Section 7 - Supply Chain Assessment Flashcards

1
Q

By conducting a supply chain assessment, you’re going to be able to understand what?

A

Where parts come from and if you can trust that end product

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In order to create a trusted computing environment, you need to do what?

A

Ensure that the operation of every element, which includes the hardware, the firmware, the drivers, the OS, and the applications are consistent and tamper-resistant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is due diligence?

A

A legal principle that says the subject has used best practice or reasonable care when setting up, configuring, and maintaining a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are important things to consider when doing a supply chain assessment?

A
  1. Properly resourced cybersecurity program
  2. Security assurance and risk management processes: do they have a valid organization and a way of doing due diligence within themselves?
  3. Product support life cycle: what is its end-of-life date? will it be around for five years when I have a problem and need a resolution?
  4. Security controls for confidential data: do they have the proper security controls in place to ensure your data remains confidential?
  5. Incident response and forensics assistance: when things go wrong, will they be there to help you?
  6. General and historical company information: do they have strong enough financials that they’re going to be in business next year?
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The Department of Defense has low tolerance for hardware. So they created something known as…?

A

The Trusted Foundry

This is a microprocessor manufacturing utility that’s part of a validated supply chain, one where the hardware and software does not deviate from its documented function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is “hardware source authenticity”?

A

This is the process of ensuring the hardware is procured tamper-free from trustworthy suppliers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is ROT?

A

Root of Trust

A cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics.

*** If you think about your TPM inside of your BIOS, that is a root of trust.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is TPM?

A

Trusted Platform Module

A specification for hardware-based storage of digital certificates, keys, hash passwords, and other user and platform identification information.

*** For the test, remember that this is a part of your system that allows you to have the ability to ensure that when you’re booting up, it is done securely and we can take those reports and digitally sign them using the TPM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a “hardware security module”?

A

This is an appliance for generating and storing cryptographic keys that is less specifiable to tampering and insider threats than using storage-based solutions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does it mean to “anti-tamper”?

A

Methods that make it difficult for an attacker to alter the authorized execution of software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the two main ways to provide anti-tampering to our electronics?

A
  1. FPGA
  2. PUF

They will zero out your cryptographic key which then can automatically wipe out the information on that system, making sure you know it’s been tampered with and therefore, nobody can get the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is FPGA?

A

Field Programmable Gate Array

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a PUF?

A

Physically Unclonable Function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A ___ ___ gives an attacker an opportunity to run any code at the highest level of CPU privilege.

A

firmware exploit

This is because if you’re at the firmware, like in the BIOS or the UEFI, you essentially have root access over the entire system.

*** This means that anti-malware will not find it because this happens before Windows is loaded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is UEFI?

A

Unified Extensible Firmware Interface

This is a type of system firmware providing support for 64-bit CPU operations at boot.

This also gives you a full GUI and mouse operations at boot and better boot security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

This is a feature of UEFI that prevents unwanted processes from executing during the boot operation.

A

secure boot

Essentially, this is going to check things and make sure that there’s digital signatures installed from those OS vendors

17
Q

This is a UEFI feature that gathers secure metrics to validate the boot process in an attestation report.

A

measured boot

As you’re booting up, it’s going to be taking different measurements, collect that data and create a report that it will then attest to.

18
Q

What does “attestation” mean?

A

A claim that the data presented in a report is valid.

It does this by digitally signing it and using the TPM’s private key.

19
Q

This is a means for software or firmware to permanently alter the state of a transistor on a computer chip.

A

eFuse

*** This is an electronic fuse that uses one time programming to seal these cryptographic keys and other security information during the former development process. If someone tries to mess with it, it will blow that fuse making the firmware no longer valid or trusted.

20
Q

This is a firmware update that is digitally signed by the vendor and trusted by the system before it’s installed.

A

trusted firmware updates

21
Q

These are disk drives where the controller can automatically encrypt the data that is written to it.

A

Self Encrypted Drives

These drives have firmware to run that encryption process, that is, software on a chip which is what firmware is. So it is important to make sure this firmware too is trusted.

22
Q

This is a mechanism for ensuring the confidentiality, integrity and availability of software code and data as it’s executed in volatile memory.

A

Secure Processing

23
Q

What are the five ways to do secure processing?

A
  1. Processor Security Extensions
  2. Trusted Execution
  3. Secure Enclaves
  4. Atomic Execution
  5. Bus Encryption
24
Q

These are low-level CPU changes and instructions that enable secure processing. They are built into your microprocessor.

A

Processing Security Extensions

25
Q

Processing Security Extensions are called different things depending on the processor that you use. What are these alternate names?

A

AMD = Secure Memory Encryption (SME) or Secure Encrypted Virtualization (SEV)

Intel = Trusted Execution Technology (TXT) or Software Guard Extensions (SGX)

26
Q

The CPU’s security extensions invoke TPM and a secure boot attestation to ensure a trusted OS is running. Any time we want to boot up the system, we want to make sure that we are using trusted firmware. This is called what?

A

Trusted Execution

27
Q

This is an enclave that allows a trusted process to create an encrypted container for sensitive data.

A

Secure Enclave

*** This is where you can store encryption keys and other sensitive data.

28
Q

There are extensions in place to make sure that someone can’t reuse or hijack an ___ ___ operation like doing a memory initialization.

A

Atomic Execution

*** These processes are built into processors these days. They are certain operations that only need to be performed once - like initializing a memory location.

29
Q

Data that is encrypted by an application prior to being placed on the data bus.

A

Bus Encryption