely we're gonna build a great system that depends on users making correct security decisions all the time there's another feature that'd be really nice remote attestation uh it'd be nice like this whole cloud thing with like remote services and all these other things be nice if the cloud service that actually had your data knew that your laptop was secure before you connected to it and did all this stuff so you need a way that your computing device can prove to the remote server your organization server or commercial service or whatever that it's actually intact there are devices that do this the problem is they're not really ideal one of the cla
sses of devices is something called a hardware security module they are basically computers inside little safes they've got tamper evidence all over them and tamper response so if you try to mess with them physically or logically or anything else they erase the contents before you can get to them the problem is they're like twenty thousand dollars each and there's maybe two or three big manufacturers of them and they're big defense contractors slash government vendors so if an activist organization were to try to buy one on their website one they probably wouldn't get one because they're export controlled two if they were having one shipped to them it would be one of those packages that would get sort of like mysteriously delayed for a couple of hours and replaced with one that's actually evil so they couldn't trust it um and they're so expensive that no one's really going to do like a tear down analysis of a 20 000 device where you've got to burn like five or six of these devices and everything else like no private organization is gonna look no private individual is gonna do that and you can't really trust like a standards agency to do this for you yeah uh so there's also smart cards which are great um they're cheap they're in all your cell phones are sim cards they're in id cards they're in payment cards everything else the problems they don't actually provide enough physical protection for this threat model they provide protection for individual credentials but in this case if you compromise any of the systems you're going to compromise all of them so it's not so great there's also trusted computing so it's the the tcg tpm txt all these acronyms from people that have been really around since like the mid late 90s it's inadequate it's inadequate for a few reasons one not really widely deployed doesn't really work but maybe we can fix that but second it doesn't protect the whole thing that you need to protect it was designed to do basically drm digital rights manag
ement to keep people from pirating movie content we can see how well that's worked and it it's not really designed to protect a single machine a single computer from a focused attack uh you can still attack the memory you can attack all sorts of stuff so it's insufficient and it's a pain so it's not really a great solution either and certainly it's not a great solution if somebody has physical access to your machine to do stuff with it so where do we go from here um uh you know people think it's a good idea to take a notebook write down things and check it but it's not really objective you need machine verifiable and repeatable tests so quick quiz for the audience who can tell me what is different about these two pictures raise your hand and i'll point you out and you can yell it anybody no no seriously audience participation anyone just shout it out what's different

no one i know it's kind of hard up here okay maybe this will be a little easier it's a technique called blink comparison what's changing now can you see it

right

yes that's true this is a simple technique you can use developed by astronomers many many many many moons ago and it makes it a lot easier for you to tell that something's changed like you can't just say i i turn the screw 38 degrees it's just not going to really cut it unless you have like you know a method with photography like a mobile phone or some other device um it's just you you won't know if something's been tampered with or it's just you're paranoid even if it's true so where do we go from here yeah so the problem is so this is a great check and if you use a cell phone to do this check it's uh it's easier to do cheaper to do everything else someone shouted okay okay nevermind so it's easier to do but the problem is it doesn't really address the problem of users are pretty lazy what you do is you'd ask a user to say are the seals intact on your machine before you log into this website please check check this box if it's secure uh yeah you know how well it's gonna work so what we did is we came up with a way that we could make the seal verification basically like a two-factor authentication so it's a machine check that then sends something to a remote server that's located in your in your home data center uh verifies the integrity of the seal and then sends you back a short-lived credential right now it's a kerberos ticket but we could do ssl cert we could do all sorts of stuff or just allow you access the resource um and this basically makes it non-skippable by the user if the user doesn't do the check they don't get access pretty fair and it works great it's cheap uses cheap seals uses cell phones that everyone's got with them uh the cell phone is considered to be secure because you have it with you at all times and it can protect in a lot of these scenarios that we've outlined um you can go through the business traveler all these people yeah so uh how would you apply these things to your own devices so uh first off with the business traveler nowadays peopl
e starting to make usb port plugs like ultra port uh plugs like in your thinkpads um what you wanna do is put them in they disable the port physically you'll have to disassemble the machine so if you're putting tamper evidence stickers over all the control surfaces which are areas that you can open to get internal access it's a good start then again you got to make sure you have a tamper indicating device that is very frangible you don't want something that could be peeled back and put back very quickly unless someone doesn't know that that actually is a tamper indicating seal maybe you just have your eff sticker as an example on there and they think it's just decoration but really it's you it's to tell you that something has happened and then activist organizations at their headquarters maybe just putting you know a pen on a table in a particular way and then you photograph it you have to do like a photograph you can't just say i placed it there it's you're really going to miss stuff and so what you do is to get access to let's say a filing cabinet you maybe have to move something and if they don't place it back directly you'll know something has happened someone has been there just make sure if it's something light like paper you don't have a fan blowing around and just knock things over it'd be useless online gaming user um you can use the safe but you should you know use seals in the safe um i generally cover covert traps but covert traps are um are you know your secret tamper indicating devices like a piece of hair like you put it on a door jamb lick it place it it's very hard to see very hard to detect unless someone knows to look for it but then you have other seals around just as distraction but they also are covering important parts journalists operating in dangerous environments they're kind of the same thing but also if you're going to go meet somebody in a particular area you know you clear it ahead of time you go check out maybe you're going to be in a
room where you know no one will be but you want to make sure that after the time between you clean it clear it check it and you come back no one's been there so you put seals on doors maybe you move a chair in a particular way so that you can check again with a photograph and for people living in war zones one of the ways you could use this would be when you're sending information or sending physical items to people you put them in a sealed container that has seals and you send them out of ban through email or some other means the integrity information for that seal so they can verify that the package hasn't been tampered with and they receive it so they know it's actually from you it's basically a way to cryptographically sign a physical item which is kind of cool the problem with all the the seals we think are a great solution to this but they've got some definite problems the biggest problem is they can't go back in time you you need to um if you've got a device and you just show up with a new device and you ask me like is this device tampered with there's no way i'm going to be able to give you a good answer because the there's so many ways you can tamper with something if you don't have a good baseline measurement on that device you won't be able to compare it to anything so you'll be trying to find like vendor specs for it but there's a rata it basically isn't going to work i would just tell you buy a new device the um and most of these devices they're not designed to be very tamper evident at all because tamper evidence is like the enemy of easy manufacturing and cheap manufacturing so people want cheap stuff so the problem is we need to convince people that they should be worried about this in advance of having a problem and sort of implement these policies earlier on operational security is not retroactive you've got to be doing it at the beginning or something bad is going to happen down the line so and so we've got some areas for research other people or
us or whatever so a major area of this is actually policy knowing that you need to do this or that isn't is a threat that physical attacks are a threat and that there's you need to do countermeasures computing devices that are designed for better tamper evidence and response um maybe a computer that doesn't have a bunch of ports on it and a bunch of direct dma access memory ports external to the system and things like that would be nice um better ties between the seal technology and trusted computing technology so it sort of wrote off the tcg trusted computing stuff from a physical perspective but it turns out if you combine that with seals you can actually get some pretty good protection you wouldn't get with either alone and integration in an organizational environment into things like your vpn system your mobile device management network access control because if this is like a little separate system that doesn't really touch the rest of your systems you'll ignore it and it won't actually use it but if you tie it into your vpns you only get access to your vpn when the seal check is verified only get access to other resources that way it'll work really well and the seals we're using are not really designed for this they're sort of reusing seals the the sensor platform we have is a cell phone that has a it's a decent camera but not a great camera especially for macro type stuff and a lot of the seals are designed to be inspected by humans visually at like a very forensic level so it'd be nice to have seals that are designed and optimized to be better sensible by the verifiable biophone and maybe other kinds of thing rather than visual uh so it's a bunch of stuff like that and i'm sure there's other areas of research that are that are appealing as well so in conclusion we we're now realizing that there's a much wider variety of users at risk it's not just government entities in intelligence communities but it's basically everyone in this room new technical solutions
are needed um most of the stuff most of the knowledge base is kept up in those organizations and there's not a lot of that publicly available just yet there's a lot of people that are amateurs playing this game and some professionals and i at least where i'm from i know most of them um and there's not enough of them to go around to start teaching everybody and also remote verified seals are a great solution because then you have like you know a networked resource that can do a little more verification than the person locally can do and also can cut them off from access and then also it's slightly complex enough that you may need a little help just to get started and so there's other than just putting seals on there but having a good baseline of policies and procedures so anyway that's our talk

so we'll open up the floor for a few q a's uh christine hi okay um yeah we have we have time for questions um please line up at the microphones we have four microphones um i can't tell are there microphones up top and we're also taking questions from the internet so if you're watching our live stream haven't made it to the congress all yet please um we are taking from twitter and irc um so let's get started how about microphone two hi uh less a question and more a very brief uh story about uh physical access that i'm pretty sure even you probably haven't heard of i work at a robotics company we exist the company runs mostly on interns and visiting researchers that come and go and this actually happened um one of the one of our interns uh uh we had him over for a semester and uh first semester great break did some great work decided to have him back pulled his physical access his hid key pulled his other access but because this is an academic environment you want to encourage collaboration while they're back at their home university didn't pull the vpn keys have him back for a second uh term and he gets there albright and he's very young industrious in turn he gets back for his first day of his second term all bright-eyed and bushy-tailed and realizes hey he doesn't have door access yet but he does have his vpn keys and he's sitting outside the off he's sitting outside the building and so he pops open his laptop vpns into the internal network ssh is into a robot drives the robot over the door over to the door and runs the door opening program from the inside yeah it sounds like i want to hire him and and as we and actually we checked this there was uh there was because it was from the inside there was no record in the hid logs yeah only a uh an ssh you can only tell he started a vpn session there's no logging of like what machine he vpned into because the robot is basically a little linux box on wheels yeah interesting uh follow-up to that and that's a great story th
ank you that that's very entertaining um yeah a lot of companies they don't link their vpn with their um their you know other credentials and systems like if someone's desktop fires up but they didn't walk into the building and this they're supposedly there but they're not you know the cto and the cso don't actually talk to each other often so there's a lot of problems with that so as an example right there you don't have um you know exit control access logs um and also you're not logging the robots so interesting use case but um but yeah that is a big problem okay i understand we have a number of questions from the internet uh there's just one really at the moment voice from above

the question question from irc are you aware of any open source uh hardware security module or something that you could build yourself ryan you could take that shmucon in about a month i'm doing a presentation on that there are actually are four or five projects to do something like that one from uh uh dns sec uh one for there's a few uh people have used like raspberry pi's they've used various other devices they generally focus on separating out the they they focus on the logical protection as opposed to high-end physical protection but ultimately i think the best way to do a an open source hsm is to publish a great design that can use commodity components because it's really hard to tell if a ic has been compromised but if you can use a variety of cheap commodity components you can you can put them together to buy them for various sources and do stuff like that so yeah there's some interesting work in that area that that will be open source in public okay microphone four oh hello um i have more requests not exactly a question uh could you please show again the slide where you compared those two photographs because i didn't see anything oh sure yeah it's it's hard on the screen because i don't think it is a 1080p and it's not very bright so i'll stand right over here and i don't have a laser pointer but it's that screw sorry and now i'm gonna have a seizure um that screw right there can you see it you might need to get closer that's the thing like when blowing up with this contrast it's really hard but when you actually look at your laptop screen it's very easy to tell so again walk closer to the screen you'll definitely see it but that's the thing the point was it's a very minute detail and if you aren't vigilant and if you're just taking notes or something that that's practically useless i mean you're just really going to go on the side of error that something happened instead of actually having proof okay thank you you're welcome okay microphone 2. um the descri
ption said something that you will present something about physically unclosable functions uh for hardware temper detection if i understood it correctly would you mind elaborate on that what what results you got there and what kind of protection you can achieve using that yeah so we we did because of the time constraint of the top we pulled out uh two slides and one of them aside from uh physical physical and clonable functions which are uni like in our context my context for work is you know devices uh with unique uh characteristics of manufacturing um i you know we'll actually put it up in the slides on the way out uh when we upload them we had two two change batteries so we have the same laptops and the identical batteries but when you swap them and they're from the same line you could easily tell back and forth which things are changed so if someone swaps out a component it turns out through you know plastics manufacturing even milling they'll look slightly different but it's hard to tell visually side by side but if you do a quick blink comparison you can tell and same thing with like uh you know the stickers the stickers themselves are uh you know puffs you might be thinking more of the ones on a chip chip level uh but this is more macro so we've also done non-sticker seals basically paint special paint uh dynamic things like metallic paint glitter things like that those are also a form of physical and clonable function there's also the array of fiber optic cable where it's uh it's sort of randomized really anything where it's you physically can't copy it in the manufacture time where it's a lot there's randomness in the physical manufacturing process the technique of verifying and doing remote verification works just the same with those uh we can't do this with um like chips because we don't have an electron microscope on our cell phone right now but we could we can do this the goal is to be able to do it the sensors that will work with the phone so we have t
o do macro level type stuff okay so it's not about smart cards with physically unknown functions it's just physical changes with you which you photograph for those yeah device level things not not uh not chip yeah further up the chain they're both physically and clonable functions uh they're just at different scales okay then i would have a follow-up question if i can how does it actually work in practice because you leave your hotel room in the morning you come back in the evening you have different lighting conditions you cannot put the cell phone into exactly the same position how does it work in this scenario i'll take that that's actually really easy to do you close the shades turn the lights on so you have a consistent lighting condition and that you put your mobile device or camera device in a in a jig format so you find a surface that you can butt your camera up to and lock it so you like a shelf push it against the wall stand to the side take a photo and almost every single time it'll be identical uh and then and then you can correct it on your on your laptop or other other devices and just over line uh overlay them and then flip them back and forth you can use like for macintosh preview um and like actually i don't use windows so yeah there's also registration marks that you can put in the image to system we have some not very great open cv code right now that tried to decide to do this that uh which will be open and released the um you can put registration marks in to make this process a lot easier the problem is you have skew and stuff on the camera so it's actually a fairly complicated uh problem but it it mostly works yeah there is a product in the iphone store that does blink comparison the problem is uh it's it's very inaccurate because it wants you to hold it and a human is not going to be able to replicate the same you know you know parallax for your shot every time it's going to be slightly off and just it's going to be very i've used it it's not
very great and so as i said like basic things like find something in the room that's immovable that probably hasn't moved the desk may have moved but find something that's nailed down like a shelf and then you can just do that shot and you get a very reproducible yeah and certain kinds of seals are going to be much much easier to verify than other kinds of seals they'll have larger areas thank you for the question okay do we have a question from the internet yeah another question from the internet is uh how would you make your own seal and uh if you were to get a seal uh what what would you be looking for into a good seal so a good seal you want something that's um easily frangible but it's not to break by accidental use like i i can't i don't want to give away all the traps because then that gives my adversaries an advantage but a good one which is easy to use is a pearlescent paint or nail polish put it on all your screws take a photograph specifically ones that have a lot of glitter in it because it's going to be very difficult to replicate that yeah there's really two classes of big classes of attacks there's taking an intact seal removing it from a device tampering with the device or tampering the device without breaking the seal and there's counterfeiting the seal itself uh conventional seals a lot of cases depend on like mass manufacturing being really hard and unit one quantity one costing the same as like quantity 10 million uh that's not so much true anymore with a lot of manufacturing technologies i can copy something pretty easily so i take your device protected by seal cut the seal up destroy your seal and just make a new one and put it back on and you can't be able to tell um that's that's a threat but certain kinds of things like the glitter are going to be very difficult to do that with and it's incredibly cheap too and it looks pretty yeah and cheap is a major major uh problem also needs to be fairly durable because you don't want it to break in inc
idental use there's some tricks you can do uh to help against that but yeah yeah so like stickers like cheap crappy stickers one of the things we've been coming up with is actually time decay stickers uh where if when you sync it with the vpn service these you apply the seal and it will the color will fade away and when you take it the system of course will know what the general decay should have been so someone will have to have like 100 or a thousand seals prepped over time consistently fading to to know to get it at the right time but also if they you know they could time out or not get the right one after three tries and then you know that you won't be able to get back in the system and that's that's a good thing okay microphone four hi the discussion you just had reminded me of a paper from princeton university i think from last year okay about pieces of paper and they found that pieces of ordinary paper were actually more at the microscopic level quite physically distinct from each other yeah and i think an ordinary scanner was able to reveal patterns of wood fibers in the paper that were distinct from piece of paper and a piece of paper to piece of paper i believe that um yeah and that was quite scary from a privacy point of view because for example the company that makes the paper could actually have internal serial numbers of the sheets of paper that they like banknotes are your printer cartridges yeah um so i guess from a seal's point of view i wonder if with a sensor that people might have if you could actually use maybe sheets of paper and the wood fiber patterns in them yeah that's a physically unclonable function there's definitely a legitimate method yeah yeah yes that is a legitimate method uh though having a flatbed scanner with you on your trip it seems a little more unlikely so we do our best to find ways to use the tools available to you currently so you can do that do you think there's a prospect um i don't know what level of magnification you n
eed that the cameras in phones at some point soon might actually be able to get some of that patterning and you could do some lighting conditions yeah definitely if you had one of those external little like 30 macro lenses on your camera you'd be you'd be pretty well served there um we can look and look at this it actually looks like an interesting thing yeah actually send us an email we'd love to chat more about that cool yeah okay do we have one more question from the internet no okay all right sounds like we're all good all right well guys thank you again thank you for having us

you