Security Hazards When Law Is Code
Total Page:16
File Type:pdf, Size:1020Kb
Security Hazards when Law is Code by Eric Wustrow A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy (Computer Science and Engineering) in the University of Michigan 2016 Doctoral Committee: Associate Professor J. Alex Halderman, Chair Research Professor Peter Honeyman Associate Professor Z. Morley Mao Professor Paul Resnick ACKNOWLEDGEMENTS I would not have been able to complete this dissertation or the work contained herein without the immense support I have been lucky enough to receive from my friends, colleagues, and family. I want to express my gratitude to my advisor J. Alex Halderman for his unending inspiration, patient guidence, and comradery throughout my graduate studies. Alex has been an outstanding mentor and friend, and I have learned a great deal from him. I would like to thank the people closest to me over the years: Mary Lin, Jenn Roloff, Jess Ouyang, Meghan Clark, and Courtney Poles for their helping me through the most difficult parts, as well as Dana Wilson for giving me the best advice I didn’t know I needed. I also thank my many labmates for keeping me company: Scott Wolchok, James Kasten, Zakir Durumeric, David Adrian, Drew Springall, Travis Finkenauer, Ben Burgess (thanks for not social engineering me out of anything important), Colleen Swanson, Allison McDonald, Ariana Mirian, Benjamin VanderSloot, and Matt Bernhard. I’d like to thank David Devecsery for distracting me with rock climbing, and for the many research discussions we have had. I also thank my thesis committee members Peter Honeyman, Z. Morley Mao, and Paul Resnick for their detailed feedback on my dissertation, as well as Blake Reid for his discussions on computable policy and law. Additionally, I thank Michael Bailey, Nadia Heninger, and Brian Noble for their advice and wisdom. I am grateful to the National Science Foundation and the New America Foundation for funding me through my graduate work, as well as my co-workers and friends from Square for the experience and perspective they provided. I also thank Lab11, especially Prabal Dutta, Ben Kempke, Pat Pannuto, Brad Campbell, Will Huang, and Branden Ghena for their seemingly infinite supply of hardware at low prices and few questions asked. Finally, I would like to thank my family for their support, especially my mother for her unwavering care and my father for his persistant encouragement. ii TABLE OF CONTENTS Acknowledgments ................................... ii List of Figures ..................................... vi Abstract ......................................... x Chapter 1 Introduction ..................................... 1 2 Internet Voting ................................... 11 2.1 Introduction................................. 11 2.2 Background: The D.C. Digital Vote-By-Mail System........... 13 2.3 Attacking the Web Application....................... 14 2.3.1 Shell-injection vulnerability.................... 15 2.3.2 Attack payloads.......................... 16 2.3.3 Other vulnerabilities and potential attacks............. 18 2.4 Attacking the Network Infrastructure.................... 19 2.4.1 Infiltrating the terminal server................... 19 2.4.2 Routers and switches........................ 20 2.4.3 Network webcams......................... 21 2.5 Discussion.................................. 21 2.5.1 Attack detection and recovery................... 21 2.5.2 Adversarial testing and mechanics of the D.C. trial........ 22 2.5.3 Why Internet voting is hard.................... 23 2.6 Related Work................................ 24 2.7 Conclusions................................. 25 3 Airport Security ................................... 27 3.1 Introduction................................. 27 3.2 The Rapiscan Secure 1000......................... 30 3.2.1 Backscatter Imaging........................ 31 3.2.2 Subsystems............................. 31 3.3 Contraband Detection............................ 34 3.3.1 Concealment by Positioning.................... 36 3.3.2 Concealment by Masking..................... 38 3.3.3 Concealment by Shaping...................... 39 3.4 Cyberphysical Attacks........................... 41 iii 3.4.1 User Console Malware....................... 41 3.4.2 Embedded Controller Attacks................... 42 3.4.3 Privacy Side-Channel Attack.................... 44 3.5 Discussion and Lessons........................... 46 3.6 Related work................................ 51 3.7 Conclusion................................. 52 4 Internet Censorship ................................. 54 4.1 Introduction................................. 54 4.2 Concept................................... 55 4.2.1 Threat model............................ 56 4.2.2 Goals................................ 57 4.2.3 Design............................... 58 4.3 Previous Work................................ 60 4.4 Tagging................................... 61 4.5 Protocol................................... 62 4.5.1 Overview of TLS.......................... 63 4.5.2 Telex handshake.......................... 64 4.6 Security Analysis.............................. 66 4.6.1 Passive attacks........................... 66 4.6.2 Active attacks............................ 67 4.7 Implementation............................... 70 4.7.1 Client................................ 70 4.7.2 Station............................... 70 4.8 Evaluation.................................. 72 4.8.1 Model deployment......................... 73 4.8.2 Tagging performance........................ 73 4.8.3 Telex-TLS performance...................... 74 4.8.4 Real-world experience....................... 74 4.9 Future Work................................. 75 4.10 Conclusion................................. 77 5 Practical Censorship Circumvention ....................... 78 5.1 Motivation.................................. 78 5.2 Review of Existing E2M Protocols..................... 81 5.3 Ciphertext Covert Channel......................... 83 5.3.1 Chosen-Ciphertext Steganography................. 84 5.4 TapDance Architecture........................... 88 5.4.1 Protocol Overview......................... 88 5.4.2 Tag Format............................. 89 5.5 Security Analysis.............................. 90 5.5.1 Passive Attacks........................... 90 5.5.2 Active Attacks........................... 93 5.6 Comparison................................. 95 5.7 Implementation............................... 97 iv 5.7.1 Client Implementation....................... 98 5.7.2 Station Implementation....................... 98 5.7.3 Connection Limits......................... 99 5.8 Evaluation.................................. 100 5.9 Future Work................................. 103 5.10 Related Work................................ 104 5.11 Conclusion................................. 105 6 Conclusion ...................................... 106 Bibliography ...................................... 109 v LIST OF FIGURES 2.1 Network architecture — The front-end web server receives HTTPS requests from users and reverse-proxies them to the application server, which hosts the DVBM election software and stores both blank and completed ballots. A MySQL database server stores voter credentials and tracks voted ballots. Mul- tiple firewalls reduce the attack surface and complicate attacks by disallowing outbound TCP connections. The intrusion detection system in front of the web server proved ineffective, as it was unable to decrypt the HTTPS connections that carried our exploit. (Adapted from http://www.dcboee.us/DVM/ Visio-BOEE.pdf.).............................. 13 3.1 The Rapiscan Secure 1000 full-body scanner uses backscattered X-rays to construct an image through clothing. Na¨ıvely hidden contraband, such as the handgun tucked into this subject’s waistband, is readily visible to the device operator...................................... 28 3.2 Backscatter Imaging — An X-ray tube (A) mounted on a platform travels vertically within the scanner. The X-rays pass through a spinning disk (B) that shapes them into a horizontally scanning beam. Some photons that strike the target (C) are backscattered toward detectors (D) that measure the reflected energy over time. Adapted from U.S. Patent 8,199,996 [72]........... 32 3.3 Operator View — The user console displays front and back images and offers basic enhancements and 2 × zoom. It also allows the operator to print images or save them to disk................................ 33 3.4 Concealing a Pistol by Positioning — The Secure 1000 cannot distinguish between high Zeff materials, such as a metal handgun, and the absence of a backscatter response. Carefully placed metallic objects can be invisible against the dark background................................ 36 3.5 Concealing a Knife by Masking — We find that high-Zeff materials can be hidden by covering them with lower Zeff materials, such as the common plastic PTFE (Teflon). For example, a metal knife is clearly visible when na¨ıvely concealed, but when covered with a thin plastic block it approximates the color of the spine. Tapering the block’s edges would reduce the visible outline.... 37 3.6 Concealing Explosives by Shaping — Left: Subject with no contraband. Right: Subject with more than 200 g of C-4 plastic explosive simulant plus detonator, molded to stomach................................. 39 vi 3.7 A Secret Knock — We demonstrate how malware infecting the Secure 1000 user console could be used to defeat the scanner. The malware is triggered when it detects a specific pattern in a scan, as shown