This article originally appeared in Sophos’ Naked Security blog. It is written by John E Dunn.
#——- ——- ——-
Air-gapping important computers and data is a security idea that has run its course and urgently needs to be replaced with something better.
That’s according to the US Defense Advanced Research Projects Agency (DARPA), which armed with up to $1.5 billion of funding has started canvassing for better ideas through a program appropriately called the Guaranteed Architecture for Physical Security (GAPS).
As DARPA’s briefing points out, air gapping is conceptually simple but has a fundamental problem – getting it to work comes at a heavy cost:
Keeping a system completely disconnected from all means of information transfer is an unrealistic security tactic. Modern computing systems must be able to communicate with other systems, including those with different security requirements.
In other words, for today’s computers to do useful work, they need to be connected to other computers in some way, the very thing that renders air gapping or data isolation insecure. Adding special protocols to compensate for this ends up making life expensive and difficult.
Interfaces to such air-gapped systems are typically added in after the fact and are exceedingly complex, placing undue burden on systems operators as they implement or manage them.
This isn’t just about physical air gaps but isolation of all kinds, for example keeping data in secure, encrypted enclaves so it can’t be exfiltrated on the quiet.
DARPA’s job is to come up with viable solutions and on that front, it appears there is no lack of ambition.
Although still very high-level in nature, what DARPA seems to be asking clever engineers to invent is close to an entirely new security architecture for connecting systems together while moving data between them.
This will be defined by:
- New hardware components and interfaces capable of isolating data during communication.
- New software tools integrating this without reinventing current development platforms.
- Validating that what they come up with works when used by “exemplar” Department of Defense (DoD) systems.
Commercializing the resulting technologies is also an objective of the program. The verifiable security properties created under GAPS may also help create safer commercial systems that could be used for preserving proprietary information and protecting consumer privacy.
Then again, commercializing whatever GAPS turns into could turn the technologies that emerge into something anyone can buy.
With five years to come up with something, DARPA held a proposer’s day on 23 January – the upshot of which has yet to be made public.
GAPS is a huge undertaking, tinged with the irony that the very thing that causes so many problems on physical air-gapped networks is the way computers are connected to one another via global internet protocols – famously a DARPA invention.
And then there’s the fact that one of the spectacular demonstrations of how to beat a physical air gap is widely believed to have been carried out by the US’s own National Security Agency (NSA) during its campaign to sneak Stuxnet into Iran’s Natanz nuclear installation in 2010.
In recent years, researchers have come up with a wide range of increasingly ingenious suggestions as to how air gaps might be defeated by a determined hacker.
In addition to obvious methods such as infected USB sticks, these include using speakers as ultrasonic transceivers, hijacking LED-equipped surveillance cameras for command and control, and perhaps even utilising fan noise for data transfer.
Most of these are complex and far from easy to pull off. If air-gapping security is really on its way out, expect its demise to be a very long goodbye.
#——- ——- ——-