“It’s OK, the data was encrypted...” Ken Munro ex-NCC Group SecureTest... said the financial services company to the FSA... or the retailer to the PCI

“It’s OK, the data was encrypted...”

Ken Munroex-NCC Group SecureTest

... said the financial services company to the FSA... or the retailer to the PCI Council

... or the government dept to the journalist

Commercial in Confidence - © Copyright 2008 NCC Group plc - all rights reserved

The problems with encryption

2

Phenomenal ...when it’s working

Invulnerable ...today

Exposed ...by users ...by vendors ...by weak

implementation

Compromised ...by muppetry ...and kneejerks

Relied upon too heavily ...as a Band Aid to cover

up other issues

Problem #1: Data not at rest


Data not at rest

Laptops & desktops are generally only encrypted when switched off Booting to another O/S from CD requires a reboot (encrypting...) Ctrl+Alt+Del is essential, but Firewire attack often works

Servers hosting payment card data usually decrypt on the fly The joy of PCI! Symmetric encryption is often preferred over one-way hashing

(it’s reversible) Concerns over key storage...

Request a password reset – see what happens Did you get your password back in clear text? Can’t have been one-way hashing if so

Servers storing data not falling under PCI often contain very sensitive information, yet are rarely encrypted

So if someone fancies a spot of social engineering But we’ll come back to that...

Problem #2: Making a hash of encryption


Making a hash of it

Data encrypted at rest is very, very hard to recover

Princeton researchers realised that secret keys have to be loaded into memory to decrypt data

Memory maintains its state for a period of time after shutdown So if you could artificially maintain the state for longer, you could

scrape the memory & search it for the secret key Freezy spray time!

But even the cold boot attack doesn’t work for long after the device has been powered down But you can rely on users to make a mockery of your encryption

solution

Laptops left in standby, caching encryption keys in memory (warm boot!)

Windows Integrated Login, loading keys into memory, before authentication is required (warmer boot!)

Problem #3: The future


Cracking ExxonMobil Speedpass


Petrol station fuel charging

Probably the first high profile cracking of an RFID encryption technology

ExxonMobil introduced SpeedPass in 1997, based on Texas Instruments’ technology It allowed drivers to simply wave a key ring tag at a pump

in order to purchase vehicle fuel

The tag used PKI encryption, but only single DES; 56-bit encryption This was considered adequate in the distant past

A FPGA cracker was built by a team at John Hopkins University, containing 16 processors After refinement, keys could be cracked in around 15

minutes

The TI system now supports 128-bit encryption! But around 6 million tags had already been issued…

http://www.jhu.edu/news_info/news/home05/jan05/rfid.html


Faster cracking

You need a supercomputer for cracking encryption, don’t you?

Well, yes…but Anyone got a PS3? Or a TFT monitor?

Most TFTs and screens have an FPGA on board for video processing

http://nsa.unaligned.org

The PS3 uses the incredibly overspecced CELL processor

1,000 times faster than an Intel chip

Universities using it for black hole modelling

Chained PS3s for cracking!


One step further

A Russian organisation noticed that large amounts of processing power went unused on video processing boards You want amazing graphics for games, but you don’t

game 24x7

Graphics processors – very powerful Distributed computation, using latent processing

power of your graphics cards

NTLM – the encryption method used by Windows to store your passwords Fast Intel chipset – 40M attempts/sec Fast graphics card – around 1 Billion/sec A single PS3 – around 5 Billion/sec Distributed, cheap, use of graphics processors –in

excess of 400 Billion attempts/sec

11


The daddy of cracking

Pico Computing SuperStack USD 120,000 Cracked GSM (A5/1 – Europe/US) in 30 mins using 16

FPGAs This beast can support up to 77

Fancy cracking BlueTooth/WPA etc?

Pre-computed hash tables Generate on the fly? WPA-PSK is toast

Encryption is entering a whole new ballgame


Hacking Philips MiFare

Reverse engineering of the crypto Crypto-1 is closed source

Researchers at University of Virginia physically dissected the chip

Sliced off tiny layers of the chip, using a microscope then inspected the logic gates Efficient inspection, for example by

looking for XOR gates that are rarely used in control logic

Or blocks of gates connected strongly to each other, but sparsely to the rest of the chip

13

Reconstructed the algorithm

Cloning simple-ish


Speeding ticket troubles?

Many police force in UK now rolling out PNC access using Windows Mobile devices Speed of use, retrieval of images etc

Bluetooth connection to wearable ticket printer Cables on officers are a bad thing,

apparently

Was that a £150 2.4GHz jammer in your pocket?

SAFER+ BlueTooth encryption algorithm compromised

Initial device lockdowns were‘interesting’

14

Commercial in Confidence - © Copyright 2008 NCC Group plc - all rights reserved 15


Off to hell in a handcart

That ‘specialist’ reader: £11

16

3DES encryption used to protect data in transit ‘over the air’

156-bit algorithm. Fairly secure today

10 year life span for passports...

The key to read the passport Contains date of birth Country of birth, etc All retrievable from public information

sources

That leaves only the passport number to be cracked

10 Billion combinations... OK, there is latency for the RFID query,

but even so

30cm reading distance already proved by Adam Laurie et al

What about simply asking for the password?

Social Engineering?


What is Social Engineering

Definition: In computer security, social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a "con game". For example, a person using social engineering to break into a computer network would try to gain the confidence of someone who is authorized to access the network in order to get them to reveal information that compromises the network's security. They might call the authorized employee with some kind of urgent problem; social engineers often rely on the natural helpfulness of people as well as on their weaknesses. Appeal to vanity, appeal to authority, and old-fashioned eavesdropping are typical social engineering techniques. Another aspect of social engineering relies on people's inability to keep up with a culture that relies heavily on information technology. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Frequently, social engineers will search dumpsters for valuable information, memorize access codes by looking over someone's shoulder (shoulder surfing), or take advantage of people's natural inclination to choose passwords that are meaningful to them but can be easily guessed. Security experts propose that as our culture becomes more dependent on information, social engineering will remain the greatest threat to any security system. Prevention includes educating people about the value of information, training them to protect it, and increasing people's awareness of how social engineers operate. ”


What is Social Engineering

L Y I N G


Essential equipment

****** ******* – account details, credit card numbers, home addresses….

20


What about blackmail?

Stolen laptop, in laptop bag Not a problem though, as the hard disc is encrypted

Probably with a business card in the same bag, inc mobile number

A little social engineering

I now know where you live

Call mobile: ‘give me your password’

I saw your family on the way to school this morning...

21


Why not just ask for the crypto password?

Recent customer test With IT depts agreement, set up a fake web site Mined employee email addresses using Google Forged emails to them, faking source as one of the IT dept Readers clicked the link in the email Entered their domain creds, on the pretext of needing to reset

them

38% fell victim

Never ever click links in emails, eh...

22


Phone Losers of America

• Polite, friendly, slightly inept

• Offering of incorrect information to establish legitimacy

• Support staff provide support

• “no, the password is 7071”

http://www.phonelosers.org/

plaradio02.mp3

http://www.phonelosers.org/


Random change of tack

A brilliant new profiling tool released at Black Hat: FOCA Google search + download and analysis of common file

types: .doc, .ppt, pps, .xls, .docx, .pptx, .ppsx, .xlsx, .pdf, .wpd, etc.

Extracts potentially sensitive information that is not intended for public consumption. Examples include: usernames, network paths, document comments, software versions and more.

24


Real world example

Remember the ‘dirty dossier’ from 2003?

Here’s the edit list from metadata, accidentally left in the Word doc published on the 10 Downing St web site

Rev. #1: "cic22" edited file "C:\DOCUME~1\phamill\LOCALS~1\Temp\AutoRecovery save of Iraq - security.asd“ Rev. #2: "cic22" edited file "C:\DOCUME~1\phamill\LOCALS~1\Temp\AutoRecovery save of Iraq - security.asd“ Rev. #3: "cic22" edited file "C:\DOCUME~1\phamill\LOCALS~1\Temp\AutoRecovery save of Iraq - security.asd“ Rev. #4: "JPratt" edited file "C:\TEMP\Iraq - security.doc“ Rev. #5: "JPratt" edited file "A:\Iraq - security.doc“’ Rev. #6: "ablackshaw" edited file "C:\ABlackshaw\Iraq - security.doc“ Rev. #7: "ablackshaw" edited file "C:\ABlackshaw\A;Iraq - security.doc“ Rev. #8: "ablackshaw" edited file "A:\Iraq - security.doc“ Rev. #9: "MKhan" edited file "C:\TEMP\Iraq - security.doc“ Rev. #10: "MKhan" edited file "C:\WINNT\Profiles\mkhan\Desktop\Iraq.doc“

Paul Hamill - Foreign Office officialJohn Pratt - Downing Street officialAlison Blackshaw - The personal assistant of the Prime Minister's press secretaryMurtaza Khan - Junior press officer for the Prime Minister

25


It’s clearly worth a crack!

Hugh RodleyDavid Nash

Convicted along with

Kevin O’DonoghueJan Van OsselaerGilles Poelvoorde

Conspiracy to steal nearly £229M

Coerced building security manager

Installed software keyloggers, captured passwords

Silly errors...


And as for those Cold Boots?

27

Prevent standby mode (policies)Hibernation is fine

Don’t use Windows Integrated Login

Disable the Firewire driver in standard laptop & workstation builds

Think hard about symmetric encryption vs one-way hashing

Check that open source algorithms are in use

Keep an eye on cracking speed & new technologies

DES was considered robust enough for US govt use until a few years ago

But don’t let anything we’ve said here stop you from putting in encryptionJust get it tested to ensure it’s actually helping your security profile!

Questions?

Slides available on request:[email protected]

Why to test claims of security:

Documents

“It’s OK, the data was encrypted...” Ken Munro ex-NCC Group SecureTest... said the financial services company to the FSA... or the retailer to the PCI