Home >Documents >Threats to Fiber- Optic Infrastructures · lMCI targeting Verizon for brand damage [tap...

Threats to Fiber- Optic Infrastructures · lMCI targeting Verizon for brand damage [tap...

Date post:09-Apr-2018
Category:
View:220 times
Download:3 times
Share this document with a friend
Transcript:
  • 0000

    Threats to Fiber-Threats to Fiber-OpticOptic

    InfrastructuresInfrastructures

    A A BlackhatBlackhat Federal Briefing Federal Briefing1-2 October, 20031-2 October, 2003

  • 1111

    l Introduction to Fiber Network Infrastructure Technology

    l Threats

    l Tapping [A Demo]

    l Defending Fiber Infrastructures

    l Physical Security Defenses

    l Conclusion

    l Q&A

    TOCTOCTOC

  • 2222

    lMark Gross [Opterna]l Vice Presidentl [email protected] www.opterna.com

    lRobert J. Bagnall [iDEFENSE]l Dir, Intel Opsl [email protected] www.idefense.com

    Your PresentersYour PresentersYour Presenters

  • 3333

    PerceptionsPerceptionsPerceptions

    ItemWashington Technology, April 10, 2003

    Running a continuous strand of fiber also assuresthat a fiber optic line has not been tapped intoabonus of security conscious agencies.

  • 4444

    ThreatsThreatsThreats

  • 5555

    lComputerWorld April 2003Tapping fiber optic cable without being detected, and making

    sense of the information you collect, certainly isnt trivial, buthas been donefor the past seven or eight years.

    Gartner Group

    ThreatsThreatsThreats

  • 6666

    Eavesdroppingl Phonel Faxl Video teleconference

    Injectionl Data Integrity Attacks

    IntrusionIntrusionIntrusion

  • 7777

    1. Eavesdropping Case Studyl The Wolf Report March 2003

    Security forces in the US discovered an illegally installed fibereavesdropping device in Verizons optical network. It wasplaced at a mutual fund companyshortly before the releaseof their quarterly numbers.

    l Baghdad April 6, 2003 - Fox News

    2. Injection Case Studyl FAA

    IntrusionIntrusionIntrusion

  • 8888

    Assessing the Security ThreatAssessing the Security ThreatAssessing the Security Threat

    Assessing the Security ThreatAssessing the Security ThreatlTV show Alias- fall, 2002-3rd episodel Item

    l CIA agent Sidney Bristow is sent off on a mission with a devicethat will be used to tap SD-6s fiber optic cable

  • 9999

    Assessing the Security ThreatAssessing the Security ThreatAssessing the Security Threat

    -Premise is that a submarine fiberoptic cable will be tapped and theinformation mined for a profit

    lTom Clancys new book, Cutting Edge, March-2003

  • 11110000

    Assessing the Security ThreatAssessing the Security ThreatAssessing the Security Threat

    The concept and practice of tapping secretly into a fiberoptic cable, wherever it is, has become part of thelexicon- a standard mode of operation, to be discussedand considered as a legitimate method to gatherinformation.

  • 11111111

    Introduction to Fiber NetworkInfrastructure Technology

    Introduction to Fiber NetworkIntroduction to Fiber NetworkInfrastructure TechnologyInfrastructure Technology

  • 11112222

    lThere are over 90 million miles of single-mode fiber inthe US alone

    lOnly 25% is currently lit

    l90% of the installation has occurred since 1996

    lTechnology advances increase data transport capacity onfiber exponentially on an annual basis

    US Fiber FactsUS Fiber FactsUS Fiber Facts

  • 11113333

    l FO networks form the backbone of the UScommunications infrastructure

    lRecent technology advances have resulted the ability toeasily and inexpensively tap an FO cable

    lUS military, intelligence, law enforcement, and financialservices information run on fiber, and are thus exposed

    US Fiber FactsUS Fiber FactsUS Fiber Facts

  • 11114444

    lMultimode

    lSingle mode

    lElectrical-Optical Conversion

    Fiber: The BasicsFiber: The BasicsFiber: The Basics

  • 11115555

    Structure of a Fiber Optic CableStructure of a Fiber Optic CableStructure of a Fiber Optic Cable

  • 11116666

    Structure of a Fiber Optic CableStructure of a Fiber Optic CableStructure of a Fiber Optic Cable

  • 11117777

    Assessing The Security ThreatAssessing The Security ThreatAssessing The Security Threat

    Margin = 8 dB!

    By design, optical systems have wide optical budgets. A welldesigned fiber link can experience a wide variety of opticalanomalies with no data loss, bit errors, signal failures, ornetwork warnings whatsoever.

    Transmit power = -10 dBmReceive sensitivity = -32 dBm

    Link loss = 14 dB

    Duplex fiber link

    LocalEquipment

    TxRx

    LocalEquipment

    TxRx

  • 11118888

    l ComputerWorld April 2003Fiber optic cablescan be easily intercepted, interpreted, and

    manipulated using standard off-the-shelf equipment that can beobtained legally throughout the world. More important, the vastmajority of public fiber networks do not incorporate methods fordetecting optical taps, offering an intruder a relatively safe way toconduct corporate espionage.

    ThreatsThreatsThreats

  • 11119999

    Tapping

    [The Basics]

    TappingTapping

    [The Basics][The Basics]

  • 22220000

    lWSJ May 2001former intelligence officials confirmed that NSA technicians used a special

    submarine to tap into a fiber-optic cable on the seafloor in the mid-1990s,around the same time that fiber amplifiers began displacing electro-opticamplifiers. The sub supposedly had a special compartment into which thecable could be hauled, enabling technicians to install the tap.

    l IEEE June 2003Further evidence of the NSAs ability to tap undersea fiber-optic cables and its

    intention to go on doing it is a $1B project at Electric Boat in Groton,Connecticut, to outfit a new Navy submarine, the USS Jimmy Carter, with aspecial 45-meter-long section. The Navy has never disclosed the exactpurpose of the expensive addition to the $2.4B sub, but mostobserversbelieve it is to tap undersea fiber-optic cables.

    Active Fiber TappingActive Fiber TappingActive Fiber Tapping

  • 22221111

    It has been shown that an intruder can easily tap a fiber line withoutbeing detected through the use of a low-cost Clip-on Coupler

    It has been shown that an intruder can easily tap a fiber line withoutbeing detected through the use of a low-cost Clip-on Coupler

    The TapThe TapThe Tap

  • 22222222

    Commercially available taps are readily available that produce aninsertion loss of 3 dB which cost less than $1000!

    Commercially available taps are readily available that produce aninsertion loss of 3 dB which cost less than $1000!

    The TapThe TapThe Tap

    Taps currently in use by state-sponsored military and intelligenceorganizations have insertion losses as low as 0.5 dB!

    Taps currently in use by state-sponsored military and intelligenceorganizations have insertion losses as low as 0.5 dB!

  • 22223333

    Security Threat - DisclosureSecurity Threat - DisclosureSecurity Threat - Disclosure

    Too Much Information Online!

    Efficiency over Security

    Social Engineering & End-User Awareness

  • 22224444

    Security Threat - ActorsSecurity Threat - ActorsSecurity Threat - Actors

    lAdversarial nation states [N. Korea]l Intercepted comms of US military build-up activities

    l International Espionage [France]l Targeted US high-tech, scientific, & pharmaceutical

    corporations

    lCorporate Espionage [US-vs-US Company]l MCI targeting Verizon for brand damage [tap disclosures]

    lRogue Groups [Al-Qaeda]l Intercepting network traffic between US & embassies

    lRogue Individuals [Miscreants, Hackers]l Wire transfer & other financial attacks

  • 22225555

    Security Threat PnP & OpsSecurity Threat Security Threat PnP & Ops PnP & Ops

    l Companies do not view themselves as a CIP asset

    l Basic security policies not in place or followed

    l Procedures not enforced

    l Lack of awareness/education for end-users

    l Lack of accountability of end-users after training

  • 22226666

    Defending Fiber Optic InfrastructuresDefending Fiber Optic InfrastructuresDefending Fiber Optic Infrastructures

  • 22227777

    1. Provide continuous, real-time, protocol independent,physical layer monitoring of the fiber networkconnection

    2. Identify optical anomalies by analyzing the opticalcarrier

    3. Built-in Route Protection Switching proactivelyenhances network integrity by auto-switching to pre-configured backup paths as required.

    DefensesDefensesDefenses

  • 22228888

    1> DETECT the eventl monitor both primary and backup paths

    2> ISOLATE the affected pathl within the first few milliseconds

    3> RE-ROUTE traffic using the RPS

    4> Notify the management system

    Physical Security of FiberPhysical Security of FiberPhysical Security of Fiber

  • 22229999

    lPhysical Layer Intrusion Prevention Systems: desiredtraits

    Automatically identifies, differentiates, and characterizes 8distinct optical event types:

    Intrusions Optical Signal Injections & Eavesdropping

    Cable Breaks Transients Receiver Overloads Low Optical Signal Levels Data Signal Loss Identify Causes of Power-off Conditions

    Physical Security of FiberPhysical Security of FiberPhysical Security of Fiber

  • 33330000

    l Functionality:Monitoring the optical carrier

    DOES NOT decode the data on the optical carrier Is a PASSIVE system Data remains in the optical state and is not regenerated

    Physical Security of FiberPhysical Security of FiberPhysical Security of Fiber

  • 33331111

    1. Bury the fiber in concrete2. Weld shut or secure manhole covers, wiring closet doors, riser

    access panels, & elevator shafts3. Use of OTDR Technology:

    l No continuous monitoringl No intrusion shutdownl No characterization or optical faults detectedl Ineffective at detecting dynamic or transient disturbances

    4. Optical Power Level Attenuation Monitoringl No intrusion shutdownl No fault characterization

    Physical Security MeasuresPhysical Security MeasuresPhysical Security Measures

  • 33332222

    5. Vibration Sensing Technologyl No intrusion shutdownl 6 dB optical insertion lossl FiberSenSys

    6. Phase modulation of the optical signall Oyster Optics

    7. Real-time fiber carrier monitoring systemsl FiberSentinel

    Physical Security MeasuresPhysical Security MeasuresPhysical Security Measures

  • 33333333

    ConclusionConclusionConclusion

  • 33334444

    lTapping [easy & cheap]

    l Injection & Eavesdropping

    lDoS Attacks

    lPhysical Security & Access

    lEnvironmental & Man-made DoS Events

    Security ConcernsSecurity ConcernsSecurity Concerns

  • 33335555

    lContinuous Real-time Monitoring

    lCapability to Differentiate & Characterize OpticalAnomalies

    lAutomatic Intrusion Detection Shutdown

    lAutomatic Re-route to Redundant Paths

    Desired Security ElementsDesired Security ElementsDesired Security Elements

  • 33336666

    QuestionsQuestionsQuestions

    ???

  • 33337777

    Mark Gross, VP [Opterna][email protected]

    Robert J. Bagnall [iDEFENSE]Dir, Intel Ops

    [email protected]

    How to Contact UsHow to Contact UsHow to Contact Us

of 38/38
Threats to Fiber- Threats to Fiber- Optic Optic Infrastructures Infrastructures A A Blackhat Blackhat Federal Briefing Federal Briefing 1-2 October, 2003 1-2 October, 2003
Embed Size (px)
Recommended