defense solutions division - dsei 2021 · 2021. 2. 25. · air data computers (x2) standby flight...
Post on 13-Mar-2021
10 Views
Preview:
TRANSCRIPT
1 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Defense Solutions Division
Cybersecurity for the Warfighter
Paul HartChief Technology Officer & Technical Fellow
Curtiss-Wright Defense Solutions
phart@curtisswright.com
https://www.linkedin.com/in/paul-hart-9829569/
2 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cybersecurity for the Warfighter
Blue Screen
The misery of the computer virus
3 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cybersecurity for the Warfighter
Blue Screen
…but what about the digital battlespace?
4 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cybersecurity for the Warfighter
5 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cybersecurity for the Warfighter
6 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Attack Surface Example
USB
WiFi
Ethernet
PC Interfaces to the outside world
7 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Attack Vectors: Spear-Phishing email
If it looks too good to be true, it probably is too good to be true !
8 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cyber Attack Surfaces & Vectors - Generic Computing Architecture
Processor
ROMNOR Flash
RAMSDRAM
SSDSolid State Drive
BIOS
Input-Output (I/O)Graphics
Clock
Pow
er S
uppl
y
9 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cyber Attack Vectors – Types of Malware (Malicious Software)
Processor
ROMNOR Flash
RAMSDRAM
SSDSolid State Drive
BIOS
Input-Output (I/O)Graphics
Clock
Pow
er S
uppl
y
Trojan horses Backdoor software
• “Congratulations! Click here
to claim your prize”
• Software updates,
evaluation versions
Keypress loggers –
passwords, emails..
10 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cyber Attack Vectors – Types of Malware (Malicious Software)
Processor
ROMNOR Flash
RAMSDRAM
SSDSolid State Drive
BIOS
Input-Output (I/O)Graphics
Clock
Pow
er S
uppl
y
Viruses Malware that needs to attach
itself to other programs to
execute
Self replicating
Difficult to track
Ransomware
11 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cyber Attack Vectors – Types of Malware (Malicious Software)
Viruses Malware that needs to attach
itself to other programs to
execute
Self replicating
Difficult to track
Ransomware
12 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cyber Attack Vectors – Types of Malware (Malicious Software)
Processor
ROMNOR Flash
RAMSDRAM
SSDSolid State Drive
BIOS
Input-Output (I/O)Graphics
Clock
Pow
er S
uppl
y
Worms Self-executing code – do not
need victim application to run
Self-replicate
Track activity on networks to
return information to originator
Stuxnet
Ethernet Switch
13 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cyber Attack Vectors – Types of Malware (Malicious Software)
ROMNOR Flash
SSDSolid State Drive
BIOS
Input-Output (I/O)Graphics
Clock
Pow
er S
uppl
y
Spectre & Meltdown Published in 2018
Hardware based cyber
attack
Used modem processor
pipeline to infer values of
privileged data based on
timing
Processor
RAMSDRAM
14 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cybersecurity for the Warfighter
15 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Defense Electronics – Embedded Computing
Combat Net Radio
= Software Defined Radio
16 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Defense Electronics – Embedded Computing
Synthetic Vision System
17 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
How many computers?
HUMS
Health & Usage Monitoring System
WXR
Weather Radar
Air Data Computers (x2)
Standby Flight
Display System
Avionics Interface
Devices
Flight Data Acquisition
Flight Data/Cockpit Voice Recorders
SATCOM
SATellite COMmunication
RNAV Area Navigation Processors
VOR/DME/ILS/NDB
Fuel Quantity Indication Systems x2
Radio
Altimeter
IMA
Integrated Modular
Avionics
ADS-B
Extended Squitter Automatic
Dependent Surveillance-BroadcastHTAWS
Helicopter Terrain
Awareness and
Warning System
FCC
Flight Control
Computers x3
Mission Computers x2
Central
Maintenance
Computer
Engine FADEC x2
Full Authority Digital Engine Control
Airborne Intercept Radar
V/UHF Radio Communication
Degraded Visual Environment
/ Synthetic Vision System
HF
Radio
VDL Mode 2 Communications equipment
Mode S Aircraft Data Link Processor
Fire Detection SystemEFIS
Electronic Flight
Information Systems
EICAS
Engine Instrument and Crew
Alerting Systems
Ice
Detection
System
Rotor Ice Protection System
Embedded
GPS/INS x2
Helmet Mounted Display /
Night Vision Goggles x3
Electronic Support
Measures
AFCS
Automatic
Flight
Control
Systems
FLIR - EO/IR Turrets
Electro Optic/Infra Red
Moving Map
Display
Power Line
Detectors
Mode C/4A
Transponders x2
Radar Warning
Receivers
Missile Approach
Warning System
DIRCM
Directed InfraRed CounterMeasures
60
18 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
How many computers?
HUMS
Health & Usage Monitoring System
WXR
Weather Radar
Air Data Computers (x2)
Standby Flight
Display System
Avionics Interface
Devices
Flight Data Acquisition
Flight Data/Cockpit Voice Recorders
SATCOM
SATellite COMmunication
RNAV Area Navigation Processors
VOR/DME/ILS/NDB
Fuel Quantity Indication Systems x2
Radio
Altimeter
IMA
Integrated Modular
Avionics
ADS-B
Extended Squitter Automatic
Dependent Surveillance-BroadcastHTAWS
Helicopter Terrain
Awareness and
Warning System
FCC
Flight Control
Computers x3
Mission Computers x2
Central
Maintenance
Computer
Engine FADEC x2
Full Authority Digital Engine Control
Airborne Intercept Radar
V/UHF Radio Communication
Degraded Visual Environment
/ Synthetic Vision System
HF
Radio
VDL Mode 2 Communications equipment
Mode S Aircraft Data Link Processor
Fire Detection SystemEFIS
Electronic Flight
Information Systems
EICAS
Engine Instrument and Crew
Alerting Systems
Ice
Detection
System
Rotor Ice Protection System
Embedded
GPS/INS x2
Helmet Mounted Display /
Night Vision Goggles x3
Electronic Support
Measures
AFCS
Automatic
Flight
Control
Systems
FLIR - EO/IR Turrets
Electro Optic/Infra Red
Moving Map
Display
Power Line
Detectors
Mode C/4A
Transponders x2
Radar Warning
Receivers
Missile Approach
Warning System
DIRCM
Directed InfraRed CounterMeasures
110
84
12
3
60
450
3570
7
19 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Embedded Computing - Cyber Security
Non-IT Environment
“Air Gapped”
Locked-down System
Operate on power up: • No “Ctrl-Alt-Del”
• No Password
• No Shutdown
20 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Voice Communication & Datalinks – Where Cyber meets EW
Cyber Attack Electronic Warfare
MalwareMalformed
Messages
Random
Data
Physical
DestructionJamming
Deceiving
Information
Systems
Denial of
Service
Remote attacks
via defined
interfaces
Remote attacks via
electromagnetic
energy
21 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Data Security – ELINT & Mission Planning
Mission
Planning
Waypoints
Mission Profiles
ESM Threat Database
Sensor & Weapon Ranges
High Resolution Maps & Ground Imagery
Flight Management System –
Navigation Database
Terrain Awareness Warning
System (TAWS) database
Data Cartridge
Ethernet Port
22 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cyber Security – Software & Configuration Updates
Ethernet / Web-Server
JTAG PortJoint Test Action Group
New
Software
Version
23 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cyber Security – Supply Chain
Who is going to fix this?
24 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Cybersecurity for the Warfighter
25 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Processor
ROMNOR Flash
RAMSDRAM
SSDSolid State Drive
BIOS
Input-Output (I/O)Graphics
Clock
BIOS
Boot Loader
RTOSReal-Time Operating System
Kernel
Applications
Secure Computing - Preventing Malware from being able to run
?
Q. If only the software could be locked down, encrypted. Is that possible?
A. No - problem is that encrypted code cannot execute
26 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
BIOS
Boot Loader
RTOSReal-Time Operating System
Kernel
Applications
Processor
ROMNOR Flash
RAMSDRAM
SSDSolid State Drive
BIOS
Input-Output (I/O)Graphics
Clock
Solution – Authenticate the Code – “Establishing a Root of Trust”
Crypto Processor
TPMTrusted Platform Module
Secure Hash AlgorithmsSHA-2 SHA-384 SHA-512
27 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Basics of Encryption - Symmetric Key Encryption
Encryption key used to lock the box
Data Data
Same key to unlock the box
28 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Basics of Encryption - Symmetric Key Encryption
Encryption key used to lock the box
Data Data
Same key to unlock the box
Key management becomes issue for multiple users
Increased chance of keys being intercepted by malicious players who could then decrypt data
29 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Basics of Encryption - Asymmetric Key Encryption
Public key used to lock the box, but cannot unlock it when closed
= Encrypt data
Data Data
Private key – kept secure - can unlock the box
= Decrypt data
30 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Basics of Encryption - Asymmetric Key Encryption
Data Data
Multiple Public Keys can be issued
Less concern if Public Keys are compromised
Public key used to lock the box, but cannot unlock it when closed
= Encrypt data
Private key – kept secure - can unlock the box
= Decrypt data
31 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Basics of Encryption - Asymmetric Key Encryption
Data Data
Public key used to lock the box, but cannot unlock it when closed
= Encrypt data
Private key – kept secure - can unlock the box
= Decrypt data
PKIPublic Key Infrastructure
Public Key Encryption
32 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
AES256 Encryption – Number of key combinations
2256
115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
78 digits
2x2x2x2x2x2x2x…..256 times =
33 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
AES256 Encryption – Number of key combinations
2256
115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
2x2x2x2x2x2x2x…..256 times =
34 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
More terminology: Plaintext and Ciphertext
Hope you are enjoying
DSEI 2019. Be sure to
visit the British Museum
while you are in London
Plaintext Ciphertext Plaintext
Encryption Decryption
a.ka. Red Data a.ka. Black Data
Hope you are enjoying
DSEI 2019. Be sure to
visit the British Museum
while you are in London
Xgscf r(pq$itvj ;jh;lk jsdh
gn;p6/o ijgkg j[0 h#omnjV
5-47 9 gakj ]mu I U[P]-
9_(u “¬g}_* Bf64&^32
35 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Security of Data-At-Rest
36 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Security of Data-At-Rest
37 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Security of Data-At-Rest
Applications Electronic Intelligence - ELINT
Communications Intelligence – COMINT
Frequency Schedules
Mission Planning
Threat Libraries
Software Updates
Standards
Federal Information Processing Standard
FIPS 140-2
Common Criteria
International Common Criteria
38 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Security of Data-In-Motion
Definition: Data-In-Motion = Communication/Voice over IP (VoIP), Video Streaming, Messaging, Email..
Data Data
Public key - Encrypts Private key – Decrypts
39 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Security of Data-In-Motion
Definition: Data-In-Motion = Communication/Voice over IP (VoIP), Video Streaming, Messaging, Email..
Threat: Message interception. Denial-of-service
Data Data
Public key - Encrypts Private key – Decrypts
40 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Security of Data-In-Motion
Definition: Data-In-Motion = Communication/Voice over IP (VoIP), Video Streaming, Messaging, Email..
Threat: Message interception. Denial-of-service
Data Data
Problem: Public Key Encryption used for Data-At-Rest is too slow for Data-In-Motion
Reason: Private Key Decryption Algorithms are “computationally heavy” = processing latency
Public key - Encrypts Private key – Decrypts
41 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Security of Data-In-Motion
My
Computer
Dave’s
Computer
IP Address151.101.65.121
IP Address210.45.234.347
Internet
Internet Service Provider
Internet Service Provider
My company network
Dave’s company network
Hope you are enjoying
DSEI 2019. Be sure to
visit the British Museum
while you are in London
Hope you are enjoying
DSEI 2019. Be sure to
visit the British Museum
while you are in London
42 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Security of Data-In-Motion
My
Computer
Dave’s
Computer
IP Address151.101.65.121
IP Address210.45.234.347
Internet
Destination IP AddressSource IP Address <1570 bytes data
Internet Service Provider
Internet Service Provider
My company network
Dave’s company network
Hope you are enjoying
DSEI 2019. Be sure to
visit the British Museum
while you are in London
Hope you are enjoying
DSEI 2019. Be sure to
visit the British Museum
while you are in London
Message split into Ethernet packets and
routed from Source IP to Destination IP
address via Switches/Routers, Servers &
Internet Service Providers
43 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Introducing the Session Key …..a random number
2256
115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936
44 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Only the Session Key can Encrypt & Decrypt data
Destination IP AddressSource IP Address <1570 bytes data – Plain Text
Destination IP AddressSource IP Address <1570 bytes data – Cipher Text
Symmetric Session Key
used to encrypt data
Session Key is deleted after
message has been sent
Cipher Text is essentially
a random number
45 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Session Key = Secure Networking
My
Computer
Dave’s
Computer
IP Address151.101.65.121
IP Address210.45.234.347
Internet
Internet Service Provider
Internet Service Provider
My company network
Dave’s company network
Any intercepted message is just random data
Destination IP AddressSource IP Address <1570 bytes data – Cipher Text
46 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Q. But how is the data decrypted?
My
Computer
Dave’s
Computer
IP Address151.101.65.121
IP Address210.45.234.347
Internet
Internet Service Provider
Internet Service Provider
My company network
Dave’s company network
Any intercepted message is just random data
Destination IP AddressSource IP Address <1570 bytes data – Cipher Text
47 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Q. How is the data decrypted? A. Encrypt the Session Key
Destination IP AddressSource IP Address <1570 bytes data – Cipher Text
Step 1: The Public Key is used to encrypt the randomly generated Session Key to create the Encrypted Session Key
Step 2:
The Encrypted Session Key is transmitted
to the recipient separately from the data
Step 3: The Private Key is used to decrypt the Encrypted Session Key is recreate the Session Key and decrypt the data
48 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Security of Data-In-Motion
Applications Data Communication
• Voice over IP
• Full Motion / Streaming Video
• Data files – documents, photographs
Configuration Data
Software/Cyber updates
Standards
IP SEC
MAC SEC
Transport Layer Security
49 | October 1, 2019 | Proprietary | © 2019 Curtiss-Wright
Thanks for listening! Any questions?
Curtiss-Wright
Stand: S10-120
Paul HartChief Technology Officer & Technical Fellow
Curtiss-Wright Defense Solutions
phart@curtisswright.com
https://www.linkedin.com/in/paul-hart-9829569/
Secure Computing
Encryption
Continual Threat Assessment
Coming soon:
• AI & Machine learning threats
• Quantum Computing threats
Public
Private Session
Encrypted Session
top related