PC/Internet Banking and Security
Presentation to the IEEE (Queensland Branch) Bond University Gold Coast, Qld. 26 October 2004 Prof William J Caelli, AO
26 Oct 2004
IEEE (Qld) - W. Caelli
1
�Theme:
• PC, as is, is unsuitable for safe and secure Internet based banking services, at home or anywhere and to claim it is could be classed as deceptive.
• User authentication – only half the problem • Real problem - trusted paths • Minimum needed is add-on hardware / crypto module / data-entry & display
26 Oct 2004 IEEE (Qld) - W. Caelli 2
�ATTITUDE ENVIRONMENT MARKET 1980s
IBM Advertisement, BYTE Magazine : Dec. 1985.
21ST CENTURY INHERITANCE
26 Oct 2004 IEEE (Qld) - W. Caelli 3
�INTEGRATION & “END-TO-END” SECURITY
“.. hardware on which applications run must be secure, as must the operating system and run time environment in between, while offering a reasonable API for application developers…
.. applications cannot be more secure than the kernel functions they call, and the operating system cannot be more secure than the hardware that executes its commands..”
Dyer et al – “Building the IBM 4758 Secure Coprocessor” IEEE Computer, October 2001.
26 Oct 2004 IEEE (Qld) - W. Caelli 4
�Image Credits: "LaGrande Architecture" presentation by David Grawrock, delivered at Intel Developer Forum, September 2003. http://www.intel.com/idf/us/fall2003/presentations/F03USSCMS18_OS.pdf
26 Oct 2004
IEEE (Qld) - W. Caelli
5
�Protecting Secrets in Windows 95, Windows 98, Windows ME and Windows CE (Pg 315)
“.. if the data being secured is high-risk (such as medical data), use Windows 95, Windows 98, HOME / INTERNET Windows ME, or Windows CE BANKING only if you get a key from a user REQUIRES A or an external source to encrypt and decrypt the SECURE ENVIRONMENTdata.
Microsoft Corp., 2003 ISBN 0-7356-1722-8
26 Oct 2004
.. These platforms cannot be used in secure environments.”
IEEE (Qld) - W. Caelli 6
�15 March 2004
26 Oct 2004
IEEE (Qld) - W. Caelli
7
�VENDOR ESCAPE: MICROSOFT (Mundie, 8 Oct. 2002, RSA, Paris) • Question: 25 years to go “trustworthy” ? • Reply: • “Customers wouldn’t pay for it until recently. • “Information officers ..only recently begun to demand security.” • “.. Only in last 10 years that Microsoft has attempted to play in the security-requiring worlds of banking, payroll and networked systems…”
26 Oct 2004 IEEE (Qld) - W. Caelli 8
�“Windows 2000 ….. once in kernel mode, • operating system and OS/2 ! • device driver code has complete access to system space memory and
can bypass Windows 2000 security..
…the bulk of the Windows 2000 operating system code runs in kernel mode…”
D Solomon & M Russinovich “Inside Microsoft Windows 2000” (Third Edition)
26 Oct 2004 IEEE (Qld) - W. Caelli 9
�Microsoft .Net
“ Currently the .NET common language runtime and .NET framework offer no service for storing secret information in a secure manner, and storing a password in plaintext in an XML file is not raising the bar very high!... Today the only way to protect secret data from managed code is to call unmanaged code…”
Pg.329
M Howard & D LeBlanc, “Writing Secure Code”, 2nd Edition “Required reading at Microsoft” – Bill Gates (Cover)
26 Oct 2004 IEEE (Qld) - W. Caelli
10
�26 Oct 2004
IEEE (Qld) - W. Caelli
11
�PASSWORDS, TOKENS and BIOMETRICS are finally just “bits”
AUTHENTICATION • trust in end-to-end operation • claimant (WYSIWYS) • message (integrity) • verifier (trusted system)
26 Oct 2004 IEEE (Qld) - W. Caelli 12
�INTEGRATION IS NOT EASY
26 Oct 2004
IEEE (Qld) - W. Caelli
13
�The “Caffrey” Defence
BBC: 17 Oct. 2003
Aaron Caffrey 19 yrs
Mr Caffrey had faced one charge at Southwark Crown Court of unauthorised modification of computer material. ..
…. the defendant's argument that his computer had been taken over by a hacker using a Trojan horse program .. …a jury cleared him after believing his defence that hackers had broken into his computer and used it to launch the attack.”
NOW A LEGAL PRECEDENT IN A JURY CASE IN THE U.K
26 Oct 2004 IEEE (Qld) - W. Caelli 14
�http://classactionamerica.com/public/caseIndex.aspx?lngCaseID=2090 1 July 2004.
26 Oct 2004 IEEE (Qld) - W. Caelli 15
�TAIPEI TIMES
May 20, 2004.
“ It shouldn’t require somebody with a technology degree to manage a home computer.” “Up until now, the IT suppliers have deflected criticism and redirected criticism to end users…
It’s time that IT suppliers and manufacturers stepped up to the plate.”
Marian Hopkins, Director – Security Task Force Business Roundtable (USA)
26 Oct 2004 IEEE (Qld) - W. Caelli 16
�26 Oct 2004
IEEE (Qld) - W. Caelli
17
�THE EFTPOS CASE • well designed • well implemented • trusted • through actual experience
26 Oct 2004 IEEE (Qld) - W. Caelli 18
�OVERALL SITUATION - 2004 – SUMMARY • Microsoft / LINUX based PC is not suitable as trustworthy e-commerce / e-government transaction node without add-ons in hardware and software / firmware, e.g. PINPad at EAL5 • Possible test of statements of “fit-for-use” through legal action in the USA against • vendor • system operator, e.g. bank, Government, health care, “SarbOx” corporations, etc. ( R&D / deployment becoming very urgent )
26 Oct 2004 IEEE (Qld) - W. Caelli 19
�• The home and business small computer system became a multi-user computer in the 1990s BUT the other users are usually not known to the owner/operator.
• It ceased to be a “PC” by the mid-1990s.
• The PC, unmodified, is not suitable for use as a business transaction system in the 21st century and to claim that it is could be regarded as a deceptive statement.
26 Oct 2004 IEEE (Qld) - W. Caelli 20
�It’s time to stop blaming the user and start blaming the vendor as well as the system implementers and providers.
“Will things get better? Certainly, when security flaws cause serious damage, buyers change their priorities and systems become more secure, but unless there’s a catastrophe, these changes are slow. Short of that, the best we can do is to drastically simplify the parts of systems that have to do with security.” Butler W Lampson, Microsoft: IEEE June 2004.
26 Oct 2004 IEEE (Qld) - W. Caelli 21
�THANK YOU
26 Oct 2004 IEEE (Qld) - W. Caelli 22
�