Main presentation title goes here.
Download
Report
Transcript Main presentation title goes here.
Police/NCA
Cybercrime Training
Denis A Nicole
[email protected]
2014-08-07
When the military’s top cyberwarriors gathered
last year inside a secretive compound at Fort
Meade, Maryland, for a classified war game
exercise, a team of active-duty troops faced off
against several teams of reservists.
And the active-duty team apparently took a
beating.
“They were pretty much obliterated,” said one
Capitol Hill staffer who attended the exercise.
“The active-duty team didn’t even know how
they’d been attacked.”
http://www.navytimes.com/article/20140804/NEWS04/308040019
2
Congress has authorized the FBI to add 2,000 personnel to its
rolls this year, and many of those new recruits will be
assigned to tackle cyber crimes, a growing priority for the
agency. And that’s a problem, FBI Director Comey told the
White Collar Crime Institute, an annual conference held at
the New York City Bar Association in Manhattan. A lot of the
nation’s top computer programmers and hacking gurus are
also fond of marijuana.
“I have to hire a great work force to compete with those cyber
criminals and some of those kids want to smoke weed on the
way to the interview,” Mr. Comey said.
Mr. Comey said that the agency was “grappling with the
question right now” of how to amend the agency’s marijuana
policies, which excludes from consideration anyone who has
smoked marijuana in the previous three years, according to
the FBI’s Web site. One conference goer asked Mr. Comey
about a friend who had shied away from applying because of
the policy. “He should go ahead and apply,” despite the
marijuana use, Mr. Comey said.
http://blogs.wsj.com/law/2014/05/20/director-comey-fbi-grappling-with-hiringpolicy-concerning-marijuana/
3
Nobody but us?
https://firstlook.org/theintercept/document/2014/08/05/directorate-terrorist-identities-dti-strategic-accomplishments-2013/
4
http://stakeholders.ofcom.org.uk/market-data-research/market-data/communications-market-reports/cmr14/uk/
5
Year of Code
Teachers could be trained how to educate students in
computer programming “in a day”
Lottie Dexter
http://www.bbc.co.uk/news/technology-26150717
6
1969
Toby Harris went on to be the first chair of the Metropolitan Police Authority.
7
Content
• Basics of Computer Networking
– IP4 and IP6, NAT (private addresses)
– BGP (Border Gateway Protocol), attacks
– DNS, dynamic DNS, secure DNS, attacks
– HTTP, HTTPS, VPNs, ssh
– Firewalls
– Public Key Infrastructure
– Tor, Bitcoin
This is all standard material for us
8
Cybercrime concepts
• Basic: SQL injection, cross-site scripting, DDoS.
• Malware: viruses, attack surfaces (software and hardware).
• Patching, antivirus, network monitoring.
• Motivations, sophistication of attackers, insiders?
• Forensic analysis: little real experience at Southampton.
• Network traffic analysis: off-site specialists.
9
Types of Malware
• Browser attacks
• Application attacks
• OS attacks
• Rootkits
• HW attacks
10
Basic Computer Forensics
• Major tools are probably
– EnCase: expensive, no experience in ECS
https://www.guidancesoftware.com/
– SANS: we have some experience here
http://digital-forensics.sans.org/community/cheat-sheets
• More advanced techniques
– Malware analysis (IDA Pro)
https://www.hex-rays.com/products/ida/
– Password Cracking
http://www.openwall.com/john/
11
Hands-on laboratory work
• RFID
• CHIP AND PIN
• Penetration testing: PonziBank
• XSS
• Side Channels
• Malware analysis
12
Which do you trust?
13
EMV electrical protocol
C1
C2
C3
C5
C7
Vcc (+5V, 55mA until Jan 2014)
Reset (active low)
Clock (1MHz to 5MHz)
Ground
Input/Output (1 bit = 372 clocks)
14
Check a PIN
Sending: 80 CA 9F 17 00 How many tries do I have left?
Received: 9F 17 01 03 90 00 Three. It might not tell you!
Sending: 00 20 00 80 08 24 00 00 FF FF FF FF FF Is it 0000?
Received: 63 C2 Nope; two tries left
State of non-volatile memory changed. Counter: 0x2
Sending: 00 20 00 80 08 24 00 01 FF FF FF FF FF 0001?
Received: 90 00 Yes
Sending: 80 CA 9F 17 04
Received: 9F 17 01 03 90 00 We’re back to three tries
If you “brick” your card, an ATM should check online and reset it.
Gives a good introduction to ASN.1
15
PonziBank
http://xkcd.com/327/
16
Research:
C/C++ Verification
Presentation to HP
Denis A Nicole
[email protected]
2014-05-07
Our contribution to security
• A whole new class of software vulnerabilities arise in
“multicore” chips: all modern phones, desktops and servers.
• The vulnerabilities are timing-dependent and cannot
usually be found by conventional testing.
18
ESBMC is a Collaboration between
• University of Southampton
– Jeremy Morse and Denis Nicole
• Federal University of Amazonas, Brazil
– Mikhail Ramalho, Mauro Freitas, Felipe Sousa,
Hendrio Marques and Lucas Cordeiro
• University of Stellenbosch, South Africa
– Bernd Fischer
19
ESBMC is a bounded model checker
• It exhaustively analyses all possible behaviours of a
(multithreaded) C or C++ program up to a fixed depth of
– loop iteration (including backward jumps and recursion),
– thread interleaving.
• Within these bounds, it checks for
– C errors: pointer errors, arithmetic errors, array bounds,
malloc()/free(), assert() failures, data races, etc.
– Violation of Linear Temporal Logic specifications.
20
Model Checking is not Simulation
• Simulation (testing) checks correctness for a particular
input and a particular thread interleaving.
• You need to run multiple simulations with different data
and different timing before you get some assurance.
• Model Checking exhaustively analyses all possible
behaviours over a range of possible inputs and generates a
witness, a trace of program state, if there are any possible
failures.
• Good-coverage simulation may be effective against
“random” errors; it offers little protection against tailored
attacks.
21
Improvement by competition
• The field of C model checking research is now large enough to support
annual competitions; perhaps the best known is that held in
conjunction with the International Conference on Tools and
Algorithms for the Construction and Analysis of Systems (TACAS).
• The team is proud to report that ESBMC v1.17 won the Gold Medal in
the SystemC and Concurrency categories and the Bronze Medal in the
overall ranking of the first International Competition on Software
Verification at TACAS 2012.
• ESBMC v1.20 won the Bronze Medal in the overall ranking of the
second competition at TACAS 2013.
22