5 août 2019 | Local, Sécurité

Hacker Community to Take on DARPA Hardware Defenses at DEF CON 2019

This month, DARPA will bring a demonstration version of a secure voting ballot box equipped with hardware defenses in development on the System Security Integrated Through Hardware and Firmware (SSITH) program to the DEF CON 2019 Voting Machine Hacking Village (Voting Village). The SSITH program is developing methodologies and design tools that enable the use of hardware advances to protect systems against software exploitation of hardware vulnerabilities. To evaluate progress on the program, DARPA is incorporating the secure processors researchers are developing into a secure voting ballot box and turning the system loose for public assessment by thousands of hackers and DEF CON community members.

Many of today's hardware defenses cover very specific instances or vulnerabilities, leaving much open to attack or compromise. Instead of tackling individual instances, SSITH researchers are building defenses that address classes of vulnerabilities. In particular, SSITH is tackling seven vulnerabilities classes identified by the NIST Common Weakness Enumeration Specification (CWE), which span exploitation of permissions and privilege in the system architectures, memory errors, information leakage, and code injection.

“There are a whole set of cyber vulnerabilities that happen in electronic systems that are at their core due to hardware vulnerabilities – or vulnerabilities that hardware could block,” said Dr. Linton Salmon, the program manager leading SSITH. “Current efforts to provide electronic security largely rely on robust software development and integration, utilizing an endless cycle of developing and deploying patches to the software firewall without addressing the underlying hardware vulnerability. The basic concept around SSITH is to make hardware a more significant participant in cybersecurity, rather than relegating system security only to software.”

Under the SSITH program, researchers are exploring a number of different design approaches that go well beyond patching. These include using metadata tagging to detect unauthorized system access; employing formal methods to reason about integrated circuit systems and guarantee the accuracy of security characteristics; and combining hardware performance counters (HPCs) with machine learning to detect attacks and establish protective fences within the hardware. One team from the University of Michigan is developing a novel security approach that changes the unspecified semantics of a system every 50 milliseconds. Currently, attackers continuously probe a system to locate these undefined sections and, over time, are able to create a system map to identify possible hacks. By changing the construct every 50 milliseconds, attackers do not have enough time to find those weaknesses or develop an accurate representation of the system as a whole.

To evaluate the hardware security concepts in development on the SSITH program, DARPA – working with Galois – is pursuing a voting system evaluation effort to provide a demonstration system that facilitates open challenges. The program elected to use a voting system as its demonstration platform to provide researchers with an accessible application that can be evaluated in an open forum. Further, the topic of election system security has become an increasingly critical area of concern for the hacker and security community, as well as the United States more broadly.

“DARPA focuses on creating technologies to enhance national defense, and election system security falls within that remit. Eroding trust in the election process is a threat to the very fabric of our democracy,” noted Salmon.

While protecting democracy is a critical national defense issue, SSITH is not trying to solve all issues with election system security nor is it working to provide a specific solution to use during elections. “We expect the voting booth demonstrator to provide tools, concepts, and ideas that the election enterprise can use to increase security, however, our true aim is to improve security for all electronic systems. This includes election equipment, but also defense systems, commercial devices, and beyond,” said Salmon.

During DEF CON 2019, the SSITH voting system demonstrator will consist of a set of RISC-V processors that the research teams will modify to include their SSITH security features. These processors will be mounted on field programmable gate arrays (FPGAs) and incorporated into a secure ballot box. Hackers will have access to the system via an Ethernet port as well as a USB port, through which they can load software or other attacks to challenge the SSITH hardware. Since SSITH's research is still in the early stages, only two prototype versions of the 15 processors in development will be available for evaluation.

“At this year's Voting Village, hackers may find issues with the processors and quite frankly we would consider that a success. We want to be transparent about the technologies we are creating and find any problems in these venues before the technology is placed in another venue where a compromise could be more dangerous,” said Salmon.

Following DEF CON 2019, the voting system evaluation effort will go on a university roadshow where additional cybersecurity experts will have an opportunity to further analyze and hack the technology. In 2020, DARPA plans to return to DEF CON with an entire voting system, which will incorporate fixes to the issues discovered during the previous year's evaluation efforts. The 2020 demonstrator will use the STAR-Vote system architecture, which is a documented, open source architecture that includes a system of microprocessors for the voting booth, ballot box, and other components. It also includes a verifiable paper ballot, providing both digital and physical representations of the votes cast within the booth.

“While the 2020 demonstrator will provide a better representation of the full attack surface, the exercise will not result in a deployable voting system. To aid in the advancement of secure election equipment as well as electronic systems more broadly, the hardware design approaches and techniques developed during the SSITH program will be made available to the community as open-source items,” concluded Salmon.

https://www.darpa.mil/news-events/2019-08-01

Sur le même sujet

  • Lockheed Martin selected as preferred designer for Canada's next generation of warships

    21 octobre 2018 | Local, Naval

    Lockheed Martin selected as preferred designer for Canada's next generation of warships

    Murray Brewster · CBC News A group of companies led by multinational defence giant Lockheed Martin has been selected as the preferred designer for Canada's next generation of warships, the Liberal government said Friday. The announcement that the group's BAE Type 26 design won the design competition represents a significant step forward for the long-anticipated $60-billion program to replace the navy's aging fleet of frigates. "The Canadian Surface Combatant project is the largest, most complex procurement ever undertaken by the Government of Canada. These ships will form the backbone of our Royal Canadian Navy and will be Canada's major surface component of maritime combat power for decades to come," Public Services and Procurement Canada said in a press release. Procurement and defence officials say this is not the final step; they will now enter into negotiations with the winning bidder to confirm it can deliver everything promised in the complex proposal. (Some observers have compared the process to placing a conditional offer on a home.) The evaluation, which will take place over the winter, involves verifying the winning company's financial wherewithal to complete the project, confirming that the proposal meets the military's combat requirements and hammering down aspects of intellectual property licences. Cindy Tessier, head of communications for Lockheed Martin Canada, said today the company is "confident that our proposed solution meets the requirements established, offering the best ship for Canada, with the world's most advanced warship design ... "Our proposal is a true industry team effort, and we look forward to providing any additional information to the Government of Canada and Irving Shipbuilding. We are ready on Day 1." The federal government now says it expects to award the final design contract sometime over the winter. It could be 2023 before construction actually gets underway at the go-to yard for warships — Irving Shipbuilding of Halifax. But finally pulling the trigger on a designer is a "huge step," Dave Perry, an Ottawa-based procurement specialist at the Canadian Global Affairs Institute, said in an interview with CBC's Power & Politics. "There's a huge degree of interest in having this done by the spring, and certainly before the next election." Perry said the importance of this order should not be underestimated, as the new ships will provide the navy with the bulk of its ocean-going fleet — vessels that can be used in war, to protect trade routes or to deliver humanitarian aid. "They can basically do anything the government wants them to do," he said. Perry said the $60-billion contract to build the frigates will be a major boon for the Halifax shipyard in particular. "When the economic impact starts spinning, it's really going to be meaningful," he said. André Fillion, the assistant deputy minister of defence and marine procurement at Public Services and Procurement Canada, said if the federal government is not satisfied that the top bidder can deliver, it will open negotiations with the second-place team of companies. Alion Science and Technology, along with its subsidiary Alion Canada, had submitted their proposal based on the Dutch De Zeven Provinciën Air Defence and Command (LCF) frigate. Navantia, a Spanish-based company, headed a team that included Saab and CEA Technologies. Its proposal was based on the F-105 frigate design, a ship in service with the Spanish navy. "The former naval officer in me is very excited," said Pat Finn, a retired rear admiral who heads up the Department of National Defence's material branch. "I've been around this for a long time." Fillion would not say which aspect of the "due diligence assessment" will be the toughest to overcome. Prior to asking for ship design bids, federal procurement officials spent a lot of time dealing with issues related to intellectual property on the complex systems that will be put into the new warships. Obtaining the necessary clearances is essential in order for the federal government to be able to maintain the vessels in the future. Failure to do so could cost taxpayers untold tens of millions of dollars — perhaps hundreds of millions — over the five decades the ships are expected to be in service. Some design changes are expected after the federal government selects an official winner and a contract is in place. How many changes will be required is a critical question; Finn would only say he doesn't anticipate cutting steel on the new warships for up to four years. That fuzzy timeline means the program is already months behind schedule. The design competition was launched almost two years ago, when the Liberal government said selecting a foreign, off-the-shelf design would be cheaper and faster than building a warship from scratch. Finn acknowledged there will be a production gap at the Irving yard in Halifax of about 18 months between construction of the navy's Arctic offshore patrol ships and the frigate replacements. He added, however, that the federal government is looking at a variety of options to keep the yard humming, including refit work on the existing frigates and possibly building an additional patrol ship, or ships. https://www.cbc.ca/news/politics/lockheed-martin-selected-as-preferred-designer-for-canada-s-next-generation-of-warships-1.4869268

  • General Dynamics saw $1 billion bump after Canada-Saudi accord

    7 mai 2020 | Local, Terrestre

    General Dynamics saw $1 billion bump after Canada-Saudi accord

    By: Joe Gould   1 day ago WASHINGTON ― General Dynamics has received $1 billion since the renegotiation of a $10 billion contract for Canada to sell light armored vehicles to Saudi Arabia, company officials said on its first quarter earnings call. In a deal last month, Canada lifted its ban on arms sales to Saudi Arabia, which in turn agreed to a speedier payment schedule for the LAVs. Canada had the vehicles on hold since 2018, following the death of Saudi journalist Jamal Khashoggi; and by October, Saudi Arabia had racked up $1.5 billion in back payments to General Dynamics. Amid news on the April 29 call that the company's revenue fell $512 million in connection with the coronavirus pandemic, General Dynamics Chief Financial Officer Jason Aiken highlighted “the formal signing of the restructured contract on the Canadian international program, which settled all issues to the satisfaction of the parties.” “With respect to our standing receivable you may recall that we received $500 million early in the first quarter and we received another $500 million this month. This will be very helpful to free cash flow in the second quarter,” Aiken said. “We will begin a regular cadence of scheduled payments in 2021 consistent with deliveries and making further progress in the scheduled amortization of the arrearage.” The company's Combat Systems division had revenue of $1.7 billion, up 4.4 percent over the same quarter last year, and sales to the U.S. government were up 12 percent. The firm's aerospace business segment also had revenue of $1.7 billion, but that represented a 23 percent fall from the same quarter last year. On April 9, Canada's foreign affairs minister, François-Philippe Champagne, announced Ottawa was “able to secure significant improvements” to the LAV contract, including more latitude for the Canadian government to speak about it. Under the new terms, Canada could also delay or deny export permits without penalty if it learned Saudi Arabia was not using the vehicles for their stated purpose. Ottawa would also be reviewing permit applications on a case-by-case basis to ensure they meet Canadian law and the U.N. Arms Trade Treaty. Though the Trudeau government has been under political pressure to scrap the LAV deal over human rights concerns, Champagne said its cancellation would have “resulted in billions of dollars in damages” and risked thousands of Canadian jobs across the defense supply chain. The vehicles are made by the General Dynamics Land Systems subsidiary in London, Ontario. https://www.defensenews.com/congress/2020/05/07/general-dynamics-saw-1-billion-bump-after-canada-saudi-accord

  • Lockheed Martin Canada Awards L3HARRIS the Integrated Communications System Contract

    2 juin 2024 | Local, Naval

    Lockheed Martin Canada Awards L3HARRIS the Integrated Communications System Contract

    Lockheed Martin Canada has awarded L3Harris Technologies the Integrated Communications System for the Canadian Surface Combatant of the Royal Canadian Navy, aimed at bolstering their operational efficacy and security on maritime missions. 

Toutes les nouvelles