Soma-notes - User contributions [en]

SystemsSec 2018W Lecture 7

2018-01-31T05:56:19Z

Calvin: /* Notes */

==Audio==

[http://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec07-29Jan2018.m4a Lecture 7 Audio]

==Notes==

- You want cryptography whenever your rival can mess with bits. i.e see, modify, etc.

- If you're talking about an isolated device, i.e single terminal for one person.
what does crypto do for you? almost nothing. (ex: what if someone steals the system? if they mess with hardware?)

- TLS, SSH most common protocols nowadays for detection.

'''- #1 Rule: Never do your own crypto, including implementation.'''

- Most common use case on an individual system: file/file-systems encryption

- You can encrypt a file and send it, but if you have to send it, someone has to do something on the reciever side to decrypt it.

== Trusted Software (DRM): DRM: Digital Rights Management ==

- Almsot no scope for confidentiality, meant mostly for preventing messing with bits.

- Trusted Boot:

== TPM: Trusted Platform Model ==

- This is the portion of a chip that is meant to hold secrets and can do computations without giving away info.

As long as TPM is safe, all data is safe.

- An attacker must do 1 of 3 things if they want data access: break TPM, break the crypto, or get the keys.

- Arguably, getting the keys might be the easiest, even for a company like Apple or Microsoft (Trick one of the human(s) with the keys).

- MalwareBytes: 2 bad updates, essentially acting as a dedicated denial of service. This is a breach of trust.

- How did MS sign my boot order even though I have linux? Because they're allowed to.

- The reason you can't have linux on an Apple device is because of trusted boot; to startup linux, you would have to break the boot order, which would trigger security precautions. But, get the keys, and you could probably do it.

SystemsSec 2018W Lecture 7

2018-01-31T05:55:35Z

Calvin: /* Notes */

==Audio==

[http://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec07-29Jan2018.m4a Lecture 7 Audio]

==Notes==

- You want cryptography whenever your rival can mess with bits. i.e see, modify, etc.

- If you're talking about an isolated device, i.e single terminal for one person.
what does crypto do for you? almost nothing. (ex: what if someone steals the system? if they mess with hardware?)

- TLS, SSH most common protocols nowadays for detection.

- #1 Rule: Never do your own crypto, including implementation.

- Most common use case on an individual system: file/file-systems encryption

- You can encrypt a file and send it, but if you have to send it, someone has to do something on the reciever side to decrypt it.

== Trusted Software (DRM): DRM: Digital Rights Management ==

- Almsot no scope for confidentiality, meant mostly for preventing messing with bits.

- Trusted Boot:

== TPM: Trusted Platform Model ==

- This is the portion of a chip that is meant to hold secrets and can do computations without giving away info.

As long as TPM is safe, all data is safe.

- An attacker must do 1 of 3 things if they want data access: break TPM, break the crypto, or get the keys.

- Arguably, getting the keys might be the easiest, even for a company like Apple or Microsoft (Trick one of the human(s) with the keys).

- MalwareBytes: 2 bad updates, essentially acting as a dedicated denial of service. This is a breach of trust.

- How did MS sign my boot order even though I have linux? Because they're allowed to.

- The reason you can't have linux on an Apple device is because of trusted boot; to startup linux, you would have to break the boot order, which would trigger security precautions. But, get the keys, and you could probably do it.

SystemsSec 2018W Lecture 7

2018-01-31T05:54:33Z

Calvin: /* Notes */

==Audio==

[http://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec07-29Jan2018.m4a Lecture 7 Audio]

==Notes==

- You want cryptography whenever your rival can mess with bits. i.e see, modify, etc.

- If you're talking about an isolated device, i.e single terminal for one person.
what does crypto do for you? almost nothing. (ex: what if someone steals the system? if they mess with hardware?)

- TLS, SSH most common protocols nowadays for detection.

- #1 Rule: Never do your own crypto, including implementation.

- Most common use case on an individual system: file/file-systems encryption

- You can encrypt a file and send it, but if you have to send it, someone has to do something on the reciever side to decrypt it.

'''Trusted Software (DRM): DRM: Digital Rights Management'''

- Almsot no scope for confidentiality, meant mostly for preventing messing with bits.

- Trusted Boot:

- TPM: Trusted Platform Model, this is the portion of a chip that is meant to hold secrets and can do computations without giving away info.

As long as TPM is safe, all data is safe.

- An attacker must do 1 of 3 things if they want data access: break TPM, break the crypto, or get the keys.

- Arguably, getting the keys might be the easiest, even for a company like Apple or Microsoft (Trick one of the human(s) with the keys).

- MalwareBytes: 2 bad updates, essentially acting as a dedicated denial of service. This is a breach of trust.

- How did MS sign my boot order even though I have linux? Because they're allowed to.

- The reason you can't have linux on an Apple device is because of trusted boot; to startup linux, you would have to break the boot order, which would trigger security precautions. But, get the keys, and you could probably do it.

SystemsSec 2018W Lecture 7

2018-01-31T05:54:09Z

Calvin: /* Notes */

==Audio==

[http://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec07-29Jan2018.m4a Lecture 7 Audio]

==Notes==

- You want cryptography whenever your rival can mess with bits. i.e see, modify, etc.

- If you're talking about an isolated device, i.e single terminal for one person.
what does crypto do for you? almost nothing. (ex: what if someone steals the system? if they mess with hardware?)

- TLS, SSH most common protocols nowadays for detection.

- #1 Rule: Never do your own crypto, including implementation.

- Most common use case on an individual system: file/file-systems encryption

- You can encrypt a file and send it, but if you have to send it, someone has to do something on the reciever side to decrypt it.

**Trusted Software (DRM): DRM: Digital Rights Management**

- Almsot no scope for confidentiality, meant mostly for preventing messing with bits.

- Trusted Boot:

- TPM: Trusted Platform Model, this is the portion of a chip that is meant to hold secrets and can do computations without giving away info.

As long as TPM is safe, all data is safe.

- An attacker must do 1 of 3 things if they want data access: break TPM, break the crypto, or get the keys.

- Arguably, getting the keys might be the easiest, even for a company like Apple or Microsoft (Trick one of the human(s) with the keys).

- MalwareBytes: 2 bad updates, essentially acting as a dedicated denial of service. This is a breach of trust.

- How did MS sign my boot order even though I have linux? Because they're allowed to.

- The reason you can't have linux on an Apple device is because of trusted boot; to startup linux, you would have to break the boot order, which would trigger security precautions. But, get the keys, and you could probably do it.

SystemsSec 2018W Lecture 7

2018-01-31T05:52:55Z

Calvin: /* Notes */

==Audio==

[http://homeostasis.scs.carleton.ca/~soma/systemssec-2018w/lectures/comp4108-2018w-lec07-29Jan2018.m4a Lecture 7 Audio]

==Notes==

- You want cryptography whenever your rival can mess with bits.
i.e see, modify, etc.
- If you're talking about an isolated device, i.e single terminal for one person.
what does crypto do for you? almost nothing. (ex: what if someone steals the system? if they mess with hardware?)

- TLS, SSH most common protocols nowadays for detection.
- #1 Rule: Never do your own crypto, including implementation.
- Most common use case on an individual system: file/file-systems encryption
- You can encrypt a file and send it, but if you have to send it, someone has to do something on the reciever side to decrypt it.

Trusted Software (DRM): DRM: Digital Rights Management

- Almsot no scope for confidentiality, meant mostly for preventing messing with bits.
- Trusted Boot:
- TPM: Trusted Platform Model, this is the portion of a chip that is meant to hold secrets and can do computations without giving away info.
As long as TPM is safe, all data is safe.
- An attacker must do 1 of 3 things if they want data access: break TPM, break the crypto, or get the keys.
- Arguably, getting the keys might be the easiest, even for a company like Apple or Microsoft (Trick one of the human(s) with the keys).
- MalwareBytes: 2 bad updates, essentially acting as a dedicated denial of service. This is a breach of trust.

- How did MS sign my boot order even though I have linux? Because they're allowed to.
- The reason you can't have linux on an Apple device is because of trusted boot;
to startup linux, you would have to break the boot order, which would trigger security precautions.
But, get the keys, and you could probably do it.

SystemsSec 2018W Lecture 2

2018-01-16T20:05:48Z

Calvin: /* Notes */

==Notes==

openstack.scs.carleton.ca

homeostasis.scs.carleton.ca/wiki

nilofarmansourzadeh@cmail.carleton.ca (TA email)

'''Alternate Grading Scheme:'''

10% Participation

20% Experiences

20% Assignments

20% Midterm

30% Final

== '''Think Exercise:''' ==

Secret to cold fusion, Need to keep secret and safe for 20 years. How do I do that?

'''Possible Solution:'''
: Minimal people (2) - both need to trust each other. Hard copy (clean print, paper and ink) locked away somewhere secure and dry. (safety deposit box in a bank, not hidden under a mattress). I have half of the documents, other guy has other half of the documents. Maybe I split my half of the documents again. Quarter in a safety deposit box, quarter in my house hidden away.

Need to know who wants this.

Need to know how far they'll go to get it.

'''Threat Modelling:'''

- Adversaries

- Their Capabilities

- Assume "reasonable" limits (nuclear weapon vs floods vs sledgehammer vs digital virus)

Threats/Adversaries: Oil Companies, Anarchists, Nation States, Militant Evironmentalists

== '''Capabilities:''' ==

- Who knows the secret exists? (If they don't know it exists, they won't come looking for it)
i.e. once the mad scientist realized what he had, he started trying to hide it.

- Reverse Engineering: If you try to fake an "accident", how do you falter reverse engineering from what you showed?

'''Defenses:'''

- Convince world secret doesn't exist.

- Splitting up the secret.

- Offline.

- Cryptography is not viable. 20 years down the line, computers may be able to break that encryption in seconds.

'''Risks:'''

- Disclosure.

- Loss of integrity (corrupted)

- Full Data Loss

- Is it better for it to be available (partial loss) on a corruption or completely unavailable (total loss)?

- Should you even use digital storage? NO, too many risks.

- That being said, you can still use digital tools, so long as you completely destroy the tools used.

- What happens if you die? Is there a contingency plan?

'''Security Tech:'''

- Lava Lamps for entropy (Cloudflare) (If I put a hidden camera in that room, and I get their source code, they're compromised)

- Anti Malware

- SE Linux

- Firewalls (It's designed to stop certain types of network traffic):

: - Problems Arise: Sure bad guys might get stopped, but people may get angry since you blocked something they liked.

: - Host

: - Perimeter Defense (crunchy on the outside, chewy on the inside), once the perimeter gets bypassed (over, under, through), everything inside is wide open.

: - Network

Security theater: All those vaults, bars, steel doors in a bank, just for show (there's probably nothing physical in there).

: - Bank runs no longer exist. The banks are now government owned/protected. It's a confidence game.

: - Security Theater is useless for computer/digital.

== Homework: ==
CuLearn: List security techs you use/interact, and which ones do you not actually understand.

SystemsSec 2018W Lecture 2

2018-01-16T19:59:39Z

Calvin: /* Notes */

==Notes==

openstack.scs.carleton.ca

homeostasis.scs.carleton.ca/wiki

nilofarmansourzadeh@cmail.carleton.ca (TA email)

'''Alternate Grading Scheme:'''

10% Participation

20% Experiences

20% Assignments

20% Midterm

30% Final

'''Think Exercise:'''

Secret to cold fusion, Need to keep secret and safe for 20 years

Minimal people (2) - both need to trust each other. Hard copy (clean print, paper and ink) locked away somewhere secure and dry.
(safety deposit box in a bank, not hidden under a mattress). I have half of the documents, other guy has other half of the documents.
Maybe I split my half of the documents again. Quarter in a safety deposit box, quarter in my house hidden away.
Need to know who wants this. Need to know how far they'll go to get it.

Threat Modelling:

- Adversaries

- Their Capabilities

- Assume "reasonable" limits (nuclear weapon vs floods vs sledgehammer vs digital virus)

Threats/Adversaries: Oil Companies, Anarchists, Nation States, Militant Evironmentalists

'''Capabilities:'''

- Who knows the secret exists? (If they don't know it exists, they won't come looking for it)
i.e. once the mad scientist realized what he had, he started trying to hide it.

- Reverse Engineering: If you try to fake an "accident", how do you falter reverse engineering from what you showed?

Defenses:

- Convince world secret doesn't exist.

- Splitting up the secret.

- Offline.

- Cryptography is not viable. 20 years down the line, computers may be able to break that encryption in seconds.

Risks:

- Disclosure.

- Loss of integrity (corrupted)

- Full Data Loss

- Is it better for it to be available (partial loss) on a corruption or completely unavailable (total loss)?

- Should you even use digital storage? NO, too many risks.

- That being said, you can still use digital tools, so long as you completely destroy the tools used.

- What happens if you die? Is there a contingency plan?

Security Tech:

- Lava Lamps for entropy (Cloudflare) (If I put a hidden camera in that room, and I get their source code, they're compromised)

- Anti Malware

- SE Linux

- Firewalls (It's designed to stop certain types of network traffic):

: - Problems Arise: Sure bad guys might get stopped, but people may get angry since you blocked something they liked.

: - Host

: - Perimeter Defense (crunchy on the outside, chewy on the inside), once the perimeter gets bypassed (over, under, through), everything inside is wide open.

: - Network

Security theater: All those vaults, bars, steel doors in a bank, just for show (there's probably nothing physical in there).

: - Bank runs no longer exist. The banks are now government owned/protected. It's a confidence game.

: - Security Theater is useless for computer/digital.

Homework: CUlearn: List security techs you use/interact, and which ones do you not actually understand.