Tag: ECC

AIR-GAPPED Computers

AIR-GAPPED Computers

HOW DO YOU remotely hack a computer that is not connected to the internet? Most of the time you can’t, which is why so-called air-gapped computers are considered more secure than others.

Air-gap refers to computers or networks that are not connected directly to the internet or to any other computers that are connected to the internet.

The name arises from the technique of creating a network that is physically separated (with a conceptual air gap) from all other networks.

Air gaps generally are implemented where the system or network requires extra security, such as classified military networks, the payment networks that process credit and debit card transactions for retailers, or industrial control systems that operate critical infrastructure. To maintain security, payment and industrial control systems should only be on internal networks that are not connected to the company’s business network, thus preventing intruders from entering the corporate network through the internet and working their way to sensitive systems.

A true air gap means the machine or network is physically isolated from the internet, and data can only pass to it via a USB flash drive, other removable media, or a firewire connecting two computers directly. But many companies insist that a network or system is sufficiently air-gapped even if it is only separated from other computers or networks by a software firewall. Such firewalls, however, can be breached if the code has security holes or if the firewalls are configured insecurely.

Although air-gapped systems were believed to be more secure in the past, since they required an attacker to have physical access to breach them, recent attacks involving malware that spread via infected USB flash drives have shown the lie to this belief. One of the most famous cases involving the infection of an air-gapped system is Stuxnet, the virus/worm designed to sabotage centrifuges used at a uranium enrichment plant in Iran. Computer systems controlling the centrifuges were air-gapped, so the attackers designed Stuxnet to spread surreptitiously via USB flash drives. Outside contractors responsible for programming the systems in Iran were infected first and then became unwitting carriers for the malware when they brought their laptops into the plant and transferred data to the air-gapped systems with a flash drive.

MjIyMTQzMg

The techniques of hacking air gap computers include:

  • AirHopper that turns a computer’s video card into an FM transmitter to capture keystrokes;
  • BitWhisper that relies on heat exchange between two computer systems to stealthily siphon passwords or security keys;

 

 

Researchers in Israel showed how they could siphon data from an air-gapped machine using radio frequency signals and a nearby mobile phone. The proof-of-concept hack involves radio signals generated and transmitted by an infected machine’s video card, which are used to send passwords and other data over the air to the FM radio receiver in a mobile phone.

The method is more than just a concept, however, to the NSA. The spy agency has reportedly been using a more sophisticated version of this technique for years to siphon data from air-gapped machines in Iran and elsewhere. Using an NSA hardware implant called the Cottonmouth-I, which comes with a tiny embedded transceiver, the spy agency can extract data from targeted systems via RF signals and transmit it to a briefcase-sized NSA relay station up to eight miles away.

  • Stealing the secret cryptographic key from an air-gapped computer placed in another room using a Side-Channel Attack.This is the first time when such attack have successfully targeted computer running Elliptic Curve Cryptography (ECC).

Elliptic Curve Cryptography is a robust key exchange algorithm that is most widely used in everything from securing websites to messages with Transport Layer Security (TLS).

Source: thehackernews, spectrum.ieeewired.com

SECURITY+ Acronyms

Acronym

Stands for

3DES Triple Data Encryption Standard
AAA Authentication, Authorization and Accounting
ACL Access Control List
AES Advanced Encryption Standard
AES 256 Advanced Encryption Standards, 256-bit
AH Authentication Header
ARP Address Resolution Protocol
AUP Acceptable Use Policy
BCP Business Continuity Planning
BIOS Basic Input/Output System
BOTS Network Robots
CA Certificate Authority
CCTV Closed-Circuit Television
CERT Computer Emergency Response Team
CHAP Challenge Handshake Authentication Protocol
CIRT Computer Incident Response Team
CRL Certification Revocation List
DAC Discretionary Access Control
DDOS Distributed Denial of Service
DEP Data Execution Prevention
DES Data Encryption Standard
DHCP Dynamic Host Configuration Protocol
DLL Dynamic Link Library
DLP Data Loss Prevention
DMZ Demilitarized Zone
DNS Domain Name Service
DOS Denial Of Service
DRP Disaster Recovery Plan
DSA Digital Signature Algorithm
EAP Extensible Authentication Protocol
ECC Elliptic Curve Cryptography
EFS Encrypted File System
EMI Electromagnetic Interference
ESP Encapsulated Security Payload
FTP File Transfer Protocol
GPU Graphic Processing Unit
GRE Generic Routing Encapsulation
HDD Hard Disk Drive
HIDS Host-Based Intrusion Detection System
HIPS Host-Based Intrusion Prevention System
HMAC Hashed Message Authentication Code
HSM Hardware Security Module
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol over SSL
HVAC Heating, Ventilation, Air Conditioning
IaaS Infrastructure as a Service
ICMP Internet Control Message Protocol
ID Identification
IKE Internet Key Exchange
IM Internet Messaging
IMAP4 Internet Message Access Protocol v4
IP Internet Protocol
IPSEC Internet Protocol Security
IRC Internet Relay Chat
ISP Internet Service Provider
KDC Key Distribution Center
L2TP Layer 2 Tunneling Protocol
LANMAN Local Area Network Manager
LDAP Lightweight Directory Access Protocol
LEAP Lightweight Extensible Authentication Protocol
MAC Mandatory Access Control / Media Access Control
MAC Message Authentication Code
MBR Master Boot Record
MDS Message Digest 5
MSCHAP Microsoft Challenge Handshake Authentication Protocol
MTU Maximum Transmission Unit
NAC Network Access Control
NAT Network Address Translation
NIDS Network-Based Intrusion Detection System
NIPS Network-Based Intrusion Prevention System
NOS Network Operating System
NTFS New Technology File System
NTLM New Technology LANMAN
NTP Network Time Protocol
OS Operating System
OVAL Open Vulnerability Assessment Language
PAP Password Authentication Protocol
PAT Port Address Translation
PEAP Protected Extensible Authentication Protocol
PGP Pretty Good Privacy
PKI Public Key Infrastructure
PPP Point-to-Point Protocol
PPTP Point-to-Point Tunneling Protocol
PSK Pre-Shared Key
RA Recovery Agent
RADIUS Remote Authentication Dial-in User Server
RAID Redundant Array of Inexpensive Disks
RAS Remote Access Server
RBAC Role Based Access Control
RSA Rivest, Shamir & Adleman
RTP Real-Time Transport Protocol
S/MIME Secure/Multipurpose Internet Mail Extension
SaaS Software as a Service
SCAP Security Content Automation Protocol
SCSi Small Computer System Interface
SDLC Software Development Life Cycle
SDLM Software Development Life Cycle Methodology
SHA Secure Hashing Algorithm
SHTTP Secure Hypertext Transfer Protocol
SIM Subscriber Identity Module
SLA Service Level Agreement
SLE Single Loss Expectancy
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SSH Secure Shell
SSL Secure Sockets Layer
SSO Single Sign-On
TACACS Terminal Access Controller Access Control System
TCP/IP Transmission Control Protocol/Internet Protocol
TLS Transport Layer Security
TPM Trusted Platform Module
UAT User Acceptance Testing
UPS Uninterrupted Power Supply
URL Universal Resource Locator
USB Universal Serial Bus
UTP Unshielded Twisted Pair
VLAN Virtual Local Area Network
VoIP Voice Over IP
VPN Virtual Private Network
VTC Video Teleconferencing
WAF Web Application Firewall
WAP Wireless Access Point
WEP Wired Equivalent Privacy
WIDS Wireless Intrusion detection System
WIPS Wireless Intrusion Prevention System
WPA Wireless Protected Access
XSRF Cross-Site request Forgery
XSS Cross-Site Scripting