[From the last episode: We looked at hashingA way to combine the contents of a message to generate a value that is almost unique to that message., showing how you can turn a block of data into a kind of signature.]
You come home after work and you notice that the back door isn’t locked. One of those things that’s easy to forget when you’re in a hurry. So… did anyone avail themselves of this opportunity to pilfer your goods?
You cautiously enter the house. Hearing no suspicious noises, you start inspecting each room. Is anything missing? Has anything been moved? Are there any telltale footprints? Seeing that everything appears to be in order, you let your guard down – and you lock the back door.
What you’ve just done is attestationA security operation that involves “inspecting” software (and perhaps also data) to check whether anything has been altered.. More or less. Attestation is the third of our A words – the first being authenticationThis is the act of proving to some other entity that you are truly who you are representing yourself to be. That is, you're not pretending to be someone else. "You," of course, means a computer or IoT device or any other entity trying to make a network connection with another computer or device., proving that you’re authentically you, and the second being authorizationThe process of deciding what privileges – if any – someone gets on a network, server, or other asset., showing that you’re authorized to do something.
Corrupted Code
Let’s take an IoTThe Internet of Things. A broad term covering many different applications where "things" are interconnected through the internet. device instead of a house. You’ve got, oh, I don’t know, perhaps a securityRefers to whether or not IoT devices or data are protected from unauthorized viewers. camera outside that’s connected to the cloudA generic phrase referring to large numbers of computers located somewhere far away and accessed over the internet. For the IoT, computing may be local, done in the same system or building, or in the cloud, with data shipped up to the cloud and then the result shipped back down.. What if someone took it down, opened it up, and messed with the internal code so that it would do something useful to them at your expense?
I know, that sounds pretty unlikely. After all, how would they know where to find the code, and how would they replace it? Actually… it’s not that hard. I mean, yeah, it’s super hard if you don’t know what you’re doing, but if you’re an experienced hackerA misused, but common term for an unauthorized person trying to break into a device or network. Originally, in this context, "hackers" referred to the good guys (or "white hats"), while "crackers" were the bad guys (black hats)., you have lots of tricks and tools to help you. They might not even gain access to the camera (or whatever) physically: they might get to it through the networkA collection of items like computers, printers, phones, and other electronic items that are connected together by switches and routers. A network allows the connected devices to talk to each other electronically. The internet is an example of an extremely large network. Your home network, if you have one, is an example of a small local network..
And what they change in the softwareIn this context, "software" refers to functions in an IoT device that are implemented by running instructions through some kind of processor. It's distinct from "hardware," where functions are built into a silicon chip or some other component. might not have anything to do with you; they may just be making your device yet another pawn in some grander game. Like having your device participate in a distributed denial of service (DDoS) attack on some other completely unrelated site.
There are a couple of ways this could work. In one case, someone might alter the fundamental code that runs when you power up your device – the so-called boot codeSoftware that loads and runs when a device first powers up., which runs when you boot up. If that’s the case, then the new software won’t run until the next time you start the systemThis is a very generic term for any collection of components that, all together, can do something. Systems can be built from subsystems. Examples are your cell phone; your computer; the radio in your car; anything that seems like a "whole.".
The other way would be to alter active memory while the device is running. If that happened – which appears to be the case with the Mirai botnet linked above – then the altered software would hang around only until you restarted the system, at which point the device would reload the original code, wiping out the infection.
Of course, someone could do both…
Scanning Your Device
So, how do you know if anyone has monkeyed with your software? You do the digital equivalent of going around the house to see if anything looks off. The way you do that with software is to hash the software and create a digestThe result of a hashing operation. that is, for practical purposes, unique to that software. You may remember that hashing takes a block of data – and, in this case, the data represents code (they’re all 1s and 0s, after all…) and munges it together into some number. It’s very unlikely that two different blocks of data or code will yield the same digest.
So, for instance, upon bootup, before letting your device start working, it could quick run a hash of all the software to make sure that the digest it creates is the expected one. If the digest is different from what’s expected, then that’s a clue that someone has been monkeying about with the code.
It’s pretty straightforward to run attestation at boot time, and that protects you from any changes made to the original code that will boot up. But what about changes made to the working version of the code while the device is up and running?
In principle, you can still run attestation to check things out. What’s not so obvious, however, is when you would do that. Boot time is the obvious time for boot code, but when would you run attestation on a live system? This is the kind of thing that a security expert would help with during the design of the system. They’d come up with a policy that says, for example, that every 12 hours it will check the software. There’s no one right or best way to do it.
Your Role
Thorough attestation can be an important tool in making sure that viruses or other malwareSoftware that usually finds its way into a computer or phone or IoT device without the knowledge or approval of the device's owner. It's malware when the intended purpose of the software is to cause some kind of harm. haven’t ended up on your system. Of course, this isn’t something you yourself can run (unless a device were designed with a “Run attestation” button or command that you could do; not likely). All of the “yous” used in this discussion are generic. Realistically, it’s out of your control and up to the designers of the system.
What you can ask, if you want to know about it, is whether the system runs attestation at boot-up or during operation. It adds to the cost of a device, so cheaper units may not have it. A salesperson may well not know the answer to that question unless lots of people ask about it. If security is a serious concern for you – and it should be – then you should ask all the questions. This will send a clear message that you want security and that you won’t be satisfied with, “Oh yeah, we have great security” as a pat answer.
Leave a Reply