No 1 | 2017
Crypto SmartProtect –
The highest level of cyber defence
Focus
3| FOCUS
Attacks from
cyberspace
6| INTERVIEW
Interview with Bernhard Hämmerli,
IT professor at Lucerne University
of Applied Sciences and Arts
10 | The enemy in the system
Dear Readers
Digital transformation is moving full steam ahead as
is the networking based on public networks that is
associated with it. That is why the threats from cyberspace are likewise increasing worldwide. This trend
affects not just companies but public authorities and
organisations as well. In many cases, the attackers
target the terminal equipment of the employees. This
approach enables, for instance, customised malware to
be smuggled into a government ministry, data to be
drawn out, and great harm to be done. To be guarded
against these highly professional cyberattacks, multiple-level security elements are required to protect the
primary attack targets, the computing platforms.
CryptoSmartProtect, the unique high-security computing technology developed by Crypto AG, eliminates this security risk and reliably wards off cyberattacks. At the same time, work can proceed with its
usual convenience in the familiar user environment.
In this issue of CryptoMagazine, you will find more on
this new technology as well as on important fields of
action in cyber defence and possible systems of
protection.
14 | Crypto SmartProtect for total Information Security and
maximum ease of use
18|Government-supported
protection systems
21 | Chat securely
22| SUCCESS STORY
Document exchange in
government contexts with
end-to-end protection
Attacks from cyberspace
IT system operators have to arm themselves against a growing variety of attacks from cyberspace – that
also applies to organisations with highly professional defence systems. After all, the larger the number of
networked devices and the more complex the structures, the more difficult it is to provide effective protection
against dangers. Besides attack entry points on the technical side, employees must also be prevented from
becoming risk factors.
The increase in networking, automation, digitisation, and
digital transformation is also driving the rapid expansion of
cyberspace – the virtual space that encompasses all IT systems
that are globally connected over the Internet or similar networks. Attack surfaces for information, applications, processes,
and communication between all these systems are constantly
increasing as a result.
Cyber defence therefore involves the struggle for information
security, i.e. for the availability, authenticity, integrity and confidentiality of digital data and systems that process data. Organisations, companies and government authorities in particular
are making efforts to prevent data outflows. Yet the frequency
of innovation is high both among those attacked, who have to
protect themselves constantly against new attacks, and among
the attackers.
Multifaceted attacks
Attacks from cyberspace come in a variety of forms. Basically,
all aspects of information security are affected. Advanced
persistent threats (APTs), for example, are attacks on the
confidentiality of information. They are targeted attacks on
organisations or government authorities. In the process, the
attacker gains permanent access to a victim network and
successively expands that access. APTs require excellent technical expertise plus the use of extensive resources and are generally difficult to detect. Incidents in which non-authorised
parties gain access to data are designated as data losses or data
leaks – this applies both to serious cases such as APTs and to
less far-reaching penetration into IT systems.
Publication details
Published twice a year | Print run | 4,200 (German, English,
French, Spanish, Russian, Arabic)
Publisher | Crypto AG, P.O. Box 460, 6301 Zug, Switzerland,
www.crypto.ch
Giuliano Otth
President and
Chief Executive Officer
Editor-in-chief | Anita von Wyl, Crypto AG, T +41 41 749 77 22,
F +41 41 741 22 72, [email protected]
Reproduction | Free of charge with the consent of the editorial office.
Courtesy copies requested. Copyright by Crypto AG
Illustrations/photo credits | Crypto AG: Cover, pp. 2, 14, 21, 22 |
Keystone: p. 18 | Prof. Dr. Bernhard M. Hämmerli: p. 7 |
Shutterstock: pp. 3, 8, 9, 10, 13, 20
CryptoMagazine 1 / 17 | 3
Cyber crime
Cyberattack
Cyberspace
Distributed Denialof-Service
Social engineering
Malware
Computer
network
defence
Defacement
Advanced persistent threats Cyber risk
Computer network attacks
Resilience
Ransomware
Social media
Command and Control Servers
Typical attacks on the integrity and authenticity of data,
two further aspects of information security, are known as defacements. The content of a website is changed and falsified
in the process to mislead visitors to the defaced Internet pages.
This tactic is also common in connection with attempts to
use phishing to access passwords. Attackers try to employ fake
websites, e-mail addresses or short messages to obtain a user’s
personal data and thereby commit identity theft. The term is
derived from "password" and "fishing", and means "fishing
for passwords".
All aspects of information security affected
The availability of data is prevented, say, through launch of
denial-of-service (DoS) attacks that render individual services,
websites or entire networks unreachable for users. If a DoS
attack is undertaken by several systems at the same time, it
is known as a distributed DoS or a DDoS attack (distributed
denial-of-service attack). DDoS attacks are characterised by the
large number of computers and services in use – as a rule,
botnets are used. A botnet is a group of computers, all of which
are compromised by a malicious code. The code turns them
into bots – a term taken from "robot". The affected computers
are monitored and controlled by botnet operators through a
command and control server. Another method of impairing
the availability of data is to use ransomware – i.e. malicious
software that installs itself unnoticed. It restricts the availability
of the data until the user of a system pays a ransom or satisfies
another demand from the attacker.
4 | CryptoMagazine 1 / 17
Denial-of-Service
Critical infrastructure
Phishing
Computer
network
exploitation
Botnet
Digitisation
IT system
Focus
Cyber war
Focus
Workplaces in the sights of attackers
There has been an upsurge in attacks on terminal equipment.
Some are used as a springboard to penetrate further levels of
an IT system. It is therefore crucial that organisations and
government authorities maintain high standards of workplace
security. That is true regardless of location but to a special
extent particularly for employees active outside their usual
work environment, for instance, travelling or at home. It is
precisely the employees who must be reachable at all times
who need especially secure infrastructure. In this context, it is
important to keep in mind that the required safety processes
must be kept as convenient as possible, so employees are
not tempted to disregard security standards for reasons of
practicality.
Conversely, the use of private applications at work – say, social
media – open entry points for attacks. Social engineering is
employed to mislead victims into divulging data of their own
accord, circumventing protective measures or installing malware. The perpetrators exploit human weaknesses such as
curiosity or fear to manipulate the victims. Consequently, the
latter click on links that covertly install malware, for example,
or they divulge passwords and other sensitive information.
Crime in cyberspace
Digital space is limitless, which often makes it difficult, or in
many cases hardly possible, to identify attackers. Nonetheless,
various types are recognisable, both among victims and
among attackers. The latest highly professional attacks show
the following: In many cases, the attacks are undertaken by
groups that act systematically to pursue political, economic
or anti-governmental goals.
Attacks from cyberspace
affect all aspects of information
security.
Attacks primarily aimed at enrichment or economic harm are
known as cyber crimes. Offences such as identity theft or
business espionage generally fall into this case group as well.
But cyberspace is likewise a place where war is waged. It is
uncontested that warfare in the information age always also
involves digital components. In mid-2016, NATO officially
declared cyberspace to be a war zone. That means attacks
conducted there can trigger consequences akin to attacks on
the ground, in the air or by sea.
A cyber war can therefore cause an enormous amount of
damage. Military conflicts conducted with IT resources in
cyberspace are often categorised as being of three types: If an
attacker's aim is to paralyse or destroy the opponent’s network
capacities, the actions are known as computer network attacks
(CNAs). Computer network exploitation (CNE), for its part,
pertains to actions aimed at obtaining intelligence information
from the opposing side’s computers. Actions taken to protect
one’s own computers and computer systems are known as
computer network defence (CND).
In actual practice, it is often difficult to distinguish between
cyber war and cyber crime. For one thing, the attackers are
often impossible to identify; for another, attacks against private
companies can also be in pursuit of military goals. These goals
include, for instance, interfering with the everyday social and
economic life of a country. They can be pursued by means of
attacks against private companies responsible for providing the
power supply or similar critical infrastructure.
Rapid developments expected
Two developments are accelerating the spiralling attacks and
countermeasures. One is the proliferation of electronic devices
and their networking. The other is the growing complexity of
the tasks that these devices can perform. Industry 4.0 entails
process-integrated cooperation across companies and organisations and is creating whole new dimensions of networking.
A look at this and similar trends clearly shows that not only a
wealth of possibilities is opening up but that new attack
surfaces are also being created.
In the development of effective protective mechanisms, it is
all the more important not only to create measures aimed at
protecting data during transmission but likewise to keep an eye
on the growing number of terminals. Not least, privately used
devices must be taken into account in security considerations
so that even the tiniest loopholes can be closed before attackers
gain access through them to entire systems.
CryptoMagazine 1 / 17 | 5
INTERVIEW
"A promising approach is for
organisations to pursue diverse
strategies at the same time."
A massive upsurge in attacks from cyberspace has been observed along with a dramatic rise in the professionalism of attackers. In this interview, Bernhard Hämmerli, IT professor at Lucerne University of Applied Sciences
and Arts, classifies the attacks and their perpetrators and examines ways in which organisations and government authorities can efficiently protect themselves.
Cyber risks have risen markedly in recent years. How would
you describe the status quo of the cyber security situation
for companies and government authorities?
The World Economic Forum estimates that the cost of cyber
crime in 2015 as applied to Switzerland totals about US$ 5 billion.
This figure is four times as large as in 2013. By contrast, the
outlays for national precautionary measures in Switzerland
amount to only about US$ 70 million. The trend in estimated
damage from cyber incidents indicates, on the one hand,
dramatic growth, and on the other, in my opinion, a discrepancy between the estimated losses and the investments made
in countermeasures.
What is the reason for this trend?
On the one hand, the level of professionalism among attackers
has risen enormously in recent years. The point is no longer
recognition, as it was with the first hackers, but rather tangible
financial gains. And dominance in cyberspace – especially
with respect to governmental action in this area.
How is effective protection against cyber risks structured?
Until about a decade ago, many organisations assumed that
investments in protective measures would suffice to prevent
damage from attacks. The assumption was correct for a long
time. Yet the attacks have increased massively. In the meantime, government authorities and large organisations are
under almost constant attack. And these attacks involve
substantial risks for information security – in other words,
they endanger the availability and authenticity of digital data
as well as its integrity and confidentiality.
6 | CryptoMagazine 1 / 17
What is the appropriate response to these developments?
There are two fundamental strategies: One is to rely on
deterrence at the policy level, through strict penalties for
instance. The second is for the organisation to be prepared if
something does happen. This latter strategy is summarised
with the catchwords "detection and response". In other words,
attacks must be detected promptly and countermeasures taken
quickly. In addition, the security architecture must be designed
so that an attack on one workstation does not render the entire
IT system vulnerable in one fell swoop.
Could you comment on the perpetrators of attacks and
their motives?
For one thing, there is a financial motive; for another, attacks
from cyberspace pursue political goals. It is not uncommon to
have a subset of motives combining financial and political goals.
Could you describe a typology of the most frequent victims,
also with an eye to making a distinction between cyber war
and cyber crime?
This distinction is difficult because combinations are commonplace. Among victims, all conceivable players can be
found, from private individuals who get taken in by a phishing e-mail, or companies whose business secrets have been
spied into, to countries who are watching each other in cyberspace to base their actions on the information they glean.
What are common types of attacks on companies and
government authorities?
There is a whole range of attacks. Often, the point is to tempt
users into clicking on something – be it a link or an attachment
sent by e-mail. This is a way of installing malware that can be
used, say, to extract data. Malware of this kind is often the first
springboard for penetrating the IT system of an entire organisation. Besides surveillance, attacks may also be aimed at
impairing functionality.
What types of attacks are particularly heinous and why?
There are no hard and fast rules on that. It depends on the
activities of an organisation and the goals of an attack. What
is uncontested, however, is that serious problems can arise if a
hack into an IT system goes undetected for an extensive period
of time. On the one hand, the activities of an organisation
could be monitored in this way over a longer period of time;
on the other, attackers would be able to wait for the optimum
time to attack their target. That is why a "detection and response" team is so pivotal. There are known cases of attackers
having access to critical IT systems for years on end.
Prof. Dr. Bernhard M. Hämmerli has been teaching
information technology since 1992 at the Lucerne University of Applied Sciences and Arts and since 2009 also at
the Norwegian University of Science and Technology.
He focuses on teaching and research in the fields of
communication, networks and information security. He is
a specialist in the protection of critical infrastructures.
Since 2012, he has headed up the ICT Security Platform
of the Swiss Academy of Engineering Sciences (SATW).
How can government authorities protect themselves
and national companies?
This task requires situation centres that continuously monitor
activities in cyberspace and provide information about dangers:
Efforts in this area should be intensified in Switzerland. With
the Reporting and Analysis Centre for Information Assurance,
known by its German acronym MELANI for short, we already
have a centre in Switzerland focused mainly on reporting
incidents and subsequently analysing them. Moreover, international collaboration on communicating about threats and
vulnerabilities is to be further intensified.
CryptoMagazine 1 / 17 | 7
When the level of information security is high, user convenience is frequently limited. Do IT security managers have no
choice but to live with this compromise?
The situation in the past actually was that nearly all IT security
measures were subsequently retrofitted and it was often quite
unpleasant for users to follow them. Usability is given a lot of
attention nowadays and the products currently on the market
have integrated security functions virtually free of restrictions
on operating convenience.
Where do you think the key areas of action will be in the
future when it comes to cyber defence?
There are a number of starting points. I would like to cite an
example briefly. To my mind, it is crucial that forensic skills be
expanded at national level. In other words, attacks should be
able to be investigated on site more efficiently and effectively.
Particularly smaller countries, such as Switzerland, regularly
have to resort to private providers of forensic services – in some
cases from abroad – even in cases where questions of national
security are at stake. For companies and organisations, I think
it is important to pursue a holistic approach that takes into
account the different dimensions of information security. Users
should not see their ease of use be restricted despite a high level
of information security. Instead, they should be able to work
efficiently, comfortably and very securely in their familiar user
environment wherever possible.
Crypto cSeminars
With its Crypto cSeminars, Crypto AG addresses specialists
entrusted with the information security of companies
and organisations. Experienced experts convey profound
expertise about information security, cyber crime, and
cryptography. In this age of digitisation, solid expertise
regarding cyber defence is crucial. Participants in the
Crypto cSeminars have this expertise and can use it for
comprehensively protecting sensitive information and the
ICT infrastructure within a company.
How big is the risk emanating from human beings? Studies
shows that more than 50 percent of the primary attack entry
points are attributable to employees behaving incorrectly.
In fact, the success of the initial infection of an IT system can
quite often be traced to an exploitation of incorrect human behaviour. Assume we have a government agency with 10,000 employees. Within one year, they all receive 100 e-mails from an
attacker sent with the objective of initiating the download of
malware. That means a total of one million attacks, which can
be carried out with relatively little effort. If just one employee
clicks a single time on the link, the attacker has achieved his
objective. Now, the probability of an error occurring in one
out of one million cases is quite high.
What is the best way to keep the "human factor"
under control?
A promising approach is generally for organisations to pursue
diverse strategies at the same time. On the one hand, the point
on the technical side is to create largely self-contained spaces
within the IT system so damage caused by penetration in an
IT system remains clearly limited. It is also recommended to
virtualise activities whenever possible. Finally, a central factor
is to sensitise employees continuously with an eye to awareness,
attitudes and behaviour.
8 | CryptoMagazine 1 / 17
Cyberattacks involve substantial
risks for information security –
they endanger the availability and
authenticity of digital data as well
as its integrity and confidentiality.
The Crypto cSeminars are held at the Crypto Academy
in Steinhausen / Zug, Switzerland. Further information
is available at www.crypto.ch/seminars.
Existing security systems often fail to stop customised attacks
on terminal equipment. How can we assure information
security in terminal equipment?
The problems involve several components: Each user no longer
has just one device but often has two to as many as five devices
in use. With mobile device management (centralised management) and virtual desktops (virtualising the PC desktop in the
data centre), the security situation in a company can be improved enormously. Once again, the employees play a role in
this process. Continuous training on correct behaviour helps in
this context, as was already mentioned. Nonetheless, it can be
assumed that even those efforts will not achieve one hundred
percent security. To attain a higher level of protection, all aspects of a security architecture must be taken into account. That
way the confidentiality of the information is assured at all times.
CryptoMagazine 1 / 17 | 9
The enemy
in the system
Even organisations keenly aware of IT security are
not immune from cyberattacks. Attacks that amaze
experts and the general public alike keep getting
publicised. That is because supposedly highly secure
companies or government authorities became victims
of attackers who targeted the terminal equipment of
the employees. For IT security architecture, one rule
applies more than ever: Pay attention to the terminal
equipment of the employees and keep them consistently separate from public networks.
No one expected this situation. The government authorities
wrongly believed they were secure. People were convinced
of being fully protected against any kind of cyberattacks.
The shock was all the greater when IT security managers were
forced to realise that cyber criminals had been entering and
exiting their supposedly secure IT system at will for months or
perhaps even years on end. What remained behind were mostly
question marks. In retrospect, it was no longer possible to reconstruct all the details involved in the attack. One can only
speculate which information and data was taken, how the
attackers gained access to the internal networks, and which
systems were infected.
An investigative report commissioned by the government was
written and published. Its object was to enable other companies
and government authorities to arm themselves more effectively
against attacks of these kinds. The identity of the perpetrators
still remains a mystery.
Using known software to enter an internal network undetected
The cyber criminals in this case proceeded with the utmost
care. It is therefore not known for sure when they commenced
activity. What is certain is that they utilised known malware for
years – consisting of different Trojans. The good camouflage in
the system is a feature of this technology. For example, it does
not require any administrator rights, which causes many classic
anti-virus programmes to start up.
Attackers proceed with the utmost
care and move undetected.
10 | CryptoMagazine 1 / 17
CryptoMagazine 1 / 17 | 11
The attackers were also extremely patient. They confined
their attacks within the government authority to victims they
could expect something from. They found that out by closely
observing the computer activities of the individual employees
through the malware they had smuggled in. Moreover, the
perpetrators probably obtained further information from the
status of the observed individuals in the organisation – for
instance, also information that is freely accessible on social
media networks.
The main target of the attack was initially the active directory
of the IT system. It is the central address book and from there,
other applications and devices can be accessed. The attackers
were also careful when it came to actual theft. To avoid creating
any anomalies in network traffic, there were times during the
attack when the level of activity was high but also ones when
it was low.
From a technical standpoint, something called command and
control servers were utilised for the attack. They activated
what are known as waterholes. This term refers to Internet sites
manipulated by the hackers that are frequently visited by the
victims and therefore trusted by them. The report said that jobs
were sent to the infected devices from these servers – a large
number of them were in operation. It was an ingenious system
comprising a host of non-locatable servers, a feature which
likewise prevented the attacks from being noticed for quite
some time.
Professional data theft
The investigative report called the attack on the government
authorities exemplary. Experts distinguish the following
general stages in large-scale hacker attacks: victim evaluation,
the initial infection and infection, and the actual exfiltration.
The point of the evaluation stage is to collect as much
information as possible about the target of the attack. That
includes a collection of IP addresses and diagrams as to
how the potential victims move within the IT system. This
information can initially be collected passively but later also
actively. Prior to the actual attack, the perpetrators must set
up the waterholes, i.e. tamper with the Internet pages frequently visited by victims. Alternatively, they can also prepare e-mails as a means by which to conduct the attack.
The initial infection stage is characterised by waterhole
activation or manipulated e-mails. The actual attack begins.
If it succeeds the victim’s behaviour is carefully examined and
a suitable attack tool is selected based on the findings. These
actions are referred to as social-manipulative attacks.
12 | CryptoMagazine 1 / 17
During actual infection, the perpetrator moves in the network
via various attack tools. Often, an initial reconnaissance tool
with modest capabilities is installed for this purpose. It is later
replaced by a comprehensive malware that entrenches itself
in the system. The attacker can use this malware to move
laterally in the system and look for information. Typical of
this lateral movement is that the attacker obtains additional
permissions and privileges over time – by spying out passwords, for example. To avoid detection by monitoring tools,
the data flows are often sent indirectly rather than directly.
For the actual theft, the data is often sent compressed and
fragmented and to a certain extent, encrypted – so the attack
is not discovered during this crucial stage.
The goal is to make life as difficult
as possible for the attackers. The
decisive aspect is that one’s own
system is monitored constantly
and closely to discover traces of
ongoing attacks immediately.
IT security intensified through the exchange of information
The authors of the investigative report concluded that attacks of
this kind can hardly be prevented. The goal, however, has to be
to make the life of the attackers as difficult as possible. The decisive aspect is that one’s own system is monitored constantly
and closely to discover traces of ongoing attacks immediately.
It is likewise important to share information about infections
that have occurred or been attempted.
This assessment is also conveyed by the experts from Crypto AG.
Effective system monitoring is deemed an essential part of a
comprehensive defence arrangement. It provides the opportunity
to detect illogical connections or other anomalies. To be able
to assure maximum IT security, there are also ways of building
IT systems today so they are fully protected against attacks of this
kind, thanks to major ICT advances.
The decisive factor in these efforts is that different security levels
are assigned within an organisation and communication occurs
exclusively within these zones. Classified information at the top
secret level, for example, is never allowed to leave the high-security zone. In addition, as few users as possible should have access
to this information. For subordinate security zones, the data that
is present is less sensitive and the security aspect is consequently
less central. However, these zones, too, must be sealed so as not
to endanger the security of the overall system.
The high-security zone is an isolated zone and does not have
access to the Internet. From the secure zone, the Internet can
be accessed securely only via protection at the perimeter.
Experts believe the key problem in the hacker attack mentioned
above was that although different security zones had been defined, there were probably "holes" between them. The attackers
exploited this fact. These gaps were the only reason they were
able to advance laterally through the system – and become privy
to company secrets step by step.
Experts from Crypto AG say it has been no problem for quite
some time to assure highly secure communication within a
security zone. Even if people are working externally on a laptop,
for instance, data can still be transported through protected
virtual private network (VPN) tunnels. This is achieved through
the direct integration of hardware-based components with which
myriad secure VPN tunnels can be created. These tunnels, in
turn, can be individually encrypted with keys that are independent of each other. Until now, if sensitive data was edited on a
terminal device, this task was done with minimum protection
and offered an easy target for cyber criminals.
Crypto AG has now succeeded in closing this security gap by
protecting terminal equipment with a combination of several
hardware and software security elements. Crypto SmartProtect is
the new technology for this purpose and furnishes full protection
for sensitive information in civilian and military fields of application. For more on Crypto SmartProtect, check out the
following article on page 14.
CryptoMagazine 1 / 17 | 13
Crypto SmartProtect for
total Information Security and
maximum ease of use
"Complexity is the worst enemy of security," is a favourite saying of IT experts. But IT systems of organisations,
companies, and government authorities are in fact becoming more and more complex. IT security managers
are increasingly facing a dilemma between demands involving information security on the one hand and ease
of use on the other. Crypto SmartProtect resolves this apparent contradiction.
The circumstances of given situations require quick action:
Say, an employee is travelling abroad when headquarters
sends classified top secret data to him on his computer. His
task now is to make excerpts of this classified information
available to other individuals with the same level of authori-
sation. He modifies the data and then sends it over the
Internet. In the process, the object is to follow the restrictive
security regulations of the organisation while also assuring
the confidentiality, integrity, and authenticity of the sensitive
information.
A scenario of this kind poses major challenges not only
for employees but also for the IT security manager. He is
responsible for providing the key staff with IT infrastructure
and workplaces that are user friendly but also highly secure.
Until now, this balancing act between security and ease of
use required compromises. Not least, the scenario called for
multiple systems true to this principle: "Only physical
separation assures maximum information security."
With Crypto SmartProtect, Crypto AG makes a technology
available that satisfies all the demands of highly secure,
local data processing on terminal equipment and its secure
transport while also taking into full account the tough
requirements and needs of today’s working world. During
development the main focus was on maximum ease of use,
including maximum security, with the ease of use remaining
unrestricted by the security requirements that have risen
sharply due to increasing cyberattacks which will continue
due to the trend towards digital transformation.
Until now, IT security managers had to be careful, on the one
hand, not to put overly tight constraints on users. If restrictions are too stringent, they impair efficiency or, in extreme
cases, are circumvented altogether. On the other hand, many
employees need secure access to sensitive information at all
times, regardless of their location or the platform they are
using. The crux in such cases is that classified, unclassified
and public information can be handled simultaneously and
conveniently, in particular also utilising the familiar user
environment. In addition, direct access from the workplace
to external sources of information, say the Internet, must be
provided in order to furnish employees with an efficient and
familiar work environment.
14 | CryptoMagazine 1 / 17
Crypto SmartProtect reliably
shields against cyberattacks
and enables secure and convenient work in a familiar
environment.
Attack patterns change
In the past, all IT systems were generally assigned to a common
network, whose interface with the Internet comprised a central
security gateway solution that was responsible for information
security. This security architecture may have met the demand
for simplicity but it provided insufficient information security
(refer to the article on page 10). Once an attacker overcame this
security gateway, the entire network and all its components
were open to him. For this reason, different security zones were
set up allowing data to be assigned according to classification;
i.e. a three-level model consisting of a high-security zone, a
secure zone and a trusted zone. The classification is there to
enable information to be filed according to its importance
or confidentiality.
Access across zone lines is banned, ensuring additional
security. This principle prevents attackers from being able
to exploit a compromised system with weaker security
measures as a springboard into the entire network. If an
IT system is compromised, only the IT systems belonging to
the same zone and organisational entity are in danger. This
architecture delivers a high level of information security, but
allows access to classified and unclassified information only
via separate notebooks or PCs, an arrangement that does not
promote user friendliness and tends to be cumbersome.
CryptoMagazine 1 / 17 | 15
user environments in isolated Compartments along with
a security operating system and protected hardware
Standard
operating system
Standard
operating system
Virtualisation
Application
Application
Application
Compartment C
Application
Application
Application
Compartment B
Application
Application
Application
Compartment A
User environments
When using Crypto SmartProtect,
employees can create, edit, save,
delete and send data on their computers simultaneously in different
security zones in consistently
separate Compartments.
Back to the cited scenario: When using Crypto SmartProtect,
employees can create, edit, save, delete and send data on their
computers simultaneously in different security zones in
consistently separate Compartments yet still access public
networks. Consequently, employees work in their familiar and
absolutely secure user environments without having to make
any sacrifices in terms of ease of use or being limited in data
handling by restrictive security precautions. Tasks can be
performed in a manner that is not only highly secure but
also efficient and convenient.
The Crypto SmartProtect Security Module is at the core part of
the hardware. It contains the boot image of the Crypto SmartProtect OS plus all encryption and authentication services.
These security elements are all fully protected by the Crypto
Security Architecture and are therefore unassailable. The four
fundamental security goals of confidentiality and integrity,
availability and authenticity can be assured. Included are triedand-tested features such as secure boot, secure login, and disk
encryption. The first-named executes a comprehensive security
check on every boot. Booting is continued only if this check
confirms the integrity of the entire hardware and software.
The second feature, secure login, assures unequivocal evidence
of identity based on multi-factor authentication. Finally, disk
encryption performs automatic and permanent encryption on
all data. Depending on application requirements, the Crypto
SmartProtect Security Module can be enhanced by the addition
of IP VPN encryption or file encryption.
The Crypto SmartProtect computing platform comprises
Security operating system
In the event that one and the same terminal device requires
access to different security zones or separate networks, multiple
protected Compartments that are mutually isolated from each
other can be operated simultaneously. Thus a person can work
in one Compartment in a self-contained, trustworthy user
environment online and offline while at the same time utilising
public networks in a second Compartment. The two user
environments are completely separate from each other and the
information in the trustworthy Compartment remains protected at all times.
Standard
operating system
Virtualisation
Virtualisation
Crypto SmartProtect OS
Microkernel
Crypto SmartProtect Security Module
Hardware
Technology architecture for full protection
against cyberattacks
The compromises between information security and ease of use
are not the only continuing source of irritation for IT managers. The ever greater complexity of off-the-shelf operating
systems and applications pose problems as well. These systems
are geared to compatibility, functionality and performance and
are based on codes several millions of lines long. Needless to
say, massive security risks lie dormant in these types of
architectures. A workplace today would be inconceivable
without modern operating systems and applications. For these
operating environments to be able to be run securely, they
must be contained in a secure Compartment that effectively
protects them against attacks from the outside. This protection
is achieved with the secure operating system Crypto SmartProtect OS. The security operating system provides fully
insulated Compartments. The user environments in these
Compartments are executed on the same processor by means
of the security operating system and under the watchful eye of
the microkernel, with consistent separation prevailing. The
architecture of the security operating system is based on the
principle of security by design. All components are structured,
isolated, and independently verifiable. The authorisations for
using the services of the individual components are unchangeably anchored, a feature consistently enforced by the microkernel. This approach averts all attacks on the Crypto SmartProtect OS and thus also on the user environments.
Encrypted disk
A
B
C
Monitor
Touchpad
Keyboard
Processor
Mouse
RAM
Optional
16 | CryptoMagazine 1 / 17
Crypto Security Architecture
Secure login
Crypto SmartProtect OS
Disk encryption
Secure boot
IP VPN encryption
File encryption
CryptoMagazine 1 / 17 | 17
Nuclear power stations are among
the best protected kinds of industrial
property and have comprehensive
protection plans.
Government-supported
protection systems
Malfunctions and failures of critical infrastructures (CIs) have serious consequences. Comprehensive protective measures are all the more important, especially to minimise cyber risks. With the "National strategy for
Switzerland’s protection against cyber risks (NCS)", the Confederation points out where action needs to be
taken and offers government bodies, assistance for CI operators.
The infrastructures of a country are its lifelines. Their proper
and reliable operation guarantees stability, order, and security
– basic requirements for the smooth functioning of society,
business and government. There is a special focus in this
context on critical infrastructures (CIs) from the sectors of
government authorities, energy, transport, public security,
waste disposal, finance, health, food, industry as well as
information and communication. CI protection is considered
extremely important. Along with strictly physical protection,
suitable protection against cyber risks has really come to the
fore in recent years.
It is estimated that 90 percent of key infrastructure areas in
industrialised countries rely on information technologies (IT).
The use of IT improves efficiency on the one hand, not least
due to networking among the different areas. On the other
hand, there is rapid growth in dependency and increased
susceptibility to malfunctions and manipulations. All in all,
business, society, even whole countries have become more
vulnerable, boosting the need for effective protective measures
18 | CryptoMagazine 1 / 17
in information security. In light of the complex types of digital
networking under way in various areas, it no longer suffices to
protect these areas separately. Integrated protection approaches
are called for instead in order to minimise the ramifications of
incidents on the economy and the general public and to restore
life to normal as quickly as possible.
Attack on information systems
The "National strategy for Switzerland’s protection against
cyber risks (NCS)" was passed by the Swiss Confederation in
2012 and reads as follows: "Cyberattacks on critical infrastructure can have particularly severe consequences, as they can
compromise vitally important functions or trigger fatal chain
reactions. Therefore, (often private) CI operators play a key role
as providers of important services with overriding security
implications."
Cyberattacks are launched on computers, networks and data.
These attacks are aimed at interfering with the integrity of the
data or the functioning of the infrastructure as well as limiting
or interrupting their availability. Among their goals, the
attackers want to impair the confidentiality or authenticity of
the information with their actions enabling them to read, delete
and modify data, overburden connections or server services,
spy on information channels, or intentionally tamper with
monitoring or performance systems.
90 percent of the important
infrastructure areas depend on
IT and protected communication
technology.
The effects of cyberattacks could have horrendous consequences for the entire population and the economy. For instance,
after a cyberattack, a blackout in the power supply would
paralyse critical infrastructures as well as the entire national
economy. The ensuing effects for the general population would
include, for instance, failure of lighting, heating and other
electronically controlled articles of daily use without which
everyday life would be inconceivable.
Keener awareness for cyber risks
Basically, the attitude taken in the strategy is that the individual stakeholders are responsible themselves for implementing
and optimising protective measures against cyber risks. According to the strategy, this has the following consequences for
CI operators: The risks are not allowed to be handled according
to solely economic principles. Instead, CI operators must make
efforts above and beyond that to minimise the risks.
The Confederation notes, however, that there is still a lack of
awareness in several sectors as to the threats emanating from
cyber risks. Integral thinking is likewise not yet established
everywhere. This approach says that cyber risks can be reduced
not just with technical measures such as fail-safe, alternative
and specially protected means of communication, and that
information and data must be explicitly protected. Equally
important, are organisational issues (such as the classification
of information or the regulation of access rights) and staff
issues (i.e. security checks or behavioural training).
CryptoMagazine 1 / 17 | 19
Government providing subsidiary aid
With regard to the role of the Condederation in protecting
against cyber risks, the strategy states the following: "The state
provides subsidiary services to protect against cyber risks,
e.g. through the exchange of information and intelligence
findings." The Reporting and Analysis Centre for Information
Assurance (MELANI) has a chief role to play. MELANI is
operated jointly by the Federal IT Steering Unit (FITSU)
and the Federal Intelligence Service (FIS).
The task of this body is to give operators of critical infrastructures subsidiary assistance with the information security
process. It does so by collecting and evaluating information
about incidents and threats and then sharing the resulting
findings with CI operators. MELANI offers, among other
things, situational assessments and analyses of early detection
of attacks or incidents, evaluates their ramifications, and
examines malicious programmes if the need arises.
The increasing digitisation and automation plus the standardisation of the technologies used (e.g. the concentration on
IP protocols) will bring along new and additional dangers.
The affected sectors are called on to consider the possible new
risks in developing their systems and products and in designing
their processes. At the same time, the Swiss Confederation
notes that absolute protection against cyberattacks is unachievable. Well-functioning and far-sighted cooperation between
government authorities and the operators of critical infrastructures is all the more important. It enables quick and secure
responses to be made to real cyber threats as they emerge and
the necessary groundwork to be laid for a protected and robust
information security system.
MELANI supports risk management of critical infrastructures
in the process, thereby helping to strengthen their resilience.
Viewed overall, the resilience of critical infrastructures is
composed of four components: the robustness of the systems,
the availability of redundancies, the ability to mobilise supporting measures, and the speed and efficiency of supporting
measures if the worst comes to the worst.
Blackout in a major city – possibly
triggered by a cyberattack
Chat securely
Voice and text messages have long been a part of everyday life. For the last several months, providers
of messaging applications have been offering protected ways of exchanging messages. How do they work
and how secure are they? This article also delves into the high-security solutions Crypto AG has developed
on this subject.
Encryption is a subject on everyone’s lips these days since
various providers of messaging applications have made available end-to-end encryption for their services. The descriptions
on the various applications being promoted say that neither
providers nor third parties can read the messages. The providers claim that encryption is available to everyone with the
latest version of the applications.
The scenario for sending encrypted messages is as follows:
First, the recipient creates his own pair of keys. The public key
is conveyed to the sender over the server, so the latter can use it
to encrypt the message. With his own private key, the recipient
can then decrypt the message. A possible weakness, however, is
that the provider can assign the sender a new public key, say,
when equipment is replaced or re-installed. That would mean,
for instance, that the sender would then use the key generated
by the supplier to encrypt messages not yet received by the
recipient. This would put the provider in a position to decrypt
the messages with his new private key. Further, the terminal
equipment itself could have potential entry points for attacks.
Key terms indicate this fact, such as the lack of integration
protection for the application, the lack of a genuine random
number generator or also overly short key pairs.
Encrypted chat from Crypto AG
Crypto AG has offered an appealing and highly secure communication solution for several years with a specially ruggedised mobile phone. Ruggedised means that an unauthorised
modification of the device is reported immediately. Voice and
text messages are protected at all times and places with the
Crypto Mobile HC-9100.
20 | CryptoMagazine 1 / 17
The customer operates his infrastructure autonomously, so his
data is always under his control. The encryption is carried out
in the ruggedised mobile phone in a secure hardware environment where the customer uses his own encryption algorithm.
Only the customer himself possesses and manages his keys that
were created by a true random generator.
Voice and text messages are
protected at all times and places
with the Crypto Mobile HC-9100.
For the exchange of text messages, the message of up to
1,000 characters in length is encrypted in the world’s tiniest
high-security encryption device integrated directly in the
phone and sent directly to the recipient. The sender promptly
finds out that the message has arrived at the recipient. As soon
as the message is handed over to the security application,
security is assured not only for the transmission but also in
both terminal devices. The message is saved in the secure data
store of the HC-9100, specifically only in the sending and
receiving devices. This feature of the high-security solution
marks a major difference from the off-the-shelf models.
CryptoMagazine 1 / 17 | 21
SUCCESS STORY
Document exchange in
government contexts with
end-to-end protection
Government
administration
Mobile office (President)
Internet /
Private IP Network
HC-7835
HC-9300
A government minister is told that secure communication between himself and his staff and the heads of the
various government ministries is protected against third parties without compromise and constantly guaranteed. An exchange of editable documents subject to the top level of encryption meets these requirements.
The cooperation with various offices in a government ministry
takes a variety of forms: The government minister is supported
by his staff in exercising his political duties. Offices of the
ministry must be supervised but everyday administrative tasks
also have to be performed. In the performance of all these
responsibilities, the highly secure transmission of classified
documents and information must be assured for all employees.
The suitable security platform is used based on the location of
the given individuals. Central security management to control
the communication relationships and user groups is essential in
this process.
The highly secure exchange of
classified information is possible at all times and in all places
Highly secure exchange of editable documents
The Internet or also a private IP network can be used for the
highly secure communication of the stationary or mobile
office of a head of state for government administration or the
government ministers. IP telephony has won the day through
the global expansion of data networks and the performance
capabilities associated with it. The confidential e-mailing of
encrypted and editable documents is assured with the use of
the multi-application platform Crypto Desktop HC-9300 and
the security application Message / File Encryption HA-6650.
HC-9300
CMS-1200
Small office (Minister)
Highly secure communication is constantly
assured for stationary or mobile offices over
the Internet or over a private IP network
Even when travelling, the government minister can also
encrypt data and send it securely to his staff using Crypto
Mobile Client HC-7835. The Crypto Management Suite
CMS-1200 assures the centralised security management of
the Crypto platforms. Furthermore, the CMS-1200 has a
customised user and authorisation management system
with authentication mechanisms.
Highly secure transmission of
classified documents and information must be assured for all
employees at all times.
22 | CryptoMagazine 1 / 17
Crypto
Management
If need be, a backup communication channel based on satellite
communication can be set up to assure constantly available and
fail-safe capabilities. The Crypto Deployable Secure Mobile
Office provides a compact office infrastructure that can be
operated by satellite communication at any desired location
and that covers the customary office components.
With this product, Crypto AG offers a security solution for
communication and collaboration with end-to-end protection
that meets the highest standards.
CryptoMagazine 1 / 17 | 23
Zug
Abu Dhabi
Muscat
Kuala Lumpur
Rio de Janeiro
Crypto cSeminars
cSeminar Information Security Specialists
cSeminar Technical Vulnerability Testing
9 to 13 October 2017
Crypto AG
cSeminar Contemporary Cryptography
P.O. Box 460
16 to 20 October 2017
6301 Zug
Switzerland
The seminars are held at the Crypto Academy
T +41 41 749 77 22
in Steinhausen / Zug, Switzerland.
F +41 41 741 22 72
[email protected]
Contact and further information
www.crypto.ch
www.crypto.ch/seminars
Restricted © Crypto AG. All rights reserved. 672029 / EN / 1704
2 to 6 October 2017