logo

I'm Unique, Just Like You: Human Side-Channels and Their Implications for Security and Privacy

Conference:  BlackHat USA 2019

2019-08-07

Summary

The presentation discusses the need for security-minded individuals to contribute to the Kubernetes open source project and highlights the importance of securing Kubernetes clusters through proper configuration and admission control.
  • Kubernetes is not secured by default and requires proper configuration to be secure
  • Contributors who can think like attackers are needed to improve Kubernetes security
  • Vulnerability disclosure information and a bug bounty program are available for Kubernetes
  • The presentation demonstrates attacking a Kubernetes cluster with reasonable and relatively secure defaults
  • Kubernetes is a container orchestration system that helps manage complex cloud native applications
  • Kubernetes is both an application and an API-based platform that can be attacked in different ways
  • The key components of Kubernetes include the key value store, API server, and various pods and services
  • Admission control should be used to secure Kubernetes clusters
The presenter emphasizes the need for security-minded individuals to contribute to the Kubernetes open source project and think like attackers to improve security. They also mention a recent third-party code audit that revealed interesting findings. The presentation demonstrates attacking a Kubernetes cluster with reasonable and relatively secure defaults, highlighting the importance of proper configuration and admission control to secure Kubernetes clusters.

Abstract

Almost everything about us – our handwriting, DNA, faces, voices, fingerprints, even our eyes – can be used to distinguish us from the seven billion other people on the planet. These physical identifiers can allow law enforcement to trace back real-world crimes to offenders, and enable biometric authentication mechanisms. However, such identifiers are often irrelevant when it comes to attempting to track or disrupt threat actors. In this talk, I will discuss, explore, and explain identifiers which are unintentional, non-physical, and generated as a result of human behaviours and activities, but which can still be used to uniquely identify and/or track individual users in the digital realm. I call these identifiers "human side-channels", and will explore how they work; how they can be used for both attack and defense; and how they can be countered. I'll examine three human side-channels in particular: forensic linguistics; behavioural signatures; and cultural references. I will start by exploring the theories underpinning these side-channels, which are rooted in personality psychology and the concepts of consistency and distinctiveness as a result of our unique experiences, training, and feedback. I'll then explore how they work; walk through case studies and examples/demos of using them practically in security contexts; and discuss how they could be practically applied to investigate and track threat actors, in situations ranging from hostile social media profiles to post-compromise exfiltration and privilege escalation.I'll also examine the privacy implications of each technique, and how such characteristics – which are much harder to recognise, obfuscate, or spoof – could be used to erode privacy. I'll go into detail regarding possible countermeasures to disguise your own human side-channels, and I'll wrap up by outlining some ideas for future research in these areas.

Materials:

Tags: