4/6 Evolving The Market

00:01

in this section, we will discuss the three states of data,

00:04

starting with the lesser known did up in use

00:08

and then covering the well known data at rest and data in transit states.

00:16

Data in use is when it is loaded in memory and used by running applications.

00:22

Attacks on data in use have already happened with the 2014 data breach on targets Credit card processing Point of sales systems using RAM scraping Mel, where data in use is very difficult to protect because of an architectural flaw in the underlying operating system architecture of all

00:41

popular operating systems Today.

00:43

As a result, all Deal P and I are M products. Leave data in use unprotected and can all be attacked by ram scraping malware.

00:53

Contact a one logic using the contact information at the end of this course for a demo of a universal and unfixable bypass in all data loss prevention and information rights management products in the market Today,

01:08

hyper visors can be used to protect data when it is in use in memory

01:14

with hyper visors, the application can run unmodified and the protection would not have to know about the internals of the application or the data that it consumes or produces if all the data that is written out of the virtual machine is forcibly encrypted,

01:30

we already talked about the value of hardware foundations and enforcing security.

01:36

Intel's X 86 V T X extensions allow hardware enforced isolation off the V M's memory away from the untrusted environment.

01:47

New memory security technology from the hardware vendors such as Intel and Andy, are allowing encryption off the memory out of'em granularity.

01:57

As a result, the VM with memory encryption becomes almost equivalent to Intel SGX.

02:04

One of the biggest strengths of using hyper visors, as already mentioned, is that it does not require modifying applications,

02:12

which means that it allows both backward and forward compatibility with legacy applications and future applications that have not even been written yet.

02:20

Since a VM emulates a physical machine and all applications run on physical machines, the general trend is that all applications can run in V EMS and therefore can be protected by hyper visors. In addition, tricks can be played with the hyper visor to juggle the user input and output device is in such a way

02:39

that did a traveling to or from the hardware

02:43

never passes through an untrusted environment.

02:46

The result of this hardware passed through is that the user can safely interact with the applications using regular mouse and keyboard input, as they would expect, and they can see the output on the screen as they would also expect.

02:59

This is a bigger deal than it sounds, because we will see in the next few sides that SGX currently does not allow safe user input and output.

03:08

When hyper visor based security is combined with memory encryption, it takes the memory encryption strength of Intel SGX without the weakness of requiring the application to be modified or allowing the user input or output to travel through untrusted environment.

03:24

In order to comply with the unchanged user experience concept discussed earlier, multiple windows from multiple the EMS can be forwarded and composited onto a single screen simultaneously.

03:38

This would give the user the same natural experience that they're used to when working with multiple windows, side by side from multiple applications running on a single operating system.

03:51

If multiple graphical windows are running and seamless mode, the user might not even know that there is a security hyper visor running behind the scenes and protecting data.

04:00

This is the way security software should be unobtrusive and out of the way.

04:04

Hyper visor based security, combined with memory encryption, is the best of both worlds.

04:12

The left side shows what happens when data is unprotected in use. Mallorcan get onto the system using low hanging fruit, such as a browser exploit, and can steal sensitive information from other programs that are running, such as Acrobat. In this case, which might have a PdF file, open the right side

04:31

shows what security can be achieved

04:34

when hyper visors are used. Toa isolate and protect sensitive data in use. You can see that the malware is trapped in the untrusted VM and cannot jump across the hyper visor toe. Access the data in use in acrobat in the trusted VM. When a PDF file is open,

04:54

Intel SGX can be used to protect data in juice.

04:59

SGX loads the code and the data in an encrypted memory in clave and executes the code on the data.

05:06

One of the biggest problems with Intel SGX is that the SGX in clave acts like an island of trust in the middle of an untrusted environment,

05:17

user input and output cannot get to or from the SGX in Clave Island without passing through the untrusted environment, where it's confidentiality and integrity can be compromised.

05:31

There is no public way to solve this issue right now.

05:34

An exploitation of this vulnerability would be key logging, malware, stealing keyboard input before it gets to the code running in the enclave and taking screenshots of sensitive data after it leaves the inn clave but before it is displayed on the screen. Another big weakness with SGX

05:53

is the fact that the application must be modified

05:56

in order to take advantage of the X 86 SGX extensions.

06:00

This means that all applications that need to be protected would have to be modified and redeployed.

06:08

This violates the concept of backward compatibility discussed earlier. The Block Post linked here gives more in depth information about SGX versus hyper visors and references academic papers on the subject.

06:24

In this diagram, applications number one and number three have no way of protecting data in use.

06:30

Intel SGX helps application number to protect its data in use. This diagram also shows the problem with the S E X in clave being the island of trust that we mentioned earlier in the middle of an untrusted environment.

06:46

There's no trusted input path from the keyboard or mouse to the inn clave, and there's no trusted output path from the enclave to the display

06:56

home or FIC. Encryption is another way to protect data in use through innovations in cryptography with home or FIC. Encryption operations and computations are done directly on cipher text. This means that data never has to be decrypted in order to be used,

07:13

thereby keeping the data protected when in use.

07:16

*** morph it. Cryptography has limitations similar to those of Intel SGX. First of all, if the environment is not trusted enough to decrypt data when it is in use, it is probably not trusted enough to allow sensitive user input and output to pass through it either. As a result,

07:34

there is no way for a user to securely interact with the application.

07:39

Also, all the standard applications that we use today expect to process unencrypted data. They would have to be rewritten in order to operate on cipher text.

07:49

The requirement to rewrite the applications

07:51

violates the backward compatibility concept that we discussed earlier.

07:59

This is a conceptual diagram of home or FIC encryption.

08:03

If M is the input and there is a function F performed on it and the result is encrypted, the result would be the same as if M was first encrypted and the function was evaluated on the cipher text of em.

08:20

Data at rest is when it is stored on a disc and did. Address is generally well protected today by encryption.

08:28

There are two main types of data that dress encryption file encryption and disc encryption.

08:33

File encryption provides more security because it is more granular and at the file level, which allows the encryption to follow the file wherever it ends up, even if it is excellent. Traded disc encryption, however, is less granular than file level encryption and therefore provides the less security

08:50

disc. Encryption mostly protects against the device being lost or stolen, rather than the file being uploaded by a legitimately logged on user or malware Impersonating a legitimately logged on user database. Column encryption is similar to disc encryption and that the encryption does not follow the data.

09:07

Storing encrypted data in the data base is more granular and allows the encryption to follow the data. Even if the cell is read out of the database or uploaded, a system is more secure. If encryption is more granular,

09:20

we must assume that data exfiltration is occurring because files can legitimately be stored outside the enterprise, such as UN employee's devices or in clouds.

09:31

The thing that we cannot verify is whether those employees devices or those clouds are safe.

09:41

Data in transit is when it is transferred over a public medium that the attacker has access to.

09:46

Data in transit is generally well protected by today's security software.

09:50

Many network protocols exist today to protect it in transit.

10:00

Today, the industry does a good job of protecting data address and in transit, but does nothing to protect data in use because data usually has to be decrypted in order to be used or processed by almost all of today's applications,

10:13

thereby making encryption useless.

10:16

Since classic encryption cannot be used to protect data in use, the industry has not paid much attention to protecting data in use.

10:24

Protecting data in this state is a big problem because it is one of the three states of data and represents a big gap in the security industry, that's 33%.

10:37

Hackers always attack the security gaps.

10:39

Adi Shamir, one of the fathers of the R. S a encryption algorithm, says that the mathematics of encryption is okay,

10:48

didn't out rest, and data in transit is therefore safe because it is protected by encryption.

10:54

Data in use is at risk because it's the only place where the data is necessarily decrypted for use by the application and is therefore unprotected by encryption.

11:07

This unprotected data in use on Lee exists on the end point. And that's what I did Shameer is talking about when he's referring to endpoint Security.

11:16

So one of the things that cryptography is supposed to let us do it with a very little bit of effort encrypt data so that it takes a huge amount of effort to read it. And

11:26

there was an email that Bill Gates wrote in 2000 to saying that

11:30

our software should be so fundamentally secure that customers never even worry about it, and I see a great deal of worrying going on. So the mathematical goals that we have with cryptography of getting this

11:41

great security at a low cost don't seem to be happening and you look at what the NSA was doing? Likewise,

11:48

they were getting a huge amount of information for relatively or maybe a modest amount of effort. What should we be doing differently?

11:54

In some sense, I think that we should distinguish between the mathematics of photography and application of cryptography.

12:03

One of the nice things I love if I can say this is the silver lining in the Snowden revelation is that there wasn't any indication in all the, you know, hundreds of thousands of documents that the NSA was able to break any off the major crypto systems.

12:20

For example, they are spending huge amount of money in order to build the quantum computer

12:26

s o. They apparently don't have a fast vectoring algorithm breaking our say they have toe trip, the lipstick care of schemes. So if you look at all those documents, there isn't any indication that they managed to break the mathematics.

12:43

However, it is their applications. The windows they are

12:48

under wade, the endpoint security, which is