COMP 3000 2011 Report: LPS
Background
This Distribution Report will be providing an analysis of the Lightweight Portable Security (LPS) operating system, which is developed and supplied by the Software Protection Initiative section of the United States Department of Defense (DoD).
LPS has been developed as an operating system to be used by government and military workers as a secure digital environment on systems that may not necessarily be secure. It has also been developed with a single use mentality. This means, there is no storage, and if the session becomes compromised due to malicious software, a simple reboot will produce a clean slate for the worker to use (Software Protection Initiative, 2011).
As of June 15th, 2011, LPS was approved by the Air Force Network Integration Center to access the Global Information Grid (GIG) for general telecommuting use (Software Protection Initiative, 2011). The GIG is described as a DoD system that includes any equipment, software, or service that transmits, stores, or processes DoD information, and provides any other associated services necessary to achieve information superiority (NSA, 2011).
The operating system has two variants, which can be obtained from the following locations:
Public ISO (137.3 MB Image) http://www.spi.dod.mil/docs/LPS-1.2.5_public.iso
Public Deluxe ISO (317.3 MB Image) http://www.spi.dod.mil/docs/LPS-1.2.5_public_deluxe.iso
Note: This report will be looking specifically at the Deluxe version of the distribution, which also provides Adobe Reader and Open Office.
The heritage of this operating system is not clearly documented anywhere, but based on the settings required for the Virtual Machine environment, it can be concluded that it is using a 2.6.x Linux kernel variant.
Installation and Startup
System Requirements
- A computer system with an x86 processor
- 512 MB of RAM (LPS-Public), 1 GB RAM (LPS-Public Deluxe)
- Wired, Wifi, or broadband cellular Ethernet (DHCP highly recommended)
- Ability to boot from either USB or CD-ROM (LPS is available on either media)
- CCID-compliant USB smart card reader (SCR 331 w/current firmware [>5.22])
Although LPS is meant to be used as a live boot distribution, for the purposes of this report and testing, VMPlayer 4.0 was used as the operating environment.
Installation was simple and straightforward. When setting up the VMWare Virtual Machine, VMWare Player was unable to detect the operating system automatically, so the Linux option “Other Linux 2.6.x kernel 64-bit version” was chosen.
Default settings were kept for the rest of the configuration, with the exception of customizing the virtual machine hardware memory. This value was changed from the default 384 MB, to 1024 MB, as per meeting the distribution system requirements.
Booting of the distribution took roughly one minute from start to the license agreement screen. Upon accepting the agreement, the desktop loaded almost instantly.
Basic Operation
With my configuration, there was 678.5 MB of free space left to be used.
Upon viewing the distribution's desktop, the first thing that is noticeable is the striking similarity in appearance to a Windows operating system. There is a start menu, but instead of a Windows logo, the user will find Tux there. There are also Windows Show Desktop and Command Prompt icons. Show Desktop performs as expected, but the Command Prompt icon launches Xterm.
It is likely that most users of this operating system would be coming from a Microsoft background, so it does make sense that the developers would choose to make an experience that follows what one would expect in a Windows environment. The developers have went so far as to even apply skins onto various utilities to have them more closely represent the Windows equivalents. This can be seen in the screenshot below.
Going to Work
Since the operating system was meant to provide workers with a secure environment for telecommuting, an attempt was made to replicate a “workday”.
First, Open Office was used to create and save an assortment of text documents, and spreadsheets. Next, the Firefox browser was used to view a number of websites, including YouTube, WebCT, and CNN.com. All websites performed smoothly and as expected.
I was a little skeptical of logging into any websites, including my personal email, and banking. Now, this is not because I did not expect my session to be secure, but at a stage of preliminary analysis, I am a bit too paranoid to enter login credentials into a DoD operating system.
There are a number of remote connection options available, including Citrix Receiver, Remote Desktop, and a remote SSH client. The operating system should also allow for the use of a smart card reader that can contain the log in information required to remotely access a system. I was unable to test this features, since I lack a smart card reader, but I was able to use the SSH client to remotely connect to a computer.
One of the features unique to this distribution that was tested was the Encryption Wizard. This is an encryption and decryption program that uses a 128-bit implementation of the Advanced Encryption Standard (AES) with a drag-and-drop interface (ATSPI Technology Office, 2011). It creates the ability to encrypt files using a pass key, with a PKI Certificate, or both, as well as add Meta Data, although this is not encrypted. Decrypting a file that was encrypted using the Encryption Wizard follows a similar point and click method. Both encrypting, and decrypting files was tested on the text documents created earlier in the session, and no problems were encountered.
After creating a number of files were created and downloading an assortment of PDFs, as well as extensive Internet browsing, an operating system restart was done to see if there would be any traces of the session. Upon completing the reboot, all files from the previous use of LPS were gone, and web history from Firefox had also been cleared.
Usage Evaluation
LPS does appear to provide all of the features that would typically be required in an average work session. Documents can be viewed, and edited, and websites are accessible. I also assume that the remote access utilities available that were not tested, work as well.
However, there are a number of concerns I have with regards to how secure the operating system actually is. This is due to some of the available options that an attacker has to takeover the session, most of which are browser based.
LPS uses the latest versions of much of its software, including Adobe Reader and Open Office, but Firefox is using version 3.6.2.2, when the latest version as of this writing 7.0.1, and Adobe Flash 10.3.183.10, when the latest version as of this writing is 11. Using out of date versions of software is typically something that raises some eyebrows.
Next, Firefox itself does not use any common extensions that would be expected in a secure environment, such as NoScript, which helps the user to block unwanted scripts, extensions, and other malicious things from running in their browser (NoScript, 2011). There also do not appear to be any restrictions on what extensions a user can install, or disable, including built in DoD extensions.
Not only can a user install potentially vulnerable extensions, but as can be seen from the following screenshot, “signed” Java applications can be executed as well. In the case of WebCT, this not an issue, but it does provide the opportunity for a malicious attacker to use the Java Applet Attack Vector provided in tools such as the Social Engineering Toolkit (Social Engineer, 2011).
The lack of basic checks in place when it comes to browser security seem counterintuitive for a “secure” operating system. Even with the ability to create a clean session with a system reboot, it is hard to know how much information an attacker could gain before such a reboot occurs.
Software Packaging
With my operating system there is no package manager, and hence no packaging utilities. Updates to programs and utilities are done with each new release of the operating system. This is likely the case because Lightweight Portable Security (LPS) is a non-persistant storage operating system, meaning upon restarting it, all previous session information is lost.
This is not to say that a package manager and installation could not still be supported, with any packages installed during a given session just being lost in the next. However, with the security oriented focus of LPS, it can be reasonably assumed that the Department of Defence (DoD) wanted to make any initialization of the OS homogenous, so given any instance of the OS, they should be assured no “unknown” packages are being used.
In order to determine the packages being used on LPS, the user is left to browse the file system to try and gain an idea of everything that is available, with /bin being the location that provides a good general idea.
Since there is no supplied way of installing software packages, the user is left with what is given to them, which although sparse, should cover most basic computing needs. The software available allows the user to edit a variety of document types, browse the Internet, encrypt and decrypt files, and remotely access computers with Citrix Receiver, SSH, or Remote Desktop.
Major Package Versions
Chosen Packages
| Header Package | Header Distribution Version - Date | Header Current Version - Date |
|---|---|---|
| Kernel | 2.6.27.56 - November 22nd, 2010 | 3.1.1 - November 11th, 2011 |
| libc | 2.8 - April 2008 | 2.14 - June 2011 |
| X.org X Server | 1.7.1 - October 22nd, 2009 | 1.11.2 - November 4th, 2011 |
| Ice WM | 1.2.38 - 2009 - Estimate | 1.3.7 - October 16th, 2010 (Stable) |
| Java SE Runtime Environment | 1.6.0_27 - August 24th, 2011 | 1.6.0_29 - October 20th, 2011 |
| BusyBox | 1.1.3 - May 17th 2006 | 1.19.3 - October 29th, 2011 |
| Adobe Reader | 9.4.2 - February 11th, 2011 | Version is current |
| Firefox | 3.6.22 - September 6th, 2011 | 3.6.24 - November 8th, 2011 |
| Open Office | 3.3.0 - January 25th, 2011 | Version is current |
| Open SSH | 5.9p1 - September 6th, 2011 | Version is current |
Modifications
With the exception of Firefox, there do not appear to be any apparent modifications to any of the above listed packages. In the case of Firefox, there is a set of custom extensions installed, including incorporation of the Encryption Wizard, and a DoD configuration extension that allows the updating of DoD and Federal certificates, as well as the use of a Smart Card Reader for verifying user credentials. There are also a number of bookmarks to various United States Military websites.
As for differences between versions, the breakdown is as follows:
Kernel
Changes have been extensive between the distribution version and the current version and include security fixes, hardware support improvements, and bug fixes (The Linux Kernel Archives, 2011).
libc
Numerous changes, again this can be accounted for the by the over three year difference between the distribution version and the current version (GNU Project Archives, 2011).
X.org X Server
Differences between the distribution version and the current version include code clean up, bug fixes, and improved hardware support (X.Org Wiki, 2011).
Ice WM
Between the distribution version and the current version there appear to be only minor fixes with regards to battery statuses displaying incorrectly, and the task bar auto hiding (SourceForge.net Repository – icewm, 2010).
Java SE Runtime Environment
Between the distribution version and the current version, security fixes were applied including the blackisting of the Cisco AnyConnect Mobility Client and the Microsoft UAG Client (Oracle, 2011)
BusyBox
There have been significant changes between the distribution version and the current one, which is altogether not surprising considering there was more than a four year time lapse between the two. These include new features, bug fixes, and improvements of the integration of various utilities (BusyBox, 2011).
Firefox
Between versions 3.6.22 and 3.6.24 there were mostly security fixes applied which included things such as memory corruption while profiling Firebug, and some XSS attacks (Home of the Mozilla Project, 2011).
Package Selections
Looking at the packages, Adobe Reader, Java Runtime Environment, Open SSH, Open Office, and Firefox, are all either running the latest versions, or close to. For a security oriented distribution it would make sense that these packages are the most up to date, as many security exploits are often centered around Adobe Reader and PDFs, Java, web browsers and Office programs like Open Office. Open SSH is also an integral apart of maintaining secure communications, so the latest version there makes sense as well.
On the other hand, the kernel, libc, X.org X server, Ice WM, and BusyBox, are all running less than up to date versions. In some cases the included software packages are more than a year older than whatever the latest released version is.
Some of this might be because of software compatibility concerns. For instance, X.org X server is from 2009, and so is Ice WM. In terms of the older version of the kernel, it might be possible that the DoD has determined that this version is the most easy to lock down and hardest to exploit, or again, there are compatibility issues with the other older software packages that come with the distribution. However, since this is supposed to be a secure distribution, security concerns are probably more important than compatibility, unless of course, situations arise where the two go hand in hand.
Initialization
LPS follows an init process of initialization, beginning with running:
/etc/inittab
which calls:
/etc/thinstation.init
thinstation.init does some file system configuration and mounting before initializing the packages to be used. The scripts to initialize the packages are found in /etc/rc0.d and /etc/rc5.d
Based on the rc0.d script, the operating system initialization process begins starting SSH to setup an SSH key, then configures the network settings with a basic loopback using ifconfig (127.0.0.1), followed by starting acpi, CRON, and then syslog.
It appears that the rc0.d folder starts some of the more system level programs as listed above, while rc5.d initializes the higher level user type applications, as it contains files for initializing Firefox, NetworkManager, java, and icewm.
The method to determine LPS initialization involved opening the init files listed above, analyzing them, and following the breadcrumbs to the other init files they referred to.
Major Processes Running
The following is a description of five major processes that are running as indicated by executing the ps -e command after booting to the desktop:
| Header Process | Header Description |
|---|---|
| kthread | A kernel thread |
| kfoftirqd | A kernel thread that handles processing soft interrupts if they are being triggered faster than they can be serviced (tin.org - TIN newsreader development headquarters, 2003) |
| khelper | A kernel thread which provides the kernel a method of making calls out to applications (Indiana University, 2004) |
| crond | A scheduler to execute commands |
| klogd | Intercepts and logs Linux kernel messages (Linux Operating System and Linux Distributions, 2011) |
The full list of processes is available in Appendix 1.
References
"6u29-relnotes." Oracle. Web. 11 Nov. 2011. <http://www.oracle.com/technetwork/java/javase/6u29-relnotes-507960.html>.
ATSPI Technology Office. Lightweight Portable Security (LPS) Public Edition (LPS-Public) User’s Guide. Web. 10 Oct. 2011. <http://spi.dod.mil/docs/lpsmanual.pdf>.
"BusyBox." BusyBox. Web. 11 Nov. 2011. <http://busybox.net/>.
"Global Information Grid – NSA/CSS." Welcome to the National Security Agency - NSA/CSS. NSA. Web. 10 Oct. 2011. <http://www.nsa.gov/ia/programs/global_industry_grid/index.shtml>.
"GNU Project Archives." GNU Project Archives. Web. 11 Nov. 2011. <http://ftp.gnu.org/gnu/glibc/>.
"klogd - Linux Command - Unix Command." Linux Operating System and Linux Distributions.Web. 16 Dec. 2011. <http://linux.about.com/library/cmd/blcmdl8_klogd.htm>.
"ksoftirqd(9)." tin.org - TIN newsreader development headquarters. Web. 16 Dec. 2011. <http://www.tin.org/bin/man.cgi?section=9&topic=ksoftirqd>.
"Linux-Kernel Archive: Re: 2.6.7 and khelper." Indiana University. Web. 16 Dec. 2011. <http://lkml.indiana.edu/hypermail/linux/kernel/0406.3/0318.html>.
NoScript - JavaScript/Java/Flash Blocker for a Safer Firefox Experience! - What Is It?. NoScript. Web. 10 Oct. 2011. <http://noscript.net/>.
"The Official Social Engineering Framework - Computer Based Social Engineering Tools: Social Engineer Toolkit (SET)." Social Engineering - Security Through Education. Social Engineer. Web. 10 Oct. 2011. <http://www.socialengineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)>.
"Security Advisories for Firefox 3.6." Home of the Mozilla Project. Web. 11 Nov. 2011. <http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.24>.
"Software Protection Initiative - Lightweight Portable Security." Software Protection Initiative. Software Protection Initiative. Web. 10 Oct. 2011. <http://www.spi.dod.mil/lipose.htm>.
"SourceForge.net Repository - [icewm] Index of /icewm." SourceForge.net Repository - [icewm]. Web. 11 Nov. 2011. <http://icewm.cvs.sourceforge.net/viewvc/icewm>
"The Linux Kernel Archives." The Linux Kernel Archives. Web. 11 Nov. 2011. <http://www.kernel.org/>.
"X.Org Wiki - XServer." X.Org Wiki .Web. 11 Nov. 2011. <http://www.x.org/wiki/XServer>.
Sources for Software Version Releases
1. Kernel
In Distribution: http://lwn.net/Articles/416654/
Current: http://en.wikipedia.org/wiki/Linux_kernel
2. libc
In Distribution: http://en.wikipedia.org/wiki/GNU_C_Library#Version_history
Current: http://en.wikipedia.org/wiki/GNU_C_Library#Version_history
3. X.org X Server
In Distribution: http://www.x.org/wiki/Server17Branch
Current: http://en.wikipedia.org/wiki/X.Org_Server
4. Ice WM
In Distribution: http://sourceforge.net/projects/icewm/files/icewm-1.2/
Current: http://en.wikipedia.org/wiki/IceWM
5. Java SE Runtime Environment
In Distribution: http://blogs.oracle.com/javase/entry/java_se_6_update_27
Current: http://blogs.oracle.com/javase/entry/java_6_update_29_has
6. BusyBox
In Distribution: http://www.busybox.net/oldnews.html
Current: http://busybox.net/
7. Adobe Reader
In Distribution: http://get.adobe.com/reader/otherversions/
Current: http://get.adobe.com/reader/otherversions/
8. Firefox
In Distribution: http://www.mozilla.org/en-US/firefox/3.6.22/releasenotes/
Current 3.6: http://www.mozilla.org/en-US/firefox/3.6.24/releasenotes/
Current (non 3.6): http://www.mozilla.org/en-US/firefox/new/
9. Open Office
In Distribution: http://www.openoffice.org/
Current: http://www.openoffice.org/
10. Open SSH_5.9p1
In Distribution: http://www.openssh.com/
Current: http://www.openssh.com/
Appendix
1: PS -e output after first logging into desktop
PID Uid VmSize Stat Command 1 root 580 S init 2 root SW< [kthreadd] 3 root SW< [ksoftirqd/0] 4 root RW< [events/0] 5 root SW< [khelper] 6 root SW< [kblockd/0] 7 root SW< [kacpid] 8 root SW< [kacpi_notify] 9 root SW< [ata/0] 10 root SW< [ata_aux] 11 root SW< [kseriod] 12 root SW [pdflush] 14 root SW< [kswapd0] 15 root SW< [aio/0] 16 root SW< [aufsd/0] 17 root SW< [aufsd_pre/0] 18 root SW< [kpsmoused] 19 root SW [pdflush] 61 root 892 S < udevd --daemon 154 root SW< [ksuspend_usbd] 156 root SW< [khubd] 317 root 4488 S /bin/haveged -w 4096 406 root 552 S acpid 473 root 524 S crond 512 root 508 S syslogd -m 0 514 root 504 S klogd 727 root 840 S /bin/pcscd --debug 1208 root 856 S < udevd --daemon 1212 root 752 S < udevd --daemon 1239 messageb 812 S /bin/dbus-daemon --system 1842 root 3288 S NetworkManager 1844 root 2248 S /sbin/modem-manager 1855 root 740 S /bin/dhcpcd -B -K -L -c /libexec/nm-dhcp-client.actio 1859 root 812 S /bin/wpa_supplicant -c /etc/wpa_supplicant.conf -B -u 2079 root 628 S /bin/sh /bin/start-session 0 2080 root 264 S init 2154 root 12312 R Xorg :0 -fp /usr/X11/lib/X11/fonts/75dpi,/usr/X11/lib 2169 root 656 S /bin/sh /etc/init.d/icewm console 2405 root 300 S /bin/sh /etc/init.d/icewm console 2406 root 580 S /bin/sh /bin/icewm_startup 2427 root 2204 S /bin/icewmtray 2439 root 3376 S icewm 2484 root 6448 S /bin/volumeicon 2485 root 8632 S /bin/nm-applet 2486 root 7676 S pcmanfm -d 2489 root 1128 R /usr/local/libexec/gam_server 2493 root 692 S //bin/dbus-daemon --fork --print-pid 5 --print-addres 2494 root 804 S dbus-launch --autolaunch 551c148ca109c4709c9560794eeb 2496 root 2368 S /libexec/gconfd-2 2498 root 8428 S /libexec/notification-daemon 2500 root 2748 R xterm 2501 root 720 R sh 2582 root 296 S /bin/sh /etc/init.d/firefox window 2583 root 91808 S /lib/firefox/firefox-bin 2648 root 18832 S /lib/firefox/plugin-container /lib/firefox/plugins/li 2652 root 660 R ps -e