5 août 2019 | Local, Sécurité

Hacker Community to Take on DARPA Hardware Defenses at DEF CON 2019

This month, DARPA will bring a demonstration version of a secure voting ballot box equipped with hardware defenses in development on the System Security Integrated Through Hardware and Firmware (SSITH) program to the DEF CON 2019 Voting Machine Hacking Village (Voting Village). The SSITH program is developing methodologies and design tools that enable the use of hardware advances to protect systems against software exploitation of hardware vulnerabilities. To evaluate progress on the program, DARPA is incorporating the secure processors researchers are developing into a secure voting ballot box and turning the system loose for public assessment by thousands of hackers and DEF CON community members.

Many of today's hardware defenses cover very specific instances or vulnerabilities, leaving much open to attack or compromise. Instead of tackling individual instances, SSITH researchers are building defenses that address classes of vulnerabilities. In particular, SSITH is tackling seven vulnerabilities classes identified by the NIST Common Weakness Enumeration Specification (CWE), which span exploitation of permissions and privilege in the system architectures, memory errors, information leakage, and code injection.

“There are a whole set of cyber vulnerabilities that happen in electronic systems that are at their core due to hardware vulnerabilities – or vulnerabilities that hardware could block,” said Dr. Linton Salmon, the program manager leading SSITH. “Current efforts to provide electronic security largely rely on robust software development and integration, utilizing an endless cycle of developing and deploying patches to the software firewall without addressing the underlying hardware vulnerability. The basic concept around SSITH is to make hardware a more significant participant in cybersecurity, rather than relegating system security only to software.”

Under the SSITH program, researchers are exploring a number of different design approaches that go well beyond patching. These include using metadata tagging to detect unauthorized system access; employing formal methods to reason about integrated circuit systems and guarantee the accuracy of security characteristics; and combining hardware performance counters (HPCs) with machine learning to detect attacks and establish protective fences within the hardware. One team from the University of Michigan is developing a novel security approach that changes the unspecified semantics of a system every 50 milliseconds. Currently, attackers continuously probe a system to locate these undefined sections and, over time, are able to create a system map to identify possible hacks. By changing the construct every 50 milliseconds, attackers do not have enough time to find those weaknesses or develop an accurate representation of the system as a whole.

To evaluate the hardware security concepts in development on the SSITH program, DARPA – working with Galois – is pursuing a voting system evaluation effort to provide a demonstration system that facilitates open challenges. The program elected to use a voting system as its demonstration platform to provide researchers with an accessible application that can be evaluated in an open forum. Further, the topic of election system security has become an increasingly critical area of concern for the hacker and security community, as well as the United States more broadly.

“DARPA focuses on creating technologies to enhance national defense, and election system security falls within that remit. Eroding trust in the election process is a threat to the very fabric of our democracy,” noted Salmon.

While protecting democracy is a critical national defense issue, SSITH is not trying to solve all issues with election system security nor is it working to provide a specific solution to use during elections. “We expect the voting booth demonstrator to provide tools, concepts, and ideas that the election enterprise can use to increase security, however, our true aim is to improve security for all electronic systems. This includes election equipment, but also defense systems, commercial devices, and beyond,” said Salmon.

During DEF CON 2019, the SSITH voting system demonstrator will consist of a set of RISC-V processors that the research teams will modify to include their SSITH security features. These processors will be mounted on field programmable gate arrays (FPGAs) and incorporated into a secure ballot box. Hackers will have access to the system via an Ethernet port as well as a USB port, through which they can load software or other attacks to challenge the SSITH hardware. Since SSITH's research is still in the early stages, only two prototype versions of the 15 processors in development will be available for evaluation.

“At this year's Voting Village, hackers may find issues with the processors and quite frankly we would consider that a success. We want to be transparent about the technologies we are creating and find any problems in these venues before the technology is placed in another venue where a compromise could be more dangerous,” said Salmon.

Following DEF CON 2019, the voting system evaluation effort will go on a university roadshow where additional cybersecurity experts will have an opportunity to further analyze and hack the technology. In 2020, DARPA plans to return to DEF CON with an entire voting system, which will incorporate fixes to the issues discovered during the previous year's evaluation efforts. The 2020 demonstrator will use the STAR-Vote system architecture, which is a documented, open source architecture that includes a system of microprocessors for the voting booth, ballot box, and other components. It also includes a verifiable paper ballot, providing both digital and physical representations of the votes cast within the booth.

“While the 2020 demonstrator will provide a better representation of the full attack surface, the exercise will not result in a deployable voting system. To aid in the advancement of secure election equipment as well as electronic systems more broadly, the hardware design approaches and techniques developed during the SSITH program will be made available to the community as open-source items,” concluded Salmon.

https://www.darpa.mil/news-events/2019-08-01

Sur le même sujet

  • Swedish companies like Saab, a best-fit for Canada’s innovation agenda

    7 mai 2019 | Local, Aérospatial

    Swedish companies like Saab, a best-fit for Canada’s innovation agenda

    By Simon Carroll Like Canadians, Swedes are natural innovators. When faced with challenges like a shifting global economy, the threat of climate change or the rapidly evolving landscape of modern national defence – both countries adapt and innovate based on evidence, reason and shared progressive values. This is so much the case that Swedish and Canadian governments are both actively implementing innovation agendas intended not only to grow their respective high-tech and aerospace industries (among others) from the inside-out, but to help them access and leverage the very best global talent and expertise in these fields. Canada's Innovation and Skills Plan, for instance, seeks to encourage greater business investments in research and to capitalize on Canadian inventions through “shared risk taking and partnerships”. The more Canada and Sweden build and use these partnerships to innovate together, the stronger both countries will be, now and in the future. At Saab, we believe opportunities to develop and grow partnerships with Canadian government and industry are not only a ‘good fit' – we believe these opportunities will help actualize Canada's ambitious innovation vision for decades to come. In large part, Swedish companies are well-positioned to help Canada reach its innovation goals because innovation is inherent in their DNA. Sweden is consistently judged one of the world's most innovative countries by the annual Bloomberg Innovation Index, which placed Sweden second in 2018 (behind South Korea and ahead of Singapore, Germany and Switzerland), and by the World Intellectual Property Organization's Global Innovation Index, which ranks Sweden among the top three countries. This level of recognition is well-earned. Swedes are early adopters of new technologies, are highly trend-sensitive and, collectively, produce one per cent of the world's knowledge while constituting less than one-thousandth of the world's population. The Swedish government formalized this innovative spirit in 2001 when it created the national Innovation Agency, Vinnova – one of the first of its kind in the world. Of course, Sweden has long been home to a suite of classically innovative and instantly-recognizable brands like Volvo, Ikea, and Ericsson, but its government's exceptional focus on innovation in recent decades has grown this small but mighty nation's startup hub into a full-blown entrepreneurial powerhouse. By no coincidence, Sweden has produced more “$100 million-plus IPO exits” than any other country in the world, with examples including popular music streaming platform Spotify and the financial technology company iZettle. Having research-intensive companies, such as Saab, is yet another reason Sweden does so well in global innovation rankings. The majority of Saab's people are trained engineers and around 23 per cent of its total revenues are spent on research and development (R&D) every year. That's a lot compared with other companies, but it's what it takes to think ahead and develop products and solutions with future capabilities in mind. The Swedish approach to future technology generation is one that actively combines government- and university-based research and development capabilities with those of industry to solve common problems and to develop new, unique solutions. Harnessing the unique talents and energy contributed by each of these spheres builds a strong engine for innovative thinking and new technology development – all of which is central to Saab's corporate ethos. Saab Canada is already an extensive supplier of military equipment to the Canadian Armed Forces – from radars and sensors for the Royal Canadian Navy to ground combat weapons and signature management systems for the Canadian Army – as well as supplying transponders to the Canadian Coast Guard and maritime traffic management systems to the Great Lakes Pilotage Authority. Saab is also partnered with many small, medium and large-sized Canadian companies up and down its supply chain, across all of its product areas from Nova Scotia-based MilAero for electrical cable assemblies, to Bombardier with its Global 6000 business jet used for GlobalEye, an airborne early warning and control solution. As a contender for Canada's future fighter jet program, Saab's ‘future-proof' Gripen E aircraft presents even greater opportunities for collaboration and development activities between the military and aerospace sectors of both countries. These kinds of partnerships mean that Canadian companies not only benefit from Saab's innovative thinking, but are also empowered to further develop their own, Canadian-made innovations that can then be exported worldwide – generating economic benefits right here in Canada. Looking to the future, Saab will continue working closely with our Canadian partners to pursue opportunities here and abroad, where we can build on existing collaboration and continue to strengthen the innovation that runs deep in our respective countries. https://ipolitics.ca/2019/05/06/swedish-companies-like-saab-a-best-fit-for-canadas-innovation-agenda/

  • Plan to buy more fighter jets puts Canada on hook for bigger share of F-35 costs

    31 janvier 2019 | Local, Aérospatial

    Plan to buy more fighter jets puts Canada on hook for bigger share of F-35 costs

    Lee Berthiaume, The Canadian Press OTTAWA -- Canada is being forced to shoulder a bigger share of the costs of developing F-35 fighter jets even though it has not decided whether it will actually buy any. Canada is one of nine partner countries in the F-35 project, each of which is required to cover a portion of the stealth fighter's multibillion-dollar development costs to stay at the table. Each country pays based on the number of F-35s it's expecting to buy. Canada has pitched in more than half-a-billion dollars over the last 20 years, including $54 million last year. But that amount was based on the Stephen Harper government's plan to buy 65 new fighter jets to replace Canada's aging CF-18s, which the Trudeau government has since officially increased to 88. Even though Canada has not committed that those 88 jets will be F-35s, the Department of National Defence says that change means it will have to pay more to remain a partner -- including about $72 million this year. "Canada's costs under the F-35 (partnership agreement) are based on an intended fleet size," Defence Department spokeswoman Ashley Lemire said in an email. "Canada changed its fleet size within the F-35 (agreement) from 65 to 88 aircraft to align with government decisions on the size of the intended permanent fighter fleet to be acquired through competition and the payment increased accordingly." As each partner contribution is determined annually, based on the overall cost of the F-35 development program for that specific year, Lemire said she could not provide details how much more Canada will have to pay. The F-35's development costs have been a constant source of criticism over the life of the stealth-fighter program, which Canada first joined under the Chretien government in 1997. The entire program is believed to have already cost more than US$1 trillion. The Trudeau government says it plans to keep Canada in the F-35 development effort until a replacement for the CF-18s is chosen -- partners in the development work can buy the planes at a lower price and compete for work associated with their production and long-term maintenance. Canadian companies have so far won more than $1.2 billion in contracts related to the F-35, according to the government. The F-35 is one of four planes slated to participate in the $19-billion competition that the government plans to launch this spring, the others being Boeing's Super Hornet, Eurofighter's Typhoon and Saab's Gripen. The competition isn't scheduled to select a winner until 2021 or 2022, meaning Canada will be on the hook for several more payments. The first new aircraft is expected in 2025 and the last in 2031, when the CF-18s will be phased out. F-35 maker Lockheed Martin says more than 350 of the stealth fighters have been delivered to different countries, while Israel became the first country to use the plane in combat last year when two of the jets struck targets in neighbouring Syria. Acting U.S. defence secretary Patrick Shanahan, a former Boeing executive, nonetheless criticized the program on Monday, saying it "has room for a lot more performance." "I am biased toward performance," he was quoted as saying when asked if he is biased toward Boeing. "I am biased toward giving the taxpayer their money's worth. And the F-35, unequivocally, I can say, has a lot of opportunity for more performance." https://www.ctvnews.ca/politics/plan-to-buy-more-fighter-jets-puts-canada-on-hook-for-bigger-share-of-f-35-costs-1.4275372

  • Canadian surveillance satellite system now operational

    30 décembre 2019 | Local, Aérospatial

    Canadian surveillance satellite system now operational

    DAVID PUGLIESE, OTTAWA CITIZEN Canada's RADARSAT Constellation Mission is now operational and federal government departments will start receiving data from the surveillance and earth observation satellites. The RADARSAT Constellation Mission, or RCM, was launched June 12 aboard a SpaceX Falcon 9 rocket from Vandenberg Air Force Base in California. The constellation of three satellites will provide daily images of Canada's territory and maritime approaches, as well as images of the Arctic, up to four times a day, according to the Canadian Space Agency. It will have daily access to 90 per cent of the world's surface. The RCM is also equipped with an Automatic Identification System (AIS), allowing improved detection and tracking of ships, including those conducting illegal fishing, the CSA noted. The constellation is orbiting Earth at an altitude of 600 km. Each of the satellites has a life expectancy of seven years. The Canadian government owns the satellites. The three spacecraft were assembled in the Montreal area by the prime contractor MDA. Over a dozen federal government departments and agencies will use RCM images. It is estimated that the Canadian government will use approximately 250,000 images from the satellite constellation every year. That represents a fiftyfold increase from the days of the first RADARSAT-1 system, according to the Canadian government. The majority of the data transmitted from RCM is expected to be used by the Canadian Forces and the Department of National Defence. RCM follows the highly successful RADARSAT-1, launched by NASA in 1995, and RADARSAT-2, put into orbit by the Russians in 2007. Initial work on RCM began in 2005. The project cost an estimated $975 million. The RCM project was led by the Canadian Space Agency and supported by its principal users: the Department of National Defence, Fisheries and Oceans Canada, Agriculture and Agri-Food Canada, Environment Canada, Natural Resources Canada and Public Safety Canada. https://ottawacitizen.com/news/national/defence-watch/canadian-surveillance-satellite-system-now-operational

Toutes les nouvelles