Studentpaper-Mckay.Pdf

Studentpaper-Mckay.Pdf

McKay | 2 US Government and Private Sector Unity Center for Anticipatory Necessary to Protect Americans from Intelligence Student Spectre Cyberattack Research Reports Robert McKay December 2018 Executive Summary To safeguard Americans and critical government entities from the Spectre cyberattack and its variants, the United States Government (USG) will need to effectively collaborate with private sector companies to create an improved framework for communication between the private sector and the USG that provides a medium for essential cybersecurity coordination. Spectre is a devastating cyberattack that leverages the latest-discovered hardware vulnerabilities in modern computer processing units (CPUs).1 In the current state of play, at least three billion chips are vulnerable to Spectre attacks.2 As new ideas and exploitations emerge, Spectre attacks will become more threatening and difficult to mitigate.3 High-profile targets are reasonable choices by malicious actors for Spectre attacks, and since secure programming practices actually increase Spectre vulnerability, cybersecurity organizations are likely targets.4 The National Security Agency Central Security Service (NSA/CSS), the National Cybersecurity and Communications Integration Center (NCCIC), and In-Q-Tel are three of the best-equipped organizations to handle the Spectre threat. The NSA/CSS is on the cutting edge of cybersecurity technologies; the NCCIC has the responsibility of communicating with private sector entities and conveying emergency information to the public through the US Computer Emergency Response Team Coordination Center (US-CERT/CC);5 and In-Q-Tel has unique startup company scouting abilities that may also support a solution. Unifying the efforts of the private sector, the NSA/CSS, and the NCCIC could make significant strides in keeping US citizens and government entities secure against Spectre attacks in the near and long term. A coordination strategy, co-drafted by government and private parties, could ensure fluid and timely intelligence sharing in the best interests of national security and profits. Establishing a framework for professional communication between federal and private entities, with incentives in place for both parties, could greatly benefit the American people by providing safer products and improved national security. * * * McKay | 3 US Government and Private Sector Unity Necessary to Protect Americans from Spectre Cyberattack and its Variants Spectre is a cyberattack that exploits a hardware vulnerability in modern computer processing units (CPUs).6 Spectre is a threat to all devices running Intel, Advanced Micro Devices (AMD), and ARM processors manufactured from around 2000 to late 2018.7 The Spectre cyberattack and its variations are dangerous because they allow protected memory on a device to be accessed by a hacker.8 Of primary concern are encrypted passwords that can be accessed from a side channel unbeknownst to the user.9 Spectre attacks exploit three common things: branch prediction, speculative execution, and side channel timings. At the microarchitectural level, branch prediction allows the machine to perform faster by guessing which instructions need to be executed next. The machine then uses downtime between pipeline instructions to execute those guessed actions; this process is called speculative execution.10 In computer architecture, the pipeline is like an assembly line–– one piece moves from station to station until production is completed, just like an instruction in a pipeline.11 On a conditional branch, production pauses while the location for the part in front is calculated. Speculative execution occurs during this waiting period, guessing where the part should go and sending it there while continuing production of the other parts.12 Sometimes, the guess is wrong, and the parts (or instructions) get pushed back to where they were before the speculative execution.13 Whether the branch prediction is correct, the memory accessed by the speculative execution is not completely undone in order to save processing time––in fact, it is left in the cache, a place in memory that can be accessed quickly by any program.14 A Spectre attack measures the time it takes for the native process to branch: if the branch was correct, a short time will be measured, but if incorrect, a longer time will be measured.15 The art behind a Spectre attack is how it tricks the branch predictor into incorrectly guessing the information in protected memory that the attacker wants to know.16 When this information is placed in the cache (or another side channel), the shared memory becomes public to other processes and can be accessed by the attacker.17 Spectre attacks are untraceable because they exploit the system's normal operating behavior.18 Not knowing when or if a system has been attacked significantly inhibits defense. Suppose a victim of identity theft knows his or her information has been stolen––then at least he or she can act on that information and change passwords, lock bank accounts, and so forth. Compare this with a Spectre victim who continues to use the same accounts and same passwords after being unwittingly compromised. This characteristic of Spectre perpetuates the vulnerability of victims because an attacker can access new information again and again through the same attack.19 Many government and private systems may be vulnerable to Spectre. According to the Computer Emergency Response Team Coordination Center (CERT/CC), 36 major companies, including Apple, Amazon, and Google, are vulnerable to Spectre attacks.20 Additionally, 90% of personal computers use Intel chips, which is unsettling if even a fraction of those are used in government networks.21 McKay | 4 Even the most secure organizations are vulnerable; in fact, because of secure programming practices, they may be even more susceptible.22 Spectre attacks break program isolation by accessing memory from a side channel through a series of conditional branches.23 Program isolation is what keeps memory protected by ensuring only the intended program can access that memory.24 When speculative execution places memory in the cache, it allows other programs to access that memory, breaking the isolation.25 Secure programming practices increase the likelihood of conditional branches because of the added safety checks of code verification. This increases the vulnerability of a system because the more conditional branches there are, the easier it is to exploit branch prediction.26 One area where this unintended effect can be seen is the case of In-Q-Tel, a talent scout for cutting-edge technologies for the US Intelligence Community. In-Q-Tel advocates secure programming practices and encourages private sector partners to adopt them as well27––but in shoring up their defenses against certain vulnerabilities, organizations have made themselves more vulnerable to Spectre attacks. Spectre is a significant national security threat. When Google's Jann Horn discovered Spectre in June 2017, he reported his findings to Intel, ARM, and AMD.28 In turn, Intel told Lenovo and Alibaba––two Chinese companies who informed their government months before at least portions of the USG knew about Spectre.29 US-CERT was not notified until the public release of the attack in January 2018.30 It is estimated the NSA/CSS knows about one-third of zero-day cyberattacks before they happen, so whether Spectre was a surprise to all sectors of the USG is still a question.31 Even if the NSA/CSS did anticipate Spectre, they likely still share the problems that others do with hardware vulnerabilities because so many personal and government computers are affected and it is unlikely that all NSA personnel had need-to-know access to Spectre.32 At the public release of Spectre, Intel claimed there had been no reports of a Spectre attack up to that point; however, because Spectre attacks are untraceable, it is not clear how a victim would know about the attack to report it.33 Since the Chinese government might have known about Spectre much earlier than the US, it is not out of the realm of possibility that China has leveraged this attack against US public or private sector systems.34 Additionally, Spectre has spawned many new and dangerous variants.35 One variation of Spectre, BranchScope, exploits branch prediction by systematically determining what the branch predictor guessed, and based on that information, what it will guess on the next conditional branch.36 Then, the memory changes in the cache are measured to extract data.37 BranchScope is significant because it circumvents certain Spectre mitigation efforts such as changing the timing of branches.38 As Spectre attacks become more advanced, they are also moving to attacking networks. Another new variant of Spectre, NetSpectre, has been shown to function over a network with remote access to steal protected passwords.39 This is especially concerning because a network encompasses a large attack surface, or number of entry points that attackers can use to get into a system.40 Cloud memory services are likely targets for NetSpectre due to the size of the networks and the value of the data within––bank accounts, passwords, and other personal information.41 Spectre Next Generation, or Spectre-NG, was unveiled in August and has the potential to take control of a machine on a server and, like a virus, use it to attack all machines on the server.42 Seven other Spectre variants were also publicized in the same release. In the future, similar cyberattacks to Spectre may not only access data, they may corrupt it.43 This is of McKay | 5 primary concern to national security since the ability to alter system functionality of critical USG systems could have fatal consequences.44 Although Spectre attacks are potent, there are a number of challenges associated with launching a Spectre attack. First, due to the high degree of sophistication involved in a Spectre attack, it would take an attacker with a thorough understanding of the software and hardware architecture of the target to execute the attack successfully.45 Furthermore, Spectre does not extract data quickly, especially over a network.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    10 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us