Protecting a data bus from malicious attack

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
I'm currently involved in freedom of information litigation before a  
tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of  
the physical and logical structure of the bus would allow a malicious  
actor with physical access to the bus to sabotage it.

I want to argue that this is not a practical consideration because there  
are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the  
bus from a very high current source (couple of Sealed Lead Acid  
batteries), to blow any TVS diodes. If they fail shorted, then the job  
is done. If they vaporise, then the next step is to put rapid 25KV  
pulses on the bus, using an ignition coil and a suitable driver. That  
should kill anything connected to the bus, even through ordinary optical  
isolators or Ethernet transformers.

But is there a way to defend against such an attack? I can see resistors  
connected before the TVS diodes where a device is only reading the bus,  
but not where it has to be able to drive the bus.

Thoughts on a defence, or a more devastating attack? Has to be portable  
- no mains supply.




Re: Protecting a data bus from malicious attack
On 10/24/2020 7:08 AM, Sylvia Else wrote:
Quoted text here. Click to load it

You're over thinking it.  A hammer is all the MALACT would need.

Re: Protecting a data bus from malicious attack
On 24/10/2020 13:11, Bob Engelhardt wrote:
Quoted text here. Click to load it


Or zinc dust galvanising paint in a spray can.

ISTR there are weapons based on carbon fibre strands and/or graphite  
intended to take out HT mains distribution systems.

https://en.wikipedia.org/wiki/Graphite_bomb

--  
Regards,
Martin Brown

Re: Protecting a data bus from malicious attack
On 24/10/2020 12:08:22, Sylvia Else wrote:
Quoted text here. Click to load it

I have worked in safety critical areas where there was a specific  
requirement to cope with 24V supplied on any pin, indefinitely without  
permanent damage or adverse reaction.

A mixture of transorbs and limiting resistors were used, and in order to  
mitigate failure of a single component, 2 transorbs and 2 resistors were  
used for each pin connected to the outside world. I might add this  
included the driver side.

Without knowing more it really is very difficult to comment.


--  
Mike Perkins
Video Solutions Ltd
We've slightly trimmed the long signature. Click to see the full one.
Re: Protecting a data bus from malicious attack
wrote:

Quoted text here. Click to load it

Do you just want to blow it up? Tapping any normal data bus with line
voltage will blow every chip in sight. I know, because I did that
once.

Ignition coils don't deliver much energy. A charged capacitor would be
lot more effective.



--  

John Larkin         Highland Technology, Inc

Science teaches us to doubt.

We've slightly trimmed the long signature. Click to see the full one.
Re: Protecting a data bus from malicious attack
Quoted text here. Click to load it

For slow bus defence is pretty easy: use "open collector" signaling
with keyed current sink on output and current source on input.
Plus HV diodes to protect against reverse polarity.  Using lovely
2N3904/2N3906 one can tolerate 40V for indefinite time.
Bipolar HV transistors seem to be dirt cheap, so without
increase in cost one can get to something like 300V.  For
higher voltages use depletion mosfets as current limiter.
Of course we still need something to protect against high
voltage spikes, but that my be high voltage TVS or even
spark gap (if semiconductors are resistant enough).

It is pretty clear that knowledge of physical structure of
the bus is helpful in an attack.  One probably needs to
try increasingly higher voltages (say doubling voltage after
each trial).  Assuming that HV protection is via spark gap
I would expect that failure will by burning out the line,
which would requre rather special source, capable of high
voltage needed to trigger spark gap, but after that
delivering high current at lower voltage.

Also, it is not clear what sabotage you have in mind.
If you want to disable the bus, then just shorting it
should be enough (alternatively break it).  If you want
to induce malfunction into device connected to the bus
by electic interference on the bus, then in well designed
system this should be impossible (smaller perturbation
should be absorbed by protective elements, larger burn
the line or a fuse).  OTOH if they do not want to
tell you about physical structure, then I would expect
rather lame protection...

--  
                              Waldek Hebisch

Re: Protecting a data bus from malicious attack
On 10/24/2020 4:08 AM, Sylvia Else wrote:
Quoted text here. Click to load it

With PHYSICAL access to any medium, there's no way to protect it.
(if, by protect, you include "prevent interference with the comms
transpiring on it")

Quoted text here. Click to load it

What if the medium is optical?  Or, "wireless"?  (acoustical??)

Quoted text here. Click to load it

I use wired ethernet in my current system.  Many of the drops are in
unsecured locations (outdoors, rooftops, rooms that may be occupied by hostile
actors, etc.).  An attacker already KNOWS what the "bus" looks like -- both
electrically and the protocols typically used.  And, could potentially spend
weeks working on his attack WITH access to the medium!

Note that a "successful" attack could potentially occur without "harming"
the medium (e.g., DoS, counterfeit messages, MITM, etc.).

So, each drop sits behind a "one port, sacrificial firewall" -- which is
NOT directly accessible (except via the interconnect cable to the "exposed"
drop).  The firewall ensures only traffic intended for the device KNOWN
to reside at the exposed end travels up/down the link.  So, replacing
the device with a counterfeit device (to inject harmful/corrupt messages)
doesn't expose any vulnerabilities -- the counterfeit device is effectively
squelched at the firewall.

Attempting to impose hazardous signals on the (exposed) conductors
will physically destroy the interposed "firewall" thus preventing
the damage to migrate into the switch.  (i.e., the firewall acts as
a fuse).

But, this all relies on the REAL "bus" (i.e., the switch) NOT being
accessible to the attacker.

[An EMP in the front yard would be hard to protect against!  :> ]

Re: Protecting a data bus from malicious attack
Quoted text here. Click to load it

"We need to keep it secret for your security" is code for "We need to
keep the fact that it is not secure a secret".

Are you looking for a witness to testify against security through
obscurity? I am not he, but have heard several very convincing
arguments.  FSF may be able to assist.

Quoted text here. Click to load it


Optical isolators are available in higher separation voltages,  
there's no upper limit: If you go high enough they manufacure  
the two sides and the channel as separate pieces.

Quoted text here. Click to load it

For the 24V threat: "polyzen" type combined self-resetting fuse and TVS - the TVS triggers
the fuse earlier.

for the kilovolt threat: gas-filled impulse supressors like used in comms equipment

crowbar crcuits.

Quoted text here. Click to load it

low impedance 35KV impules like from a capacitor,
EMP device.

--  
  Jasen.

Re: Protecting a data bus from malicious attack
On 10/24/20 6:45 PM, Jasen Betts wrote:
Quoted text here. Click to load it

All gone, unfortunately.  They're amazing devices, but Tyco wanted a  
buck apiece in volume.

Quoted text here. Click to load it

Physical and chemical attacks are harder to defend against, but maybe  
not impossible.  A good conformal coating would help resist the spray  
galvanizing attack.  Silicone conformal coating ought to resist most  
acids as well, at least for awhile.

There's always lighter fluid and a Zippo. ;)

Cheers

Phil Hobbs

--  
Dr Philip C D Hobbs
Principal Consultant
We've slightly trimmed the long signature. Click to see the full one.
Re: Protecting a data bus from malicious attack
On 10/25/2020 8:27 AM, Phil Hobbs wrote:
Quoted text here. Click to load it

"This ad brought to you by your friends at Thermite."


Re: Protecting a data bus from malicious attack
wrote:

Quoted text here. Click to load it

If one has that kind of access, some battery acid squirted or poured
in through the access hole will short everything together, even as it
starts dissolving everything.  Actually, battery acid can make its own
access port.

Then there is the old standby, a fire axe.

Joe Gwinn

Re: Protecting a data bus from malicious attack
On 24/10/2020 5:57 pm, Joe Gwinn wrote:
Quoted text here. Click to load it

I've seen Coca~Cola do guitar amps in. Accident ya know. ;-)

Site Timeline