Happy Days at RSA Conference 2006
By Seth Ross, CISSP
These are boom days for the information security business in general and the encryption business in particular. The spirit of the boom was evident at the 15th annual gathering of cryptographers and the information security industry in San Jose, California.
The show bustled with security vendors and a record number of attendees: over 14,000. The dynamics of the boom have been driven by a variety of general factors: increased mobility and connectedness—and thus risk—and by a single piece of legislation: California’s data breach reporting law, SB1386.
The conference was keynoted by some of the most powerful people in the world including the CEOs of Microsoft, Sun Microsystems, Cisco, and Symantec. But none of them have had as much direct impact on information security as Joe Simitian, the California State Senator who co-authored SB1386, one of the very last speakers.
The Data Breach Reporting Phenomenon
SB1386 has illuminated the art and science of information security. In the old days before this breach reporting law and its companions in 25 states, information about security breaches like lost and stolen computers and hack attacks was routinely buried.
The series of breach reports issued by major companies over the past year have made a huge contribution to information security. In this way, even the “bad news” has served the overall good.
Armed with more quantitative information about what is happening in the field, computer security practitioners have been better able to devise appropriate and effective security strategies. Victims of data breaches have more and better opportunities to recover from damage. National law makers and other leaders now have breach data to inform the process of crafting appropriate legislation and regulatory regimes.
It’s impossible to solve a problem that you don’t know you have or that you’re unwilling to acknowledge. And it’s instructive to learn from the pain of others. How were they breached? What were the targets and how were they acquired? Who were the threat agents -- insiders? intruders over the Internet? curiosity-seekers? pros? And what were their motivations?
SB1386 is elegant in its simplicity: either encrypt confidential personal data or make reports when that data is breached. It doesn’t impose heavy-handed or micro-managed technical requirements that would rapidly become out-of-date and could even harm, rather than help, security. It relies on the oldest human emotion—shame—to prompt organizations to do the right thing.
During an RSA keynote session, Simitian and Paul Kurtz, head of the Cyber Security Industry Alliance, discussed the political process in Washington DC that could lead to a national law that preempts SB 1386 and similar state laws. Kurtz noted that there are five data breach bills currently before either the House or Senate. One of these bills, S.1789, Specter/Leahy, contains detailed technical mandates that could be cumbersome and lose relevance over time as technology marches forward.
Simitian expressed concern that if federal law guts the protections of state law, federal preemption could become a “matter of great concern”. He stated that he would like to see SB1386 adopted at the federal level and challenged national legislators to either “Leap forward or get out of the way”. The conference audience loudly applauded this.
One way or another, we are likely to hear more about breach reporting requirements in the months to come. If Congress doesn’t move toward a national law, state legislators like Simitian will continue to push ahead with new and toughened standards. The sun has started to shine on the business of information protection.
Senator Simitian’s web site is at:
Kurtz’ organization can be found at:
PC industry leaders like Intel, IBM, HP, and Microsoft — along with specialized encryption firms like GuardianEdge Technologies — have been working with an open security chip design since the late 1990s: the Trusted Platform Module (TPM). The TPM provides basic encryption services and a secure method for storing cryptographic keys. TPM chips have shipped embedded in the motherboards of tens of millions of personal computers — in most cases, without the owner’s knowledge since most TPMs are not activated. By the end of 2006, the market move to make the TPM ubiquitous and useful will start. Expect to see the first web sites and other services that require "remote attestation" by the chip, a method to authenticate machines over the Internet.
AES Side-Channel Cache Attack
Cryptography is marked by the constant race between cryptographers -- those who design "secret writing" systems -- and cryptanalysts -- those who break secret writing systems. The RSA Conference provides one of the most important venues for cryptographers and cryptanalysts alike. For cryptanalyst, discovering a new attack against a popular cryptographic algorithm or cipher, passing peer review, and getting to talk at RSA is a major career achievement.
The buzz at last year's conference centered on reports of weaknesses in the SHA-1 hashing function, a critical cryptographic primitive. This year, Eran Tromer, a PhD student of Professor Adi Shamir at the Weizmann Institute of Science, Israel, presented a new attack on the Advanced Encryption Standard (AES) algorithm. AES is the US government's approved algorithm for symmetric cryptography -- it is widely deployed in business, government, and Internet systems. Tromer presented an attack that targets a common feature of modern computer systems: CPU cache.
The CPUs in modern computers are extremely fast, much faster, in fact, than RAM memory. A fast CPU can be kept waiting on slow RAM. In order to maintain overall system speed, Intel and other chip vendors put fast cache memory on CPU chips. The cache memory provides fast access to commonly used data elements.
Tromer and his team were able to refine an attack that exploits the fact that cache memory can be written to and read by any process on the system. By observing cache reads and writes during encryption processing, the adversary can statistically deduce keys. AES was the high profile target of Tromer' presentation but his attack could work just as well against any crypto operations running on a CPU reliant on unprotected cache memory. Partitioning methods such as memory protection, sandboxing, and virtualization do not help.
It's a neat attack that demonstrates how fiendishly hard it is to get cryptosystems right. The cryptographer has to anticipate innumerable attack scenarios, while the cryptanalyst or attacker only needs to find a single seam or point of entry. The vulnerability can exist within the cipher's mathematical operations, in software that runs the cipher, in hardware that runs the software, or even in "wetware", the human users responsible for operating the cryptosystem.
In response to Tromer's work, a team from Intel presented several software-based countermeasures that prevent this kind of "side channel" attack. Each countermeasure relies on changes to the implementation of AES in software, using either "masking" or interleaving techniques to prevent an adversary from stealing secrets from the hardware cache. These countermeasures are already being implemented in important cryptographic libraries like OpenSSL.
There is a performance hit in deploying the software countermeasures. Since AES was selected as a standard largely due to its speed, the decision on whether to deploy the countermeasures needs to be made based on the performance characteristics of the target system and an analysis of the systems threat model.
Tromer's paper can be found at:
Ten Ways to Break Into a Bank
A professor of design once pointed out that if power corrupts, PowerPoint corrupts absolutely. In today's business world, it's impossible to avoid the avalanche of clever presentations stuffed with fancy fades, bullet points, and dead-on recitations of PowerPoint copy.
At RSA, security expert Dan Farmer gave a talk remarkable in both its substance, how to break into a bank to steal money, and format; Farmer's presentation didn't contain a single bullet or even any text at all.
Farmer is a former marine who introduced the concept of network security to the general public in 1995 with the release of the network-scanning tool SATAN. He cuts a striking figure, with bright red hair halfway down his back. His thesis -- that it's impossible for large organizations like banks to protect against determined small-scale attackers -- drew a large crowd including many security professionals from the financial services industry.
Despite the talk's title, Farmer didn't actually provide any specifics on how to break into banks. Instead, he presented a series of pictures, each of which served as a launching point for a Zen-like discussion of the impossibility of complete defense.
One slide showed an X-ray image of a human chest cavity. “Does anyone know what this is?” Farmer asked a confused audience. “The insider threat”. The next slide showed a jailhouse mug shot of a very young Bill Gates: “Who can you trust?” asked Farmer. “It’s a miracle when anything from a vendor works,” he noted with intentional irony –- Farmer now represents a computer security vendor.
In one slide, he showed six faces, all somewhat scraggly-looking men. "Pick out the serial killers", he told the audience. Of the six photos, two showed notorious serial killers, and four showed famous inventors of important open-source technologies that are ubiquitously deployed in banks and other companies.
Another of Farmer’s slides showed a Japanese-style print of a tsunami, a simile for the kinds of denial-of-service attacks that could impact any Internet-connected organization.
Pulling up an image of a Fortune cookie message, “That wasn’t chicken.” Farmer pointed out how heavily disclaimered “end user license agreements” or EULAs are. Vendors get a free ride with EULAs and they are not responsible for anything -- Farmer noted that bank users download all kinds of software and there could be anything inside.
Farmer’s presentation techniques are interesting, and so is his company, which won “Most Innovative Company” award at the conference. You can find more on Farmer’s provocative views on security here:
His company is
Security is Like Happiness
One of the recurring themes of the expert presenters at RSA year in and year out is that "security is not a product", a riff on Bruce Schneier's "security is a process not a product" idea.
Given that the conference is entirely driven and funded by companies with products to sell, this is a counter-cultural message.
The theme was repeated by Jim Gosling, inventor of Java, during a keynote address. Gosling pointed out that security is a state, like happiness, which can't be bought and sold.
This is an idea that I've been thinking over for the last year or so. Security is a state, a system property, and a fundamental prerequisite for human self-actualization. While it’s often associated with products or services that can be bought and sold, and with large-scale top-down hierarchical systems (such as “national security”), security is really about people, culture, and the bottom-up fulfillment of essential human needs -- things that emerge and evolve and that cannot necessarily be mathematically calculated.
I'll be writing on this theme in the year to come. For now, I leave you with Gosling’s words, cast in verse:
Security is not a thing, something you can buy
It’s like happiness
A loose assembly of things
That comes from the bottom up
About the Author
Seth Ross is the Chief Security Officer at GuardianEdge
Technologies and author of the book, _UNIX System Security Tools_