Skip to content

Page117

System Vulnerabilities, Threats, and Countermeasures

System Threats, Vulnerabilities, and Countermeasures describe security architecture and design vulnerabilities, and the corresponding exploits that may compromise system security. We will also discuss countermeasures or mitigating actions that reduce the associated risk.

Emanations

Emanations are energy that escapes an electronic system, which may be remotely monitored under certain circumstances. Energy includes electromagnetic interference, discussed later in this chapter.

Wired Magazine discussed the discovery of electronic emanations in the article “Declassified NSA Document Reveals the Secret History of TEMPEST”: “It was 1943, and an engineer with Bell Telephone was working on one of the U.S. government’s most sensitive and important pieces of wartime machinery, a Bell Telephone model 131-B2 … Then he noticed something odd. Far across the lab, a freestanding oscilloscope had developed a habit of spiking every time the teletype encrypted a letter. Upon closer inspection, the spikes could be translated into the plain message the machine was processing. Though he likely did not know it at the time, the engineer had just discovered that all information processing machines send their secrets into the electromagnetic ether” [28].

As a result of this discovery, TEMPEST (not an acronym, but a codename by the United States National Security Agency) was developed as a standard for shielding electromagnetic emanations from computer equipment.

Covert Channels

A covert channel is any communication that violates security policy. The communication channel used by malware installed on a system that locates Personally Identifiable Information (PII) such as credit card information and sends it to a malicious server is an example of a covert channel. Two specific types of covert channels are storage channels and timing channels.

The opposite of a covert channel is an overt channel: authorized communication that complies with security policy.

Covert Storage Channels

A storage channel example uses shared storage, such as a temporary directory, to allow two subjects to signal each other. Imagine Alice is a subject with a top secret clearance, and Bob is a secret-cleared subject. Alice has access to top secret information that she wishes to share with Bob, but the mandatory access control (MAC) system will prevent her from doing so.

Bob can see the size of Alice’s temporary files, but not the contents. They develop a code: a megabyte file means war is imminent (data labeled top secret) and a 0-byte file means “all clear.” Alice maintains a 0-byte file in the temporary directory until war is imminent, changing it to a 1-megabyte file, signaling Bob in violation of the system’s MAC policy.

Covert Timing Channels

A covert timing channel relies on the system clock to infer sensitive information. An example of a covert timing channel is an insecure login system. The system is configured to say “bad username or password,” if a user types a good username with a bad password, or a bad username and a bad password. This is done to prevent outside attackers from inferring real usernames.

Our insecure system prints “bad username or password” immediately when a user types a bad username/bad password, but there is a small delay (due to the time required to check the cryptographic hash) when a user types a good username with a bad password. This timing delay allows attackers to infer which usernames are good or bad, in violation of the system’s security design.