Re: (bypass channel?)

[ashar@osmosys.incog.com (Ashar Aziz)]

> From ipsec-request@ans.net Wed Jan 11 08:15 PST 1995
> > ... I don't have any
> > difficulty imagining the very real possibility that wily hackers
> > will use the strategy of bypassing the system's security apparatus
> > in order to break in. In attempting to do this, they will almost
> > certainly try (sometimes with success) to subvert a channel that is
> > invitingly named a "bypass" channel, something that you have just
> > re-introduced using the signature approach.
> 
> Could you explain this attack? 

Certainly.

Preventing attacks on bypass channels fall in the category of
secure *system* design, as opposed to secure protocol design.

To the extent that the security protocol enables or disables 
certain aspects of secure system design, then we as security 
designers need to be very concious of this, and should do 
everything we can to *enable* secure system design, as long as 
the costs are reasonable.

Let's consider, as an example, the well understood notion of
maintaining secret keys in hardware. Whereas, in theory,
a secure operating system can prevent user data (and thereby
secret keys) from falling into the wrong hands, we in the
security community tend to prefer the simpler tamper
resist hardware approach. 

The premise is this: a simple unavoidable hardware mechanism
that does not depend on the security features of an
operating system is preferable to performing exhaustive
verifications of a complex object like an operating system.

Anyone who has seen the security related bug lists of any major
operating system can relate to this concept. Most modern operating
systems are exceedingly complex (typically million lines plus)
and ensuring there are no code paths that lead to security failures
is a very difficult task.

Let me give you an example of operating system failures
from very recent memory. A prominent manufacturer of Internet
firewall equipment (who shall remain unnamed) has a failure
mode which in certain circumstances causes the firewall to
go completely in the open, while administrative interfaces
show the firewall to be implementing the security policies
put into effect.

It is not surprising that even a security device like a firewall
can have unexpected code paths leading to failures like the
one I mentioned above, because of the complexity of this problem.
(This issue happens to be related to the way the operating system
interacts with their software).

Now, consider for a moment a rather attractive notion. A cryptographic
processor sitting unavoidably in the hardware data path between the
network and the system, that verifies the integrity of *every* packet 
that passes through it (which happens to be *every* packet that arrives
at that node).

This processor can refuse to pass packets that fail the integrity
check, which is a cryptographic operation (and can also do normal 
audit operations like incrementing counters etc, if so configured).

Disabling this crypto processor requires physically removing the
chip, and potentially replacing this with a pass-through chip,
if so desired.

Now, this is entirely analagous to the notion of maintaining
secret keys in hardware. A simple unavoidable hardware mechanism
that ultra secure machines, which talk only to principals (nodes,
users, etc.) that they are able to authenticate, can use. 

Back to protocols. Any protocol that *requires* unauthenticated clear 
text traffic for purposes of key-management (and yes, all non-SKIP 
public key approaches that I am aware of fall in this category) *precludes*
such a system design. Other approaches then have to rely on the 
security of the operating system (ensuring which as I have said above 
is difficult) to ensure that bypass traffic required for key-management
purposes can not be misdirected into the system, potentially to the 
advantage of the intruder.

To summarize: the computational cost of this approach is actually
less than the computational cost of comparable public key approaches.
At the same time it enables a class of secure system designs that
rely on the well understood principles of isolating security
concerns into simpler (e.g. hardware) mechanisms. And the class of attacks
this helps prevent, active break-ins into networks or systems, is probably
of the highest concern to people responsible for Internet security.

Hope this helps,
Ashar.

---

• Prev by Date: Re: MD5 performance limitations document
• Next by Date: Re; (bypass channels)?
• Prev by thread: Re: Perfect forward SECURITY (uni- vs bi-directional impersonation)'
• Next by thread: Re; (bypass channels)?
• Index(es):
  • Main
  • Thread