5 août 2019 | Local, Sécurité

Hacker Community to Take on DARPA Hardware Defenses at DEF CON 2019

This month, DARPA will bring a demonstration version of a secure voting ballot box equipped with hardware defenses in development on the System Security Integrated Through Hardware and Firmware (SSITH) program to the DEF CON 2019 Voting Machine Hacking Village (Voting Village). The SSITH program is developing methodologies and design tools that enable the use of hardware advances to protect systems against software exploitation of hardware vulnerabilities. To evaluate progress on the program, DARPA is incorporating the secure processors researchers are developing into a secure voting ballot box and turning the system loose for public assessment by thousands of hackers and DEF CON community members.

Many of today’s hardware defenses cover very specific instances or vulnerabilities, leaving much open to attack or compromise. Instead of tackling individual instances, SSITH researchers are building defenses that address classes of vulnerabilities. In particular, SSITH is tackling seven vulnerabilities classes identified by the NIST Common Weakness Enumeration Specification (CWE), which span exploitation of permissions and privilege in the system architectures, memory errors, information leakage, and code injection.

“There are a whole set of cyber vulnerabilities that happen in electronic systems that are at their core due to hardware vulnerabilities – or vulnerabilities that hardware could block,” said Dr. Linton Salmon, the program manager leading SSITH. “Current efforts to provide electronic security largely rely on robust software development and integration, utilizing an endless cycle of developing and deploying patches to the software firewall without addressing the underlying hardware vulnerability. The basic concept around SSITH is to make hardware a more significant participant in cybersecurity, rather than relegating system security only to software.”

Under the SSITH program, researchers are exploring a number of different design approaches that go well beyond patching. These include using metadata tagging to detect unauthorized system access; employing formal methods to reason about integrated circuit systems and guarantee the accuracy of security characteristics; and combining hardware performance counters (HPCs) with machine learning to detect attacks and establish protective fences within the hardware. One team from the University of Michigan is developing a novel security approach that changes the unspecified semantics of a system every 50 milliseconds. Currently, attackers continuously probe a system to locate these undefined sections and, over time, are able to create a system map to identify possible hacks. By changing the construct every 50 milliseconds, attackers do not have enough time to find those weaknesses or develop an accurate representation of the system as a whole.

To evaluate the hardware security concepts in development on the SSITH program, DARPA – working with Galois – is pursuing a voting system evaluation effort to provide a demonstration system that facilitates open challenges. The program elected to use a voting system as its demonstration platform to provide researchers with an accessible application that can be evaluated in an open forum. Further, the topic of election system security has become an increasingly critical area of concern for the hacker and security community, as well as the United States more broadly.

“DARPA focuses on creating technologies to enhance national defense, and election system security falls within that remit. Eroding trust in the election process is a threat to the very fabric of our democracy,” noted Salmon.

While protecting democracy is a critical national defense issue, SSITH is not trying to solve all issues with election system security nor is it working to provide a specific solution to use during elections. “We expect the voting booth demonstrator to provide tools, concepts, and ideas that the election enterprise can use to increase security, however, our true aim is to improve security for all electronic systems. This includes election equipment, but also defense systems, commercial devices, and beyond,” said Salmon.

During DEF CON 2019, the SSITH voting system demonstrator will consist of a set of RISC-V processors that the research teams will modify to include their SSITH security features. These processors will be mounted on field programmable gate arrays (FPGAs) and incorporated into a secure ballot box. Hackers will have access to the system via an Ethernet port as well as a USB port, through which they can load software or other attacks to challenge the SSITH hardware. Since SSITH’s research is still in the early stages, only two prototype versions of the 15 processors in development will be available for evaluation.

“At this year’s Voting Village, hackers may find issues with the processors and quite frankly we would consider that a success. We want to be transparent about the technologies we are creating and find any problems in these venues before the technology is placed in another venue where a compromise could be more dangerous,” said Salmon.

Following DEF CON 2019, the voting system evaluation effort will go on a university roadshow where additional cybersecurity experts will have an opportunity to further analyze and hack the technology. In 2020, DARPA plans to return to DEF CON with an entire voting system, which will incorporate fixes to the issues discovered during the previous year’s evaluation efforts. The 2020 demonstrator will use the STAR-Vote system architecture, which is a documented, open source architecture that includes a system of microprocessors for the voting booth, ballot box, and other components. It also includes a verifiable paper ballot, providing both digital and physical representations of the votes cast within the booth.

“While the 2020 demonstrator will provide a better representation of the full attack surface, the exercise will not result in a deployable voting system. To aid in the advancement of secure election equipment as well as electronic systems more broadly, the hardware design approaches and techniques developed during the SSITH program will be made available to the community as open-source items,” concluded Salmon.


Sur le même sujet


    31 mai 2019 | Local, C4ISR


    Le scanner 3D portable de classe métrologique permet maintenant d’inspecter les enfoncements et les assemblages sur tous les modèles d’avions commerciaux de Boeing Creaform, le leader mondial en solutions de mesure 3D portables et de solutions de contrôles non destructifs (CND), annonce aujourd’hui que son scanner 3D portable de classe métrologique HandySCAN 3D™ permet d’enregistrer les attributs physiques des enfoncements et des assemblages pour tous les modèles d’avions commerciaux de Boeing. Boeing a publié une lettre de service comprenant un guide pour l’utilisation des scanners 3D pour mesurer les enfoncements et les assemblages sur les avions. La solution SmartDENT 3D™ et le scanner HandySCAN 3D ont été utilisés pour le processus des exigences de qualité de Boeing dans la lettre de service. « Creaform est fier de constater que des leaders tels que Boeing se tournent vers des solutions de numérisation 3D pour l’inspection des défauts de surface. Avec SmartDENT 3D, notre objectif est de fournir le processus d’évaluation des dommages le plus précis possible à nos clients, afin qu’ils prennent des décisions sécuritaires et documentées, tout en remettant leurs avions en service », déclare Jérôme Beaumont, Responsable des ventes globales NDT chez Creaform. Aperçu des avantages de SmartDENT 3D : Vitesse : 80 fois plus rapide que la technique de jauge de profondeur. Il s’agit de l’outil d’inspection des dommages de surface pour avions le plus rapide et fiable disponible sur le marché. Mesures de qualité métrologiques pour la maintenance d'avion : Le scanner dispose d’une exactitude allant jusqu’à 0,025 mm, d’une résolution allant jusqu’à 0,100 mm, d’une répétabilité élevée et d’un certificat traçable. Évaluations de réussite/échec intuitives : Avec sa conception intuitive et la visualisation du logiciel en temps réel, les solutions de CND de Creaform garantissent des courbes d’apprentissage courtes et une influence minime de l’expérience de l’opérateur sur l’exactitude des résultats. Visualisation en direct et portabilité : Avec moins d’un kilo sur la balance, le scanner portable est l’outil parfait pour travailler dans les hangars ou directement à l’extérieur. Les utilisateurs peuvent facilement effectuer une inspection de surface 3D sur n’importe quelle pièce d’un avion sur lesquelles ils utiliseraient des techniques manuelles, y compris sur et sous les ailes. En plus de leur conformité avec la lettre de service de Boeing, les scanners HandySCAN 3D de Creaform sont cités dans le manuel de l’équipement technique d’Airbus, plus particulièrement dans leur manuel de réparation des structures. Les ingénieurs de la qualité et les opérateurs MRO souhaitant réduire leurs délais d'exécution et leur rentabilité peuvent contacter Creaform pour en apprendre davantage sur les solutions CND. https://www.creaform3d.com/fr/news/le-scanner-handyscan-3d-de-creaform-satisfait-aux-exigences-de-boeing

  • Canadian military ditches plan to paint new search-and-rescue planes grey, will stick with familiar yellow

    24 septembre 2018 | Local, Aérospatial

    Canadian military ditches plan to paint new search-and-rescue planes grey, will stick with familiar yellow

    David Pugliese, Ottawa Citizen Canada’s military has reversed its plan to abandon the familiar yellow paint scheme for the country’s new search-and-rescue planes after debate within the ranks over the aircraft’s need to be visible on such missions. The new fleet of 16 Airbus C-295W planes will replace the main Royal Canadian Air Force search-and-rescue fleet of Buffalo aircraft as well as the Hercules transport planes which are also used at times in a search-and-rescue role. Postmedia reported last year that RCAF leadership had requested the new planes be painted tactical grey, asking for a change to the original contract which had stipulated the familiar yellow colour scheme, because they wanted the aircraft to be available for other missions, including combat. But the move to the grey paint scheme has now been reversed. “While there was, last year, a stated interest in painting the C-295W grey, a decision was made following further consultation to maintain the iconic yellow colour scheme of the RCAF’s current SAR fleet, such as the Buffalo, Twin Otter, Cormorant and Griffon,” the Department of National Defence said in a statement Wednesday. “This colour, which provides a higher level of visibility and recognition in the ground and the air, is also widely known by Canadians — especially those who might find themselves in a situation requiring our aid.” Asked last year about the plan to ditch the yellow paint scheme, the Forces said in a statement to Postmedia that “the RCAF has made the decision to use a grey colour scheme for the C-295W fleet to enable surging flexibility for the very wide range of missions the RCAF is required to conduct, from humanitarian and disaster relief missions, to security missions with partners, and all the way to full spectrum operations.” Military sources said RCAF leadership wanted to redirect some of the planes for use on international missions instead of search-and-rescue. But that unilateral decision sparked heated debate inside the military and DND and, sources said, the air force was forced to abandon its plans. When the federal government awarded the contract to Airbus in December 2016, cabinet ministers highlighted the importance of having the right aircraft for the search-and-rescue job. “With this technology, we are giving our women and men in uniform the tools they need to continue to deliver effective and essential search and rescue operations,” defence minister Harjit Sajjan said at the time. Construction of the first aircraft began in 2017 and the first new planes are expected to be delivered in 2019. They are outfitted with sensors that allow RCAF personnel to share real-time information with searchers on the ground. Equipment also includes sensors for searching in low-light conditions. A centre, equipped with simulators, is being built at Comox, B.C. to support training for the air crews. The RCAF’s Buffalo and Hercules aircraft assigned to search and rescue perform more than 350 missions annually, according to the Canadian Forces. The Canadian military is responsible for providing aeronautical search and rescue operations. But the project to purchase the new planes has faced a rough road over the years. The competition was announced in 2004 by the then-Liberal government and re-announced by the Conservative government in 2006. But it took another decade before it could be completed and Airbus declared the winning company. Even then, Leonardo, an Italian aerospace firm, launched a lawsuit against Canada over what it claimed was a rigged purchase that favoured Airbus. That lawsuit was dropped earlier this year, shortly before the federal government awarded Leonardo a new sole-source deal potentially worth billions of dollars to upgrade Cormorant search-and-rescue helicopters. Officials with the Canadian Forces and Leonardo say the ending of the legal action in May had nothing to do with the company being picked for the new project the same month. https://nationalpost.com/news/canadian-military-ditches-plan-to-paint-new-search-and-rescue-planes-grey-will-stick-with-familiar-yellow

  • How Canada can leverage Biden's agenda as part of government relations reset

    25 janvier 2021 | Local, Aérospatial, Naval, Terrestre, C4ISR, Sécurité

    How Canada can leverage Biden's agenda as part of government relations reset

    Government can put focus on opportunities in new presidential agenda rather than on old irritants Colin Robertson · for CBC News Opinion · Posted: Jan 19, 2021 4:00 AM ET | Last Updated: January 19 This column is an opinion by Colin Robertson, a former Canadian diplomat and now vice-president and fellow at the Canadian Global Affairs Institute. For more information about CBC's Opinion section, please see the FAQ. Joe Biden's return to the White House, this time as president, gives Canada a chance to reset what has been a tempestuous ride with Donald Trump. Biden has set himself a formidable to-do list: the pandemic; economic recovery; climate; racial justice; restoring democracy. For Prime Minister Justin Trudeau's first meeting with Biden after his inauguration, the government needs to look closely at that agenda. Rather than focusing on the perennial irritants, it should identify where Canada can offer help and solutions, because we share many of these challenges. Biden's immediate priority is vaccinating Americans so the country can recover socially and economically from COVID-19, and Trudeau has the same focus. The multilateral response to the pandemic could have been much more effective and would have benefited all if our two nations had collaborated from the outset. But it's not too late to start. Some of our best practices will also have application in hard-pressed developing nations, and what better demonstration that "America is back" and "ready to lead the world," as Biden put it, than to work closer with Canada and share what we have jointly learned about dealing with this virus. On climate, if Biden rejoins the Paris Agreement as promised, Canada and the U.S. will be back in sync in terms of emission-reduction targets. Together, we need to look to November's Glasgow conference and what we want to accomplish there, as it will be both a stock-taking of Paris commitments and a setting of new goals. With this in mind, Trudeau should offer to lead a North American approach to carbon pricing, including instituting a border tax on imports from those nations that don't meet their climate commitments. Closer collaboration would also involve identifying best practices and areas for shared research, including initiatives at the state and provincial level. If Mexico were asked to join in, it would go a long way to reviving North American collaboration in other areas as well, like immigration and addressing some of the troubles involving Mexico's Central American neighbours. On the issue of mutual defence, unlike Trump, Biden has indicated he believes in collective security and that he embraces NATO. Meanwhile, our binational NORAD agreement needs renewal, and an Arctic strategy is the missing piece in Canada's defence policy. American presidents from Ronald Reagan on have told us that if Canada claims sovereignty over the North, then we must exercise it. If we dither, the U.S. will set the parameters for us. To avoid this, we need to quickly take the lead in proposing a joint strategy. Reinvesting in our Arctic would also spark a northern economic renaissance, as well as secure the critical minerals vital to advanced manufacturing. Joining Biden's proposed club of democracies also makes sense, especially if it focuses on human rights, development goals, setting digital standards, and strengthening nascent democracies. Likewise, standing up to the authoritarians, especially China, is overdue. China's a la carte approach to multilateralism means scooping up the benefits of globalization while ignoring the rules and conventions of global institutions. As a result, China will likely dominate the Biden administration's foreign and security policy deliberations. As part of those deliberations, Canada needs President Biden to promise that any deal lifting the U.S. extradition request for Meng Wanzhou will include freeing the two Michaels – Canadians Kovrig and Spavor, detained in China since December 2018. With Canada having about 300,000 expatriates at risk in Hong Kong, we should also offer to co-lead, with Britain, a G7 approach to sustaining the liberties that China guaranteed to Hong Kong. And we must carefully strategize confrontations involving the U.S. itself. In his first conversation with the president-elect on Nov. 9 after the U.S. election, Prime Minister Trudeau pressed him on the Keystone XL pipeline that Biden has repeatedly pledged to rescind. The arguments supporting Keystone XL are unchanged: as one of 70 pipelines that crisscross our border, it safely supplements American energy independence with a secure and reliable supply of oil. And innovations by oilsands producers have significantly reduced the industry's environmental footprint. Biden already knows all this. But could he really be expected to go back on his promise to environmentalists, a key constituency in his fragile Democratic government? Leading with your chin is a bad idea, and Canada needs to be pragmatic. Indeed, reports Sunday indicated that Biden plans to rescind permission for the pipeline in his first day in office. If that turns out to be the case, Keystone XL is an important issue that requires ongoing attention through different levels of government, but we also need to be realistic in our expectations. The Harper government made Keystone XL the litmus test of its relationship with the Obama administration and it was a mistake, frustrating progress on other issues. Meanwhile, a pipeline we should be vigorously defending is the 65-year-old Line 5 that Michigan Governor Gretchen Whitmer wants closed. This pipeline supplies about 45 per cent of the crude oil used by Ontario and Quebec. Let's also be realistic about Buy American, which is integral to Biden's trillion-dollar Made in America and Build Back Better initiatives. It's equally unlikely that he'll back away from these plans, but we should remember how Canada finessed former president Barack Obama's big build economic recovery initiative. With state-level procurement outside of the NAFTA deal, then-prime minister Stephen Harper turned to the Council of the Federation. Led by premiers Brad Wall and Jean Charest, they negotiated a reciprocity agreement with their governor counterparts that gave Canadians a piece of the pie. Keystone XL and Buy America remind us that our close, deep and profitable U.S. trade relationship requires a calibrated approach involving different levels of government. Several of the provinces have representation in Washington. Quebec has long had offices throughout the U.S., for example, and provincial efforts complement those of our Embassy and consulates; indeed on issues like Keystone they effectively lead. The Canadian tendency to push it all to the top-level leaders is self-defeating. When presidents meet with prime ministers, they expect top-table discussions befitting G7 and G20 leaders. Effective relations with the new Biden administration will mean dealing with problems at the appropriate level – including cabinet officers, premiers and governors, and our ambassadors. This obliges us to invest in our diplomatic service so that we can bring their intelligence-gathering to the negotiating table. The new U.S. administration wants to reset relationships with its friends and allies. By seizing this opportunity and being creative in identifying solutions to our shared interests, as well as leveraging opportunities through multiple levels of government, we ultimately advance Canadian interests. A welcome mat at the White House magnifies Canada's influence with the rest of the world. https://www.cbc.ca/news/opinion/opinion-biden-trudeau-relations-1.5873231

Toutes les nouvelles