eweekchat

Confidential Computing
JOIN US: This is a chat-based conversation about how a newly recognized trend in IT security that follows data all the way through the transom and protects it at every stage--including when it's processing. Join us!
   5 years ago
#eweekchatNext-Gen Cloud ServicesJOIN US: This is a chat-based conversation about new types of cloud (and cloud delivery) services, which are becoming more pervasive and diversified than ever. We are becoming more dependent on the cloud each day--especially during the COVID-19 pandemic. Join us!
   5 years ago
#eweekchatLegacy Company InnovationJOIN US: This is a chat-based conversation about how companies that have become standard providers are--or are not--continuing to be creative. New competitors are entering the markets all the time, so the pressure is on. Join us!
Timeline
Chris Preimesberger
Q3: CC enables data to be continuously encrypted, whether it's being processed, moved, distributed or stored. Where are the potential soft spots in this process for hackers?
[+] Show Hidden Comments
[-]
Pete Jarvis
Key access - never under estimate the ability to compromise humans :-)
[-]
Rodrigue Hajjar
A3: in the past, attacks against TPM modules have been very low-level e.g: relying on physically sniffing the bus (https://pulsesecurity.co.nz/articles/TPM-sniffing). Future attacks may be found on a similar level, rather than in software.
https://pulsesecurity.co.nz/articles/TPM-sniffing
Extracting BitLocker keys from a TPM
Extracting BitLocker keys from a TPM
Extracting BitLocker keys sealed with a TPM by sniffing the LPC bus
[-]
Chris Preimesberger
@rodrigue_ Great point
[-]
Pete Jarvis
@rodrigue_ My sense is one has to change the game to win. Confidential Computing (CC) is a component of an ongoing battle between attack and defense. You have to change the economics of the attack to be more that the cost of defense.
[-]
Pete Jarvis
The NIST Cyber Security Framework through support to the five functions; Identify, Protect, Detect, Respond, and Recover does a good job of articulating our current situation and actions.
[-]
Pete Jarvis
Useful reading in my view
https://www.nist.gov/cyberframework

(edited)

[-]
Chris Preimesberger
Nice, thanks, Pete!
[-]
Pete Jarvis
Today, everyone has a great safe, the problem is that every instance has the same security code. Why? If I hack one I can hack all the safe of the same type and version. Thus, data integrity and data movement and usage are key to secure.
Chris Preimesberger
Q3 coming right up ...
[+] Show Hidden Comments
Seth Knox
A2. IoT, mobile, Key/Secretes Management, Multi-party computation, public cloud apps, PoS devices are all good use cases for confidential computing. This white paper from the @confidentialC2 is a good resource on the use cases https://confidentialcomputing.io/white-papers/
[+] Show Hidden Comments
[-]
Pete Jarvis
One of the core problems I feel we have at the moment is the idea of certification of the stack. I have a list of certificates that I trust - great. If I can insert myself into that certificate chain - I am fox in a hen house. :-)
[-]
Pete Jarvis
@TechnoPhobe01 Consider, Apple they certified malware as OK, at that point I am very happy that you trust me.
[-]
Pete Jarvis
The example I use is "rm -rf *", in one context that is a good commend, in another it is a very bad commend. Can we train and AI system or monitoring system to distinguish which is which? :-)

(edited)

Bruce Kornfeld
A2: Very interesting concept. Edge and IoT typically means smaller and smaller form factors - but - with Moore's Law continuing, these TEE with hardware and chipsets are available even at the edge.
[+] Show Hidden Comments
[-]
Jack Gold
In fact, TEE has been around in ARM chips (and x86) for years, trouble is, many vendors don't make use of it because they cut corners to save on costs
[-]
Bruce Kornfeld
Will we be able to defend against ALL new attack surfaces? well....CC will help...but I don't think you can ever say "All"
[-]
Jack Gold
Agreed. Its a leap frogging problem... I make a defensive move and you make one better...

(edited)

[-]
Dave Thaler
Agree, TEEs themselves don't address attacks like social engineering or physical theft. They must be paired with classic physical security appropaches.
[-]
Bruce Kornfeld
@jckgld agreed. we see that changing over the coming months and quarters.
[-]
Jack Gold
Yes, but we still will have legacy systems to deal with that are exposed, and that will remain with us for a long time...
[-]
Pete Jarvis
A core problem with edge and IOT is computational power. A key aspect is that you want to remove security observer overhead. This is something that is close to my heart ;-)
[-]
Bruce Kornfeld
More places to put up wall the better, right? But I do see your point about computational power. Intel/AMD/ARM should be solving that part of the equation - that's one of the things that keeps our industry advancing!
[-]
Pete Jarvis
Chuckle, it is a problem I work on, check out Moving target Defense - we approach the problem differently.
[-]
Bruce Kornfeld
Will do, Pete. Sounds interesting.
Jack Gold
A2 In the not too distant future (5-10 years), most encryption will be broken by Quantum Computing, so its imperative we look for quantum safe encryption, and that includes in the internals of traditional computing systems
[+] Show Hidden Comments
[-]
Chris Preimesberger
Wow. It's never too early to look at the potential impact of future IT like quantum. But is it practical to invest in this at this early stage?
[-]
Jack Gold
Its likely to take us 5+ years to upgrade all the embedded encrypted systems we use, so yes, its time to start looking at it seriously... If we wait, it will be too late
[-]
Bruce Kornfeld
Quantum computing is interesting...but I just don't see that having a real practical impact anytime soon. In fairness - you say 5-10 years...so I can see that point.
[-]
Pete Jarvis
One time keypads (OTP) are arguably defensible against Quantum computing. The problem is key distribution, it is worth looking into. There is a lot of research into key distribution for the above reasons.

https://pastebin.com/raw/XSsyUb0f
https://pastebin.com/raw/XSsyUb0f
https://pastebin.com/raw/XSsyUb0f
https://pastebin.com/raw/XSsyUb0f
[-]
Chris Preimesberger
So Pete, you're talking about keypads that blow up after you use them once?
[-]
Pete Jarvis
Yes, however you can use them as a bootstrap mechanism. They are very secure (chuckle) the problem is not the keypad it is sharing the keypad.
[-]
Pete Jarvis
OTP is a beautiful thing, you can insert temporal and location entropy to make the retrieval possible. i.e. Meet me here in the either at this time, present this credential and I'll give you a one time keypad. Rinse, repeat.
Chris Preimesberger
Q2: Will we still be able to defend all the new attack surfaces using this CC method in IoT, edge computing and mobile computing?
[+] Show Hidden Comments
[-]
Rodrigue Hajjar
A2: We have been seeing more high profile attacks while data is being used (memory-scraping). Confidential computing helps alleviate some of that responsibility though I do think there are still important security practices for software engineers to use and keep in m
[-]
Chris Preimesberger
@rodrigue_ Good point, Rodrigue. Can you offer a couple of examples of those important security practices?
[-]
Jack Gold
It has to be a combined effort - both the HW and SW have to maximize security to make either work effectively
[-]
Pete Jarvis
A core problem today is that "An attacker only needs to find a single weakness to exploit all like systems." Why? All software today is distributed a single clone instance. This means that an exploit for one, will work for all of the same OS version.
[-]
Pete Jarvis
There is a gap today in security, the time between discovery of an exploit and its patching. That period is what we call the patch gap. You have no defense if connected to the internet.
[-]
Pete Jarvis
A great example of this was Dell, and Sonic wall - Dell didn't release a second patch and the hacker go into the Cayman Island bank. Dell is a leader in security threat mitigation, it took just one omission to gain access.

(edited)

[-]
Pete Jarvis
@TechnoPhobe01 The problem is not people, expertise or diligence or lax company processes. It is mathematics, in that it only takes one exploit to win as a cyber attacker.
[-]
Pete Jarvis
This is why data integrity and security is becoming so important.
[-]
Pete Jarvis
Read section 4 onwards https://pastebin.com/raw/XSsyUb0f

(edited)

https://pastebin.com/raw/XSsyUb0f
https://pastebin.com/raw/XSsyUb0f
https://pastebin.com/raw/XSsyUb0f
[-]
Jack Gold
Exactly correct. And all the derivatives of the system are also exposed once a flaw is discovered. Often weak components make there way into systems for generations (Cisco routers had this issue)
[-]
Rodrigue Hajjar
For software engineers: Encrypt the data in storage, encrypt the data in transit. Don't re-invent the wheel with encryption, use existing proven protocols and mechanisms. I like to share this internally: https://github.com/OWASP/
https://github.com/OWASP/
OWASP
OWASP
The OWASP Foundation. OWASP has 747 repositories available. Follow their code on GitHub.
[-]
Bruce Kornfeld
so does this argument mean CC isn't as important?
Chris Preimesberger
Q2 on deck ...
[+] Show Hidden Comments
Jack Gold
A1 CC is more than just protecting data, which we do, more or less, reasonably well with encryption. Its about protecting the compute logic associated with the utilization of data. Its about the apps, transmission, storage and more which we do poorly in many cases.
[+] Show Hidden Comments
[-]
Chris Preimesberger
Thank you, Jack. Protecting the compute logic is a key term.
Seth Knox
A1: Confidential Computing protects data in use by performing computation in a
hardware-based Trusted Execution Environment. These secure and isolated
environments prevent unauthorized access or modification of applications
and data while they are in use, thereby increasing th
[+] Show Hidden Comments
[-]
Chris Preimesberger
Thanks, Seth. Do you do security for a company called Samsung? ;-)
Chris Preimesberger
Q1 addendum: So CC (shortcut!) means protecting data from creation to cold storage, and everything in between. Isn't that what we're doing right now?
[+] Show Hidden Comments
[-]
Bruce Kornfeld
"from creation to cold storage" is very broad. Until CC, protecting data while its being computed wasn't commonplace or easy to do.
[-]
Chris Preimesberger
@brucekornfeld Thanks for the alignment in terminology! CC, then really involves data in creation and in transit. Fair statement?
[-]
Bruce Kornfeld
Yes - a TEE (Trusted Execution Environment) could include both data in movement and creation, but the common denominator is that its about computing - inside a computer. Data in transit outside the box is protected in other ways.
[-]
Pete Jarvis
@brucekornfeld Agreed
[-]
Pete Jarvis
A problem we increasingly see is the creation of false data. You have to be able to verify the data has not been tampered with.
[-]
Pete Jarvis
@TechnoPhobe01 Consider for example, sensor data that we use to model a large system. We have to be able to verify the data has not been tampered with. The Iraq nuclear hack copied the data from the system then played it back. Meanwhile increasing rotation speed.
[-]
Rodrigue Hajjar
Nicely said @brucekornfeld .
Client <--We know how to transit data securely--> Server <--We know how to store securely--> DB
We have had secure enclaves on smartphones for a while now.
CC is a good addition to the server piece, whenever we need to work with data.