Physical Security

​

CSC 481/681

Principles of Computer Security

​

​

Reference: Goodrich and Tamassia: Sections 2.1-2.5

​

Where we are and where we’re going...

This class meeting:

• Physical security
• Identification concepts, physical access control, side channels

​

Next time

• Basic operating system security (with Linux examples)
• Read: Textbook Sections 3.1-3.3

​

Other things to be working on:

• Graduate students: Research reading report 3 due Tuesday, Feb 20
• Homework 3 -- due Tuesday, February 27
• Eye on the future: Exam 1 coming up on Thursday, February 29
• Reminder: Last day to drop without WF is Friday, March 1 (MT grades should be in)

​

CSC 481/681

Principles of Computer Security

Physical Security

Physical Security

Attack Model

Many security measures can be bypassed with physical access

• Benefit: You can’t lock yourself out of your system!
• Drawback: Must control physical access

Threat Model

​

What does the adversary know?

• Algorithms? Typical user behavior?

What can the adversary access?

• Access communication contents? Metadata?

What can the adversary do?

• Passive or active? Computing power?

How does physical access affect attacker’s abilities?

​

Who needs access?

(Principle of Least Privilege)

• General developer?
• System administrator?
• Cleaning crew?

​

CSC 481/681

Principles of Computer Security

Physical Security

Physical Security�Some Assets to Consider

• Some specific physical items:
• Data / File servers
• Media security
• Electronic backups
• Paperwork with sensitive info
• Media sanitization / reuse / disposal
• Network switching / transmission equipment

​

• Area/design considerations:
• Availability: Power (UPS), connectivity (physical network wiring, multi-homing, …)
• Zoning: Secure facilities layer access areas by clearance
• Electronic emanations: Servers at core of building make it harder to monitor RF leakage (also TEMPEST certification)
• Sound emanations

CSC 481/681

Principles of Computer Security

Physical Security

User Authentication

How to determine if access should be granted

​

Whether electronic or physical access, authorize access!

• Authorization usually follows authentication (determine ID)

​

Three basic types of authentication:

• Something you have
• Something you know
• Something you are

​

Multi-factor authentication combines multiple techniques

• Common usage: “two-factor authentication” or 2FA
• Supported by almost all online services, banks, etc. … and UNCG

​

CSC 481/681

Principles of Computer Security

Physical Security

Common access controls

What principle does each of the following use?

Keyed locks are...

​

Combination locks are…

​

Cards with magnetic stripes are…

​

Cards that require a PIN are…

​

Fingerprint scanners on computers/phones are…

CSC 481/681

Principles of Computer Security

Physical Security

Common access controls

What principle does each of the following use?

Keyed locks are...

something you have

​

Combination locks are…

something you know

​

Cards with magnetic stripes are…

something you have

​

Cards that require a PIN are…

something you have and something you know (2FA)

​

Fingerprint scanners on computers/phones are…

something you are

CSC 481/681

Principles of Computer Security

Physical Security

Something You Have

Keyed locks, card access, fobs, RFID, door openers, ...

Keyed Locks

• Lots of details in book
• Important part: Don’t use cheap locks
• Lock-picking as a challenge...

​

Card Access

• Traditional magnetic stripe
• Smartcards
• Contactless / RFID

​

Garage door and car openers

• RF transmitter w/ rolling codes
• Proprietary algorithms (ugh!) - some broken

CSC 481/681

Principles of Computer Security

Physical Security

Something You Know

Combination locks, keypads, PINs, ...

Benefits

• Don’t need physical object
• Hard to steal
• Easy to extort though...

​

Drawbacks

• Memorability vs Guessability
• What if you forget?!?
• Alternative access method?
• Passive (observation) attacks

​

So: Best used with other methods (2FA)

CSC 481/681

Principles of Computer Security

Physical Security

Something You Know

About passwords…

People pick bad passwords if they are allowed to

CSC 481/681

Principles of Computer Security

Physical Security

Something You Know

Warning about “alternative access methods”

But even strong passwords don’t work if easy alternative method...

CSC 481/681

Principles of Computer Security

Physical Security

Something You Are

Biometrics

Fingerprint scanner

Facial Recognition

Retinal scanner

Desired properties:

• Universality
• Distinctiveness
• Permanence
• Collectability

Some issues:

• Privacy
• Can’t change or issue new credentials
• Common across domains

CSC 481/681

Principles of Computer Security

Physical Security

New Issues

Internet of Things (IoT)

Connecting physical controllers or actuators to the Internet means hacks can have physical consequences.

​

IoT Devices

• Door locks
• Garage door openers
• “Smart speakers”
• Cameras
• Thermostats
• Microwaves (it’s spying on you!)

CSC 481/681

Principles of Computer Security

Physical Security

Physical Area Security�Controlling Access

​

Common physical access controls

• Guards and ID badges
• Keys / Access tokens (including card swipe and RFID)
• Time locks
• Alarms

​

Things to remember

• Strong locks are useless if door/frame is weak
• Raised floors and dropped ceilings
• Air ducts
• Glass walls

CSC 481/681

Principles of Computer Security

Physical Security

Physical Security for Storage Devices

Efficient space management can leave security vulnerabilities...

• Physical access gives raw access to disk sectors
• Unless: Self-Encrypting Drives (SEDs) (or other disk encryption)

​

• Disk sector issues
• Deleting a file doesn’t erase data! Just re-sets pointers.
• Good O.S. will not let old data be seen – normally!
• Bypass O.S. protections with physical access / Live CD
• Norton made a lot of money with “undelete” utilities!
• Forensics software good at recovering traces of old data
• Windows with “recycle bin” even worse!
• “Slack space” issues: Even if sector reused, may contain old data past the end of the file

​

​

CSC 481/681

Principles of Computer Security

Physical Security

What happens when you delete a file?

(and really delete - not just move to trash can!)

Typical filesystem - Uh Oh! Better delete extortion.doc!

CSC 481/681

Principles of Computer Security

Physical Security

What happens when you delete a file?

(and really delete - not just move to trash can!)

What really happened? Removed name and shifted data blocks to the free list.

CSC 481/681

Principles of Computer Security

Physical Security

More on Physical Storage Media

• Magnetic/Optical Remanence for traditional hard drives
• Even if a file has been overwritten, traces may still be there
• Disk heads move, and probably aren’t in exactly the same place on a write and an overwrite
• Secure delete utilities should be used
• Re-formatting is not enough!
• Typical: Overwrite with 0’s, then 1’s, then random data (repeat!)
• Example: GNU utility “shred” – careful with some filesystems!
• For very sensitive data: Physically destroy device
• Optical Media (CD-R, etc.) – can get shredders for this!
• Story 1: Research study bought 100 hard disks from on-line auction site – 70% had recoverable, sensitive data
• Story 2: 2^nd hand computer sold by bank in 2000 had Paul McCartney’s banking details on it!

CSC 481/681

Principles of Computer Security

Physical Security

Data Clearing Example

DoD Guidelines

From the DoD National Industrial Security Program Operations Manual (“NISPOM” or DoD Publication 5220.22-M)

Terminology:

​

“Clear”: Before reuse in similar environment

“Sanitize”: When removed from that env

​

Tape type: Amount of energy required to change magnetization - Type III is best for long-term storage (very stable), but makes it harder to sanitize.

CSC 481/681

Principles of Computer Security

Physical Security

Protections

Drive Encryption

Styles of encryption:

• Full drive encryption
• Bitlocker, TrueCrypt, LUKS, …
• File-by-file encryption
• EFS, encryptfs, …
• Hardware encryption
• Self-encrypting drives

Where does the key come from?

• HW device (TPM/Bitlocker)
• User entered (keyloggers!)
• Evil maid attack

​

From 2019 IEEE Symposium on Security and Privacy:

CSC 481/681

Principles of Computer Security

Physical Security

Protections

Drive Encryption

Styles of encryption:

• Full drive encryption
• Bitlocker, TrueCrypt, LUKS, …
• File-by-file encryption
• EFS, encryptfs, …
• Hardware encryption
• Self-encrypting drives

Where does the key come from?

• HW device (TPM/Bitlocker)
• User entered (keyloggers!)
• Evil maid attack

​

Remember

​

Often “easier” vulnerabilities than breaking the crypto

CSC 481/681

Principles of Computer Security

Physical Security

Physical Security for Networks

Physical network connections:

• Wires can be tapped or wrapped (EM radiation)
• Fiber not as secure as once thought

​

Protections:

• Alarms for cable disconnects
• Monitor for signal loss
• Shielded cables
• Secured cable runs
• Locked or even pressurized

Fiber is harder to tap than copper, but still possible!

CSC 481/681

Principles of Computer Security

Physical Security

Threats from Physical Proximity

“Emanation Security” (EMSEC)

Optical emanations

• Viewing password entry (shoulder surfing)
• Seeing network monitors/status lights

​

Audio emanations

• Obvious: Listening in on private conversations
• Listening in on typing - keys make different sounds!

​

Electromagnetic emanations

• Electrical devices naturally give of EM signals
• Monitors, network cables, …
• CRT monitors have been “viewed” from the other side of a wall!

​

Protections: Solid walls; Sound buffering (or masking); Faraday cages

• SCIFs (Secure Compartmented Information Facility)

CSC 481/681

Principles of Computer Security

Physical Security

Summary

​

Always ask: “What can the attacker access”?

​

Does physical access give advantages?

​

Especially important in design of secure facilities.

CSC 481/681

Principles of Computer Security

Physical Security