• No results found

The remote working security conundrum: what is reasonably secure anyway?

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "The remote working security conundrum: what is reasonably secure anyway?"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

The remote working security conundrum:

what is reasonably secure anyway?

Usenix LISA 2021

Qubes logo is licensed under:

Creative Commons

Attribution-ShareAlike 4.0 [email protected]

(2)

$ whoami

Alex Sharp, Andrew Reimers

Looking for a stack for secure Dev/sysadmin work

Working at OrionVM –

A wholesale cloud computing provider

(3)

Disclosure

We haven’t been provided discounted products from the vendors mentioned here

Work in progress – new hardware

Using Qubes for years (see LCA talks)

(4)

What’s reasonable? Threat model

Zero day exploit – 100K USD for Firefox RCE (Zerodium)

Cost per affected user

Profit per attack

Political motivation

Ransomware

Social engineering attacks not considered here

(5)

Agenda/Security pyramid

Business continuity Application security Network security OS security Firmware level Physical level

(6)

Physical level

Screen lock/Autolock

BIOS password

Boot from internal disk only

Kensington lock

Screen privacy filter

“Glitter screws”

Anti-interdiction shipping

https://mullvad.net/en/help/how-tamper-protect-laptop/

(7)

Physical level – Hardware kill switches

https://puri.sm/posts/librem-14-rave/

(8)

Attack – Acoustic side channel

Zhu, T., Ma, Q., Zhang, S., & Liu, Y. (2014). Context-free Attacks Using Keyboard

Acoustic Emanations. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS ’14. doi:10.1145/2660267.2660296

“We conduct extensive experiments and the results show that more than 72.2% of

keystrokes can be successfully recovered.”

See also 'Listen to your key': HotMobile '20: Proceedings of the 21st International Workshop on Mobile Computing Systems and Applications March 2020 Pages 3–8 https://doi.org/10.1145/3376897.3377853

(9)

Architecture comparison

Intel AMD Power9

Cost Reasonable Cheaper Enterprise

Ram encryption

/ECC

No/No Yes/Yes No/Yes

Management

engine Closed/

removable Closed Open

Qubes/Heads

support Best/Best Good/Old No*/No

* Actively being worked on

(10)

Firmware security: Librem 14

Coreboot

Reduced intel ME

Coreboot SMM code

Heads (Pureboot)/Librem Key

Has a TPM

Open source Embedded Controller (EC)

Hyperthreading disabled

(11)

Hardware security tokens

https://puri.sm/products/librem-key/ https://en.wikipedia.org/wiki/YubiKey#/media/File:YubiKey-4-keychain-and-YubiKey-4-Nano.png

(12)

TPMs

Like a security token

In your computer

Unlocks from boot measurements

https://upload.wikimedia.org/wikipedia/commons/6/64/TPM_Asus.jpg

(13)

Physical firmware protection

https://puri.sm/posts/librem-14-rave/

(14)

Operating system Level: Qubes

“A reasonably secure operating System” focusing on security through isolation - “You can’t hit what you can’t see”

Consists of multiple Qubes and an isolated management VM

A Qube is a Xen VM running an OS (Linux/FreeBSD/etc)

Has it’s own xserver for graphics

Tied together via vchan, virtual networking

Optional USB devices (proxy), PCIe devices (IOMMU)

Managed by an internal agent (qrexec) via vchan.

(15)

Firefox and a password manager

(16)

Firefox and a password manager

(17)

USB isolation

USB is a lovecraftian nightmare

A ‘USB key’ can be a

Keyboard

Mouse

Virtual ethernet device

Storage device

Pizza oven

https://github.com/whid-injector/WHID

(18)

Qubes video call

(19)

Hardware isolation

(20)

Security via isolation

“Our analysis found that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors [..]

- all the vulnerable drivers we discovered have been certified by Microsoft [..]

A vulnerable driver installed on a machine could allow an application running with user privileges to escalate to kernel privileges”

https://eclypsium.com/wp-content/uploads/2019/08/Screwed-Drivers.pdf

Eg. CVE-2021-21551 since 2009, CVE-2021-1052

(21)

Disposable Qubes

(22)

Networking security

Local router security

DNS security/HTTP content injection

Security via network isolation, eg. From CVE-2019-14899

(23)

Network isolation

work-vpn

hobby work

hobby-vpn sys-firewall

vault

sys-net

disp1337

WIFI

Firewall NAT

web-vpn disp1234

(24)

Upgrade path

sys-firewall

Dom0 sys-net

WIFI web-vpn

Vchan

sys-update

(25)

‘BeyondCorp’/L7 model example

Qubes

Auth

Ephemeral creds disp1234

Ephemeral creds Creds

Hashicorp vault

Database disp1337 Business system

U2F proxy Split SSH

(26)

Backups and business continuity

Local backup

Remote backup

“Append only” or “Separation of powers” backup principle.

(Tarsnap model)

(27)

Going forward

Upstream work

Remote attestation

Mobile investigation: Librem 5

Better solutions for file/secret sharing

(28)

Thanks!

Any questions?

Usenix LISA 2021

Qubes logo is licensed under:

Creative Commons Attribution-ShareAlike 4.0

References

Download now ( PDF - 28 Page - 1.44 MB )

Related documents

Electrokinetic motion of single nanoparticles in single PDMS nanochannels

Consequently, we can predict that the electrokinetic motion of nanoparticles in nanochannels filling with diluted ionic solutions is dominated by the overlap EDL and also

Loving Empire: Intimacy and Expansion in U.S. Women's Historical Writing, 1880-1900

Winnemucca threads the foreign incursion through these practices. This move also disrupts the teleological progress narrative of contemporaneous white army wives' narratives,

Compliance and the Cloud: What You Can and What You Can t Outsource

•Perform a detailed assessment of the unique risks associated with each service •Hosted entity and provider clearly define and document the responsibilities assigned to each

You Don t Know What You Can t See: Network Security Monitoring in ICS Rob Caldwell

Network security monitoring for industrial control systems is achievable using the tools we have today.. What is network

Lesson 3 What Can You See?

“The fact that a thing is not seen does not indicate its nonexistence.” In this realm of causality (this world), we have four types of living workers: An- gels, animals, plants

Egi for Sap Ux Sap Fiori Day 4

Customer extends an OData service and UI to add a custom field to an standard SAP Fiori Application.. (Remote support in

What You Don t Know Can Hurt You

Under the act, advisors who currently operate under the “suitability standard of care” will be required to accept a fiduciary responsibility with plan sponsors or exit the... In

If you can't beat them - secure them

• Device Security - Anti malware /Live updates , SMS anti-spam, location update of devices , Application control. App Distribution