Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cyber warfare: an unorthodox view from the bat...

Cyber warfare: an unorthodox view from the battlefield

They say we are living the militarization of the cyber domain. Meaning that you are connected to a warzone while reading this. Are you scared, buddy? Nope, right? I know you have been eating cyber-attacks for breakfast. That’s why I want to share some half coked ideas with you. The whole thing starts in the battlefield; that place where soldiers meet. Unfolding, we may realize that someone needs to rewrite the security books out there.

Roberto Rigolin Ferreira Lopes

September 18, 2015
Tweet

More Decks by Roberto Rigolin Ferreira Lopes

Other Decks in Research

Transcript

  1. In short Presentation title 2 yyyy-mm-dd Three things:  Cyber

    warfare: an unorthodox view from the battlefield Cyber Commands Unorthodox Battlefield
  2. The devices: Tactical Network Presentation title 5 yyyy-mm-dd Node A

    <Dismounted> UHF WLAN Node C <Mobile> VHF UHF WLAN SatCom Node B <Relay> SatCom VHF HQ Node D <Deployed> SatCom VHF UHF WLAN
  3. Scenario  Tactical Ground Report System Distributed Security Policies Presentation

    title 6 yyyy-mm-dd Node C Node A Soldier localization Adversary localization Vehicle localization Live camera Aerial photos Node B
  4. The architecture Nodes Tactical Network Presentation title 7 yyyy-mm-dd Node

    A <Dismounted> UHF WLAN Node C <Mobile> VHF UHF WLAN SatCom Node B <Relay> SatCom VHF HQ Node D <Deployed> SatCom VHF UHF WLAN SV-1 TSI Node «Software» TSI Node «Software» Controller «Software» Service Mediator «Software» Packet Handler «Software» Message Handler «Function» Session Management «Function» Message Exchange «Function» Message Adaption «Function» Message Forwarding «Function» Message Transport «Function» Packet Forwarding «Function» Packet Scheduling «Function» QoS Handling «Function» Routing «Function» Security Handling «Function» Service Registry «Function» Contextual Monitoring «Function» Policy Management «Function» Metadata Handling «ResourceArtifact» BS «ResourceArtifact» IS IF I003 IF E001 IF I001 IF I005 IF I002 IF I004 IF E002 Service-Oriented Architecture <Security>
  5. Reference Architecture Simplifying this thing: Presentation title 9 yyyy-mm-dd Packet

    Handler Message Handler Service Mediator Controller 1 2 3 4 Policy management Security handling
  6.  Implementing the cross-layer message exchange Reference Architecture Presentation title

    10 yyyy-mm-dd Presentation title Packet Handler Message Handler Service Mediator Controller 1 2 Network Simulator SOA Platform Operating System p = Runtime.getRuntime().exec("host -t a " + domain); p.waitFor();
  7. Presentation title 11 yyyy-mm-dd TSI Tactical Service Infrastructure <Experiments> <Design>

    <Prototyping> <Services> SV-1 TSI Node «Software» TSI Node «Software» Controller «Software» Service Mediator «Software» Packet Handler «Software» Message Handler «Function» Session Management «Function» Message Exchange «Function» Message Adaption «Function» Message Forwarding «Function» Message Transport «Function» Packet Forwarding «Function» Packet Scheduling «Function» QoS Handling «Function» Routing «Function» Security Handling «Function» Service Registry «Function» Contextual Monitoring «Function» Policy Management «Function» Metadata Handling «ResourceArtifact» BS «ResourceArtifact» IS IF I003 IF E001 IF I001 IF I005 IF I002 IF I004 IF E002 The approach:
  8. In Short Presentation title 14 yyyy-mm-dd What if we X-Ray

    the architecture? <Packets> <Messages> <Services> <Controller> <Attacker> Hygiene: Flossing and brushing
  9. Extending the TSI Node to expose:  SOA Platform 

    Operating System Security at the Reference Architecture Presentation title 16 yyyy-mm-dd SOA Platform Controller Service Mediator Message Handler Packet Handler Operating System <Policy Management> <Security Handling> 1 2 Cryptography Tactical Platform Guard Tactical Support Guard Policy Manager Privilege Management Policy Manager Policy Enforcement Point Policy Decision Point Policy Administration Point Detection Diligence Protection Planning Response QoS <domains> TSI Node PEP PEP PEP a b c <a,b,c> Shall we claim being protected?
  10. 18 Presentation title yyyy-mm-dd The experts The experts Hey YOU,

    check out this cyber-attack! Hey Marthe, what about a run? Hey Messi, lets play some football?
  11. What just happened? Presentation title 21 yyyy-mm-dd Observe Orient Decide

    Act You Basic abstraction for mission/operation
  12. OODA-loop modelling battles Presentation title 22 yyyy-mm-dd In the battlefield

    with an equal capable adversary  Who manages to get inside the adversary decision loop WINS! Observe Orient Decide Act Observe Orient Decide Act YOU Adversary Faster tempo and rhythm will generate confusion and disorder … <Faster tempo> <Disorder>
  13. OODA-loop Presentation title 23 yyyy-mm-dd What if the battlefield is

    a football field?  Same story… Faster tempo and rhythm will generate confusion and disorder … <Faster tempo> <Disorder>
  14. Tactical fractal Presentation title 24 yyyy-mm-dd Observe Orient Decide Act

    Observe Orient Decide Act Observe Orient Decide Act Observe Orient Decide Act
  15. Tactical fractal Presentation title 25 yyyy-mm-dd Observe Orient Decide Act

    Observe Orient Decide Act Observe Orient Decide Act Observe Orient Decide Act Observe Orient Decide Act Handheld <Dismounted> Drone <Relay> Laptop <Mobile> Looks like a fractal, QUACKs like a fractal, But don’t let it FOOL you, it is a TACTICAL FRACTAL!
  16. Related tools:  Eavesdrop  Adversary listening data flows 

    SIGINT probing troops localization  Spyware  Malicious software within the network  Jamming  SIGINT creating noise in the channels  Logic bombs  Piece of code defining a malicious function  Stuxnet and Etc…  New techniques being created right now! Cyber warfare Presentation title 28 yyyy-mm-dd
  17. In Short Presentation title 29 yyyy-mm-dd History of cyber conflict

    1980s: Realization 1998-2003: Take off 2003 to now: Militarization 1986: Cuckoo’s egg 1988: Morris worm 1998: Solar Sunrise 1998: Moonlight maze 2007: Israel invaded Syrian airspace 2010: Stuxnet Today
  18. Militarization at work 30 yyyy-mm-dd 0 Days Market Experts Spy

    Companies Governments Investments Tools + Infra + exploits Cyber Commands? Digital arms race… Stuxnet started this?
  19. Stuxnet in short 32 yyyy-mm-dd Zero Day + 1 2

    3 4 -----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALMm7bbrJurAWtEJ b9RfjRHMPP/XXjfmVXFc68no+I6jhZksPqKOshwv/pnGDdPOwO3B4k28EDX2YQK5 j8zFgNF/yC4tmjKfirsy6hSC4G/LPZ3VHPFDUp9JefGUA0gskVHHjzKQp8LAJWQ0 8cfyrNWWh6IK++WzC5C/bwh1XVTLAgMBAAECgYB1zJIgZe04DPVqYC8lURL8cfRm MeIlFZJ3MSdlo4fUmtddCYfB8dxRxok96cnrzRZ0/7jjblamdPQDC6rvdaqmfLFx nJ/RVhCj6HqDMrQnv/9tnl6UQmkaYSnYvTn2GgmpqvBf9RUQk4+kjwgRgdqKxaIz oH8j0ZxMh2DOZuzJMQJBAOJwEnbG085q2k1Qg8PQz0cpVG9QCE3sJUNs0hMPC7dk IzknFtidlpCf6NMboJ2Nt9dzmJmKLqWb3oauyQRQA6MCQQDKin0wElLV1268IbcF RXhkVlxcg5fDEazeNL9p1z5vmwaq0IcLtSPrIaect2hacCkfJoREhcA+f9YIpcod lby5AkEApyXla0ofpXqYxIOPkGc96qCmlDh2uNZ9N0VH2Qu9MVW47oJdSe8h6oYv /k2hhUvMjjzlQ0mOX28slyzEc+uAkwJAWlAsiE3zX+UjPIJwIMqcZ2lW3+3Rsyrj gWXV4HUZIxzmeS5ouWC5NnSYT7o8ru8KdxhurDtTwMqx/sMmf9CwCQJAIDbMwwIs XStw0y/M9+hdPUkccVoHyXKPTensyX/miAUwHZN/oadGUUOZO7XBKb1uNFv1uowU 29bGgXa+mvb6aA== -----END PRIVATE KEY----- Implement Sign it Deploy it Running Air gap Control System Code to break things silently Main Thread .dll Injected code .LNK exploit <Stolen>
  20. Security requirements Presentation title 33 yyyy-mm-dd Stuxnet is a different

    beast: Passed the access control! Can we use the OODA-loop to catch this? Delivering the .dll .dll running? Attacking from within… The future? Authenticated and authorized…
  21. In Short Presentation title 34 yyyy-mm-dd «Software» TSI Node «Software»

    Controller «Software» Service Mediator «Software» Packet Handler «Software» Message Handler «Function» Session Management «Function» Message Exchange «Function» Message Adaption «Function» Message Forwarding «Function» Message Transport «Function» Packet Forwarding «Function» Packet Scheduling «Function» QoS Handling «Function» Routing «Function» Security Handling «Function» Service Registry «Function» Contextual Monitoring «Function» Policy Management «Function» Metadata Handling «ResourceArtifact» BS IF I003 IF E001 IF I001 IF I005 IF I002 IF I004 IF E002 Remember our sexy architecture? Disclaimer: hot stuff, prohibited for under 18 Let’s rethink how to protect it…
  22. Remember Presentation title 37 yyyy-mm-dd Observe Orient Decide Act Observe

    Orient Decide Act Observe Orient Decide Act Observe Orient Decide Act Observe Orient Decide Act Observe Orient Decide Act Observe Orient Decide Act How to model nested loops?
  23. Challenges Presentation title 38 yyyy-mm-dd Observe Orient Decide Act Observe

    Orient Decide Act Team Stark Team Ultron Protected Hacked Faster tempo… How? How? How? 1 2 3
  24. Just A Rather Very Intelligent System (JARVIS) Presentation title 39

    yyyy-mm-dd What if you have planted stuxnet at your adversary. How to play with it?  Three scenarios:  You are attacked  You are attacking  Both are playing…  What it means loose battle?  What about winning?  How intrusive the whole thing is? JARVIS: Just A Rather Very Intelligent System JARVIS 2016: same stuff but damn Secure!
  25. Presentation title 40 yyyy-mm-dd The beginning. Roberto Rigolin Ferreira Lopes

    [email protected] “Forget it all. Don't be afraid. Do what you get the most pleasure from. Develop your talents wherever they may lead. Damn the torpedoes - full speed ahead!” ― Richard Feynman