Protecting a data bus from malicious attack...

S

Sylvia Else

Guest
I\'m currently involved in freedom of information litigation before a
tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of
the physical and logical structure of the bus would allow a malicious
actor with physical access to the bus to sabotage it.

I want to argue that this is not a practical consideration because there
are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the
bus from a very high current source (couple of Sealed Lead Acid
batteries), to blow any TVS diodes. If they fail shorted, then the job
is done. If they vaporise, then the next step is to put rapid 25KV
pulses on the bus, using an ignition coil and a suitable driver. That
should kill anything connected to the bus, even through ordinary optical
isolators or Ethernet transformers.

But is there a way to defend against such an attack? I can see resistors
connected before the TVS diodes where a device is only reading the bus,
but not where it has to be able to drive the bus.

Thoughts on a defence, or a more devastating attack? Has to be portable
- no mains supply.
 
On 10/24/2020 7:08 AM, Sylvia Else wrote:
... a malicious
actor with physical access to the bus to sabotage it.
...

You\'re over thinking it. A hammer is all the MALACT would need.
 
On 24/10/2020 13:11, Bob Engelhardt wrote:
On 10/24/2020 7:08 AM, Sylvia Else wrote:
... a malicious actor with physical access to the bus to sabotage it.
...

You\'re over thinking it.  A hammer is all the MALACT would need.

Or zinc dust galvanising paint in a spray can.

ISTR there are weapons based on carbon fibre strands and/or graphite
intended to take out HT mains distribution systems.

https://en.wikipedia.org/wiki/Graphite_bomb

--
Regards,
Martin Brown
 
On 24/10/2020 12:08:22, Sylvia Else wrote:
I\'m currently involved in freedom of information litigation before a
tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of
the physical and logical structure of the bus would allow a malicious
actor with physical access to the bus to sabotage it.

I want to argue that this is not a practical consideration because there
are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the
bus from a very high current source (couple of Sealed Lead Acid
batteries), to blow any TVS diodes. If they fail shorted, then the job
is done. If they vaporise, then the next step is to put rapid 25KV
pulses on the bus, using an ignition coil and a suitable driver. That
should kill anything connected to the bus, even through ordinary optical
isolators or Ethernet transformers.

But is there a way to defend against such an attack? I can see resistors
connected before the TVS diodes where a device is only reading the bus,
but not where it has to be able to drive the bus.

Thoughts on a defence, or a more devastating attack? Has to be portable
- no mains supply.

I have worked in safety critical areas where there was a specific
requirement to cope with 24V supplied on any pin, indefinitely without
permanent damage or adverse reaction.

A mixture of transorbs and limiting resistors were used, and in order to
mitigate failure of a single component, 2 transorbs and 2 resistors were
used for each pin connected to the outside world. I might add this
included the driver side.

Without knowing more it really is very difficult to comment.


--
Mike Perkins
Video Solutions Ltd
www.videosolutions.ltd.uk
 
On Sat, 24 Oct 2020 22:08:22 +1100, Sylvia Else <sylvia@email.invalid>
wrote:

I\'m currently involved in freedom of information litigation before a
tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of
the physical and logical structure of the bus would allow a malicious
actor with physical access to the bus to sabotage it.

I want to argue that this is not a practical consideration because there
are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the
bus from a very high current source (couple of Sealed Lead Acid
batteries), to blow any TVS diodes. If they fail shorted, then the job
is done. If they vaporise, then the next step is to put rapid 25KV
pulses on the bus, using an ignition coil and a suitable driver. That
should kill anything connected to the bus, even through ordinary optical
isolators or Ethernet transformers.

But is there a way to defend against such an attack? I can see resistors
connected before the TVS diodes where a device is only reading the bus,
but not where it has to be able to drive the bus.

Thoughts on a defence, or a more devastating attack? Has to be portable
- no mains supply.

Do you just want to blow it up? Tapping any normal data bus with line
voltage will blow every chip in sight. I know, because I did that
once.

Ignition coils don\'t deliver much energy. A charged capacitor would be
lot more effective.



--

John Larkin Highland Technology, Inc

Science teaches us to doubt.

Claude Bernard
 
Sylvia Else <sylvia@email.invalid> wrote:
I\'m currently involved in freedom of information litigation before a
tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of
the physical and logical structure of the bus would allow a malicious
actor with physical access to the bus to sabotage it.

I want to argue that this is not a practical consideration because there
are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the
bus from a very high current source (couple of Sealed Lead Acid
batteries), to blow any TVS diodes. If they fail shorted, then the job
is done. If they vaporise, then the next step is to put rapid 25KV
pulses on the bus, using an ignition coil and a suitable driver. That
should kill anything connected to the bus, even through ordinary optical
isolators or Ethernet transformers.

But is there a way to defend against such an attack? I can see resistors
connected before the TVS diodes where a device is only reading the bus,
but not where it has to be able to drive the bus.

Thoughts on a defence, or a more devastating attack? Has to be portable
- no mains supply.

For slow bus defence is pretty easy: use \"open collector\" signaling
with keyed current sink on output and current source on input.
Plus HV diodes to protect against reverse polarity. Using lovely
2N3904/2N3906 one can tolerate 40V for indefinite time.
Bipolar HV transistors seem to be dirt cheap, so without
increase in cost one can get to something like 300V. For
higher voltages use depletion mosfets as current limiter.
Of course we still need something to protect against high
voltage spikes, but that my be high voltage TVS or even
spark gap (if semiconductors are resistant enough).

It is pretty clear that knowledge of physical structure of
the bus is helpful in an attack. One probably needs to
try increasingly higher voltages (say doubling voltage after
each trial). Assuming that HV protection is via spark gap
I would expect that failure will by burning out the line,
which would requre rather special source, capable of high
voltage needed to trigger spark gap, but after that
delivering high current at lower voltage.

Also, it is not clear what sabotage you have in mind.
If you want to disable the bus, then just shorting it
should be enough (alternatively break it). If you want
to induce malfunction into device connected to the bus
by electic interference on the bus, then in well designed
system this should be impossible (smaller perturbation
should be absorbed by protective elements, larger burn
the line or a fuse). OTOH if they do not want to
tell you about physical structure, then I would expect
rather lame protection...

--
Waldek Hebisch
 
On 10/24/2020 4:08 AM, Sylvia Else wrote:
One of the issues I need to address is the extent to which knowledge of the
physical and logical structure of the bus would allow a malicious actor with
physical access to the bus to sabotage it.

With PHYSICAL access to any medium, there\'s no way to protect it.
(if, by protect, you include \"prevent interference with the comms
transpiring on it\")

I want to argue that this is not a practical consideration because there are
much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the bus from
a very high current source (couple of Sealed Lead Acid batteries), to blow any
TVS diodes. If they fail shorted, then the job is done. If they vaporise, then
the next step is to put rapid 25KV pulses on the bus, using an ignition coil
and a suitable driver. That should kill anything connected to the bus, even
through ordinary optical isolators or Ethernet transformers.

What if the medium is optical? Or, \"wireless\"? (acoustical??)

But is there a way to defend against such an attack? I can see resistors
connected before the TVS diodes where a device is only reading the bus, but not
where it has to be able to drive the bus.

Thoughts on a defence, or a more devastating attack? Has to be portable - no
mains supply.

I use wired ethernet in my current system. Many of the drops are in
unsecured locations (outdoors, rooftops, rooms that may be occupied by hostile
actors, etc.). An attacker already KNOWS what the \"bus\" looks like -- both
electrically and the protocols typically used. And, could potentially spend
weeks working on his attack WITH access to the medium!

Note that a \"successful\" attack could potentially occur without \"harming\"
the medium (e.g., DoS, counterfeit messages, MITM, etc.).

So, each drop sits behind a \"one port, sacrificial firewall\" -- which is
NOT directly accessible (except via the interconnect cable to the \"exposed\"
drop). The firewall ensures only traffic intended for the device KNOWN
to reside at the exposed end travels up/down the link. So, replacing
the device with a counterfeit device (to inject harmful/corrupt messages)
doesn\'t expose any vulnerabilities -- the counterfeit device is effectively
squelched at the firewall.

Attempting to impose hazardous signals on the (exposed) conductors
will physically destroy the interposed \"firewall\" thus preventing
the damage to migrate into the switch. (i.e., the firewall acts as
a fuse).

But, this all relies on the REAL \"bus\" (i.e., the switch) NOT being
accessible to the attacker.

[An EMP in the front yard would be hard to protect against! :> ]
 
On Sat, 24 Oct 2020 22:08:22 +1100, Sylvia Else <sylvia@email.invalid>
wrote:

I\'m currently involved in freedom of information litigation before a
tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of
the physical and logical structure of the bus would allow a malicious
actor with physical access to the bus to sabotage it.

I want to argue that this is not a practical consideration because there
are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the
bus from a very high current source (couple of Sealed Lead Acid
batteries), to blow any TVS diodes. If they fail shorted, then the job
is done. If they vaporise, then the next step is to put rapid 25KV
pulses on the bus, using an ignition coil and a suitable driver. That
should kill anything connected to the bus, even through ordinary optical
isolators or Ethernet transformers.

But is there a way to defend against such an attack? I can see resistors
connected before the TVS diodes where a device is only reading the bus,
but not where it has to be able to drive the bus.

Thoughts on a defence, or a more devastating attack? Has to be portable
- no mains supply.

If one has that kind of access, some battery acid squirted or poured
in through the access hole will short everything together, even as it
starts dissolving everything. Actually, battery acid can make its own
access port.

Then there is the old standby, a fire axe.

Joe Gwinn
 
On 2020-10-24, Sylvia Else <sylvia@email.invalid> wrote:
I\'m currently involved in freedom of information litigation before a
tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of
the physical and logical structure of the bus would allow a malicious
actor with physical access to the bus to sabotage it.

\"We need to keep it secret for your security\" is code for \"We need to
keep the fact that it is not secure a secret\".

Are you looking for a witness to testify against security through
obscurity? I am not he, but have heard several very convincing
arguments. FSF may be able to assist.

I want to argue that this is not a practical consideration because there
are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the
bus from a very high current source (couple of Sealed Lead Acid
batteries), to blow any TVS diodes. If they fail shorted, then the job
is done. If they vaporise, then the next step is to put rapid 25KV
pulses on the bus, using an ignition coil and a suitable driver. That
should kill anything connected to the bus, even through ordinary optical
isolators or Ethernet transformers.

But is there a way to defend against such an attack?

Optical isolators are available in higher separation voltages,
there\'s no upper limit: If you go high enough they manufacure
the two sides and the channel as separate pieces.

I can see resistors
connected before the TVS diodes where a device is only reading the bus,
but not where it has to be able to drive the bus.

For the 24V threat: \"polyzen\" type combined self-resetting fuse and TVS - the TVS triggers
the fuse earlier.

for the kilovolt threat: gas-filled impulse supressors like used in comms equipment

crowbar crcuits.

Thoughts on a defence, or a more devastating attack? Has to be portable
- no mains supply.

low impedance 35KV impules like from a capacitor,
EMP device.

--
Jasen.
 
On 24/10/2020 5:57 pm, Joe Gwinn wrote:
On Sat, 24 Oct 2020 22:08:22 +1100, Sylvia Else <sylvia@email.invalid
wrote:

I\'m currently involved in freedom of information litigation before a
tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of
the physical and logical structure of the bus would allow a malicious
actor with physical access to the bus to sabotage it.

I want to argue that this is not a practical consideration because there
are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the
bus from a very high current source (couple of Sealed Lead Acid
batteries), to blow any TVS diodes. If they fail shorted, then the job
is done. If they vaporise, then the next step is to put rapid 25KV
pulses on the bus, using an ignition coil and a suitable driver. That
should kill anything connected to the bus, even through ordinary optical
isolators or Ethernet transformers.

But is there a way to defend against such an attack? I can see resistors
connected before the TVS diodes where a device is only reading the bus,
but not where it has to be able to drive the bus.

Thoughts on a defence, or a more devastating attack? Has to be portable
- no mains supply.

If one has that kind of access, some battery acid squirted or poured
in through the access hole will short everything together, even as it
starts dissolving everything. Actually, battery acid can make its own
access port.

Then there is the old standby, a fire axe.

Joe Gwinn

I\'ve seen Coca~Cola do guitar amps in. Accident ya know. ;-)
 
On 10/24/20 6:45 PM, Jasen Betts wrote:
On 2020-10-24, Sylvia Else <sylvia@email.invalid> wrote:
I\'m currently involved in freedom of information litigation before a
tribunal here in Australia.

One of the issues I need to address is the extent to which knowledge of
the physical and logical structure of the bus would allow a malicious
actor with physical access to the bus to sabotage it.

\"We need to keep it secret for your security\" is code for \"We need to
keep the fact that it is not secure a secret\".

Are you looking for a witness to testify against security through
obscurity? I am not he, but have heard several very convincing
arguments. FSF may be able to assist.

I want to argue that this is not a practical consideration because there
are much easier ways of doing that.

My thinking for an attack is first to place something like 24V on the
bus from a very high current source (couple of Sealed Lead Acid
batteries), to blow any TVS diodes. If they fail shorted, then the job
is done. If they vaporise, then the next step is to put rapid 25KV
pulses on the bus, using an ignition coil and a suitable driver. That
should kill anything connected to the bus, even through ordinary optical
isolators or Ethernet transformers.

But is there a way to defend against such an attack?

Optical isolators are available in higher separation voltages,
there\'s no upper limit: If you go high enough they manufacure
the two sides and the channel as separate pieces.

I can see resistors
connected before the TVS diodes where a device is only reading the bus,
but not where it has to be able to drive the bus.

For the 24V threat: \"polyzen\" type combined self-resetting fuse and TVS - the TVS triggers
the fuse earlier.

All gone, unfortunately. They\'re amazing devices, but Tyco wanted a
buck apiece in volume.

for the kilovolt threat: gas-filled impulse supressors like used in comms equipment

crowbar crcuits.

Thoughts on a defence, or a more devastating attack? Has to be portable
- no mains supply.

low impedance 35KV impules like from a capacitor,
EMP device.

Physical and chemical attacks are harder to defend against, but maybe
not impossible. A good conformal coating would help resist the spray
galvanizing attack. Silicone conformal coating ought to resist most
acids as well, at least for awhile.

There\'s always lighter fluid and a Zippo. ;)

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal Consultant
ElectroOptical Innovations LLC / Hobbs ElectroOptics
Optics, Electro-optics, Photonics, Analog Electronics
Briarcliff Manor NY 10510

http://electrooptical.net
http://hobbs-eo.com
 
On 10/25/2020 8:27 AM, Phil Hobbs wrote:
Physical and chemical attacks are harder to defend against, but maybe not
impossible. A good conformal coating would help resist the spray galvanizing
attack. Silicone conformal coating ought to resist most acids as well, at
least for awhile.

There\'s always lighter fluid and a Zippo. ;)

\"This ad brought to you by your friends at Thermite.\"
 

Welcome to EDABoard.com

Sponsor

Back
Top