1 / 15

SCI-FI and UCS Analytics

SCI-FI and UCS Analytics. Nathan Krussel. PNNL. Intern Presentation. Contacts. Mary Sue Hoxie Manager Jessica Smith Mentor / SCI-FI project Seth Thompson UCS Analytics Contact Info Email: Nate.Krussel@gmail.com. SCI-FI (Supply Chain Integration for Integrity) Project Overview.

molimo
Download Presentation

SCI-FI and UCS Analytics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SCI-FI and UCS Analytics Nathan Krussel PNNL Intern Presentation PNNL-SA-97492

  2. Contacts • Mary Sue Hoxie • Manager • Jessica Smith • Mentor / SCI-FI project • Seth Thompson • UCS Analytics • Contact Info • Email: Nate.Krussel@gmail.com PNNL-SA-97492

  3. SCI-FI (Supply Chain Integration for Integrity) Project Overview • Non-Destructive Reverse Engineering • Doesn’t damage the chip • No need to be an Electrical Engineer • Looks at logic, not the hardware • Why? • Current supply chain is unchecked • Integrated Circuits (ICs) are manufactured elsewhere • Verify design matches product • How? • Exhaustive search of all possible combinations • Uses tree methodology • Multi Lab Collaboration PNNL-SA-97492

  4. SCI-FI Big Picture Benefit Ensure confidence in the hardware/firmware Need Critical Systems are composed of these un-verified pieces. We need a method of verifying the IC. Approach Multi-Lab cooperative project.Non-destructive logic level analysis of the integrated circuit. SCI-FI PNNL Project Lead PNNL will develop the tools and techniques needed to reverse engineer, identify and attribute components of the state machines that integrated circuits are built upon to ensure accuracy and integrity of the hardware. LLNL LLNL will develop the analysis capabilities for both embedded field device firmware and energy management system application software. ORNL ORNL will develop the policy and processes needed to implement the hardware and software/firmware analysis tools and techniques created by PNNL and ORNL. PNNL-SA-97492 Funded by DOEOE CEDS

  5. SCI-FI Parts of the System PNNL-SA-97492

  6. SCI-FI Open MPI Cluster • Proof of Concept • Virtualized in VMware • 1 Compute Node • Low Memory • The Good • Free • Light Weight • Easy cluster computing • The Bad • Multi-pathing • Code can get messy very fast • The Ugly • Firewall Issues • Reliance on very new GLIBC PNNL-SA-97492

  7. SCI-FI Source Code Issue • Problem • Static vs Dynamic trees • Memory Usage • Solution • Partitioned tree files • Specially formatted files for reading • Could bottleneck on disk IOPS (input/output operations per second) • Optimizations? • Still unsolved, need to find root cause • Could be limiting factor for depth of search. PNNL-SA-97492

  8. SCI-FI Future Work • Short Term ( < 6 months) • Refactoring the code to work with the new format • Shift from current method to passing file names • Using a real life Integrated Circuit • Long Term (> 6 months) • Create a full sized physical hardware cluster • Non binary tree shaped circuits • Full automation of IC • Multi-IC input for speed improvements PNNL-SA-97492

  9. UCS Analytics Overview • Unclassified Cyber Security • Implement network protection strategies and devices • Cyber threat incident prevention and response PNNL-SA-97492

  10. UCS Analytics Mysterious Connections • Odd ssh connections discovered • Not normal pattern • Not a known good location • Several Machines going to same location • Looking for commonalities between connections and machines • Similar software • Settings • Multiple connection times/attempts PNNL-SA-97492

  11. UCS Analytics Potential Impacts • Botnet • Data Exfil • Stolen Password Hashes • Virus Release • Spying • Bragging Rights PNNL-SA-97492

  12. UCS Analytics Password Complexibility Testing Framework • What is it? • Password strength verification • Automated • Scalable (distributed, theoretically to thousands of nodes) • Why? • NIST Special Publication 800-53 (security and privacy controls, federal systems/organizations • NIST 800-53 Control IA-5(c,h) • Tool present incase of need to audit passwords • If I can do it, the “bad” guys can do it many times faster PNNL-SA-97492

  13. UCS Analytics Password Complexity Testing Framework • Iterations • First implementation in bash • Had many drawbacks, and was clunky and very hacky • Not very portable, very hard to follow • Second Implementation in python • Easier to read/maintain offers additional features in the same package set • Benefits and Drawbacks • Very fast • Easy to use • Requires dedicated GPU’s • Allows for automated password auditing (launch and forget) • Limitations (Software and Hardware) • By extension any limits in OCLhashcat are present here • Nvidia GPU’s are much slower at hashing and cost more per GPU PNNL-SA-97492

  14. UCS Analytics Password Complexity Testing Framework • Stats • 8 character password lowercase and digits (md5crypt) • 2.82 E+12 combinations • Hashing at 870,000 a second (Nvidia M2090) • 37.53 days on a single GPU • 1.39 days on 32 GPU’s with this code Ati 6990 Nvidia GTX 570 http://hashcat.net/oclhashcat-plus/ PNNL-SA-97492

  15. Questions?Nate.Krussel@gmail.com PNNL-SA-97492

More Related