Cyber Security

I have been following several other members of the community and have liked and reblogged various posts giving some feedback to those classmates.

I was looking for some more things to do since I finished earlier than I intended and ended up reading through the following paper about NFC payments:

https://courses.csail.mit.edu/6.857/2018/project/Giese-Liu-Sun-Syed-Zhang-NFC.pdf

The paper discusses to possibility of a skimming or wormhole attack on the people who use contactless payment. This is essentially where you still the card details using a portable card reading device, and can then access those fund anywhere and any time. Some recommendations on how to defend against such attacks include:

Detecting if the card reader is within a certain proximity to the card or phone before charging the amount of money.

Require explicit approval from a user on all their transactions. This ensures that the user is aware of everything they are being charged for.

Train barriers and the gate guards are simply a detterent like the guards at retail stores. I saw recently a boy jump over a gate and the guard saw, but did absolutely nothing. A recommendation for Transport NSW would be to invest more in higher gates which would make it much more difficult to jump over, or duck under.

Injection is when an attacker puts injects some of their own code into a program, and the program is tricked into running that code for you. This is a huge problem since attackers are able to get data they otherwise shouldn’t have access to. To defend against this, you should always sanitise your inputs. In other words, remove/escape any special characters which might have meanings other than the ones intended.

https://www.w3schools.com/sql/sql_injection.asp

This case study was about what if a war was declared on Australia and we were in charge of the cyber defence, what would our cyber defences look like. In all honesty, Australia won’t have much hope against other super powers such as China or Russia. In the event that this happens, Australia’s best option would be to become a republic and remain neutral, or surrender.

If on the other hand this is not allowed, we propose the following recommendations:

Ensure the water supply can operate without any computer systems

Ensure all critical infrastructure has backup power generators installed (e.g. hospitals, military, supply chain for food)

Ensure all military equipment is manufactured in Australia so that we are not vulnerable to hacks due to malicious software already installed on the systems.

Have the ability to turn on a “Great Firewall” that monitors and censors all cyber traffic in Australia. This can double as protection against espionage, and also prevent discontentment being expressed about the war effort.

Upgrade all government security systems (and ensure they were all designed/programmed in-house.

Make all critical information systems available offline (e.g. medical records)

Some other interesting recommendations given by other teams were:

Completely separating the internet in Australia from the rest of the world (physically cut the wire)

Disable all social media to prevent the spread of propaganda from opposing countries.

In the first recipe, the cake needs to have more specific measurements. For exam, it doesn’t say how much cream, sugar, or butter we need to use.

In the second recipe, it does not specify where the golden syrup and sweetened consdensed milk should go. Also, it appears to be missing information about the caramel layer...

Lastly, the third recipe has an incorrect instruction, saying to bake only for 10-15 minutes instead of 30 minutes.

I was at the shops today when I was leaving the shops. I got pulled over by the guard to check my bag. I unzipped it for a second, then he told me to continue on. Thinking back, those bag checks are never more than a deterrent. If you hide the thing you’re trying to steal under enough layers, or in a side pocket, they would never notice. Just remember to take the tags off so the alarms won’t go off when you pass through the door...

Retail shops should consider doing more thorough random checks each time, since it feels very pointless otherwise.

In light of Iran shooting down a US military drone, the US Cyber Command have retaliated by targetting the computers which control rockets and launches missiles. They will likely be aiming to make the missiles malfunction, or just disable the missiles in general. This brings to light not only how reliant most military technology is on computers, but also everyday civilian necessities such as water and energy.

Governments should all be considering contingencies if these essential supplies somehow had their computers disabled. There will need to be manual alternatives for every critical system in the event the digital systems fail.

https://www.technologyreview.com/f/613862/the-us-has-launched-a-cyber-attack-against-irans-weapons-systems/

In the following video, it demonstrates how an access card such as the university ID cards can be cloned. I have downloaded the Mifare Classic app to experiment process. I have also purchased a “magic UID” card on eBay to attempt demoing this attack.

https://youtu.be/btLQB8WCQXA

The question proposed was what we would do if we were in charge of the physical security which at Google for a new top-secret facility. The things which we wanted to protect was the data storage, the data transfer, and the electricity.

Hence, my team came up with the following recommendations:

Hide the entrance of the building and have the main building being underground so that there will be some natural protection from potential infiltrators. This would also protect the building from most attacks such as bombings, or otherwise (this did not actually make the final cut)

Ensure the building has backup generators since all other security mechanisms would likely rely on electricity.

Ensure all workers do not bring any electronic devices inside the building. They would need to discard any of those external electronics before entering. The building would not be connected to the internet at all to completely avoid the possibility of people hacking into the systems.

The data would be stored in hard-drives distributed about the building. There would be no printers so no one would be able to take hardcopies of information out.

Other interesting ideas from other groups included:

Giving tracking device to all workers so that the company could detect when any of its workers might’ve been under duress.

Iris scan for authentication with a security guard monitoring the process.

All rooms require access, and people will only be given the minimum required access for the things they’re doing. In this way, the building will be compartmentalised, so even if the entrance is breached, the other rooms will still remain secure.

Hard-drive incinerator for any being disposed

Buffer overflow

This attack is essentially where the attacker is able to overwrite the return address, and gets the computer to execute the code it wants. This vulnerability can exist for multiple reasons, but is essentially the result of poor programming since these errors are mostly already publicly known, but people still make the same mistakes. This again puts the emphasis on not creating your own programs, particularly in C, unless you know very well what you are doing. High level languages with in-built error checking should be used to avoid such flaws.

Proof of work

Bitcoin and some other blockchains use proof of work as their consensus algorithm. This is essentially where “miners” search for a hash for a given transaction which has leading 0′s. Consensus is essentially where the work required to break the chain is more than possible since it is constantly changing, and the keysize is too large. This is reminiscent of all other forms of cryptography where the work is too high for anyone to ever reach, which makes it secure.

Modern Symmetric Ciphers

After a complex history of encryption standards, it’s interesting to see how DES came about from Lucifer, an encryption protocol developed by IBM, then modified by the NSA to create a single vulnerability that only they could exploit (by modifying one s-box). They would be able to exploit it using “Forstall Differential Analysis”, which was a mathematical technique which did not exist at that time.

During the lecture, Richard showed a magic trick where he managed to sort a deck of cards into red and black piles whilst allowing the audience the supposed free choice of which pile to place the card in. This was accomplished by only picking red cards for the first half, then when he said the the piles were being switched, he also switched from only black to only red. This meant that both decks would have half black, and half red, as the audience expected, but he split the “dodgy” deck which had the wrong order, and showed the black and red separately so people could not tell that it had the same order as the first pile, rather than the opposite as would be expected.

I knew about this trick since I first saw a very similar trick being performed on Youtube and I researched how it was done.

https://youtu.be/CmfgxPy_Ehk

The space shuttle, Challenger, had O-rings which had not been tested at temperatures as low as the morning of the shuttle’s launch which then resulted in their failure and ultimately the crash of the shuttle.

It was actually known that the shuttle’s rings had not been tested for those temperatures, but when consulting the engineering team, they did not believe they should be operated at temperatures below 53 F. However, due to pressure from management to launch that day, they disregarded these warnings. This was a demonstration of a misjudgement of risks. The management were not concerned about the uncertainty of the team when it came to the operating temperature of the O-rings, claiming that the engineering team was basing their recommendations on qualitative data rather than quantitative data.

A general recommendation when it comes to potentially high impact for any risks, particularly at NASA, nothing should proceed until the engineering team is satisfied with the shuttle being ready for launch. This needs to be an absolute rule, since the engineers are the ones most familiar with the hardware, and not the management team who would have a conflict of interest.