Tag Archives: F-35

RSA Security breach explained: why US defense programs could be compromised

As almost everybody know by now, on Mar. 17, 2011, RSA (the Security Division of EMC Corporation and one of the most important IT Security vendors of the world) publicly announced that some information that could be used to reduce the effectiveness of one of their two-factor authentication implementations was compromised. In other words: their Database, mapping SecurID token serial numbers, to the token “seeds” was stolen.

What are we talking about?

To make it simple, SecurID devices are small tamper-resistant tokens (resembling calculators), which generate a numeric code at fixed intervals (usually 30 or 60 seconds before the displayed code is replaced by the next one). Even if they are usually pieces of hardware, they exist also as a software application that can be installed on a pc or smartphone to perform the same function. Those randomic sequences of numbers generated by SecurID tokens are authentication codes, technically called OTPs (One Time Passwords). The term One-Time means that they can be used for a single authentication process and they expire even if they are never used. Such tokens provide a OTP that can be used for both network or application/web authentication. Many use them to access their homebanking while companies use them to authenticate employees that need to (remotely or locally) access the internal network and resources.

Image: Wikipedia

These tokens generate the 6 or 8-digit OTP using an AES (Advanced Encryption Standard) algorithm to hash the token serial number, the internal seed and the Current Time (BTW: the server makes the same computation performed by the token devices and generates a OTP that is compared to that provided by the user).

Paolo Passeri studied the subject and in an interesting blog post dated Apr. 10 and provided some more information about the inputs that are used to generate  the OTP:

  • a 128-bit token-specific true-random seed,
  • a 64-bit standard ISO representation of Current Time (yr/mo/day/hour/min/second),
  • a 32-bit token-specific salt (the serial number of the token), and
  • another 32 bits of padding, which can be adapted for new functions or additional defensive layers in the future.

Since the AES-Hash operation is performed on 128 bit blocks, the latter two inputs are not a specific security feature but they are needed to pad the standard Current Time representation to fulfil the “rule” of 128 bit multiples.

As you can understand, both the seed and the serial number are unique for each token and, theoretically, the physical possession of the device ensures the security of the authentication mechanism. The only circumstance under which an attacker could be able to clone the token (and generate authentication codes on behalf of the legitimate user) was if seeds and token serial numbers had been stolen. That’s exactly what happened: an Advanced Persistent Threat (APT) was able (injecting a malware and using other vulnerabilities) to steal the database mapping seeds to serial numbers.

Even if the SecurID generates new strings of digits on a 30-60 second basis, some implementations require the user to enter the OTP along with a PIN (Personal Identification Number), a fixed code like the one used at ATMs. Even if the PIN represents an additional security layer that, for sure, was not stored in the RSA DB, such short codes are easier to hack and can be retrieved using malware, keyloggers and many other methods.

One last thing: the OTP can’t be modified/changed/altered and the token, and the SecurID, being tamper-proof, can’t be fixed, opened, reprogrammed. Therefore, if compromised, the SecurID must be replaced.

Targeting defense contractors

As analysts predicted, the RSA hack was not simply intended to discredit the EMC Security division. The actual targets were the corporate clients which use the SecurID token for user authentication and, among them, defense contractors.

Indeed, the first defense contractor to be known to have suffered a security violation was Lockheed Martin that on May 22 disabled all remote access to its internal network (“at least for a week”) and planned the replacement of all its RSA SecurID tokens after detecting an intrusion in the internal network. Needless to say Lockheed is one of  world’s largest defense contractors, “an American global aerospace, defense, security and advanced technology company” supplying hi-tech military hardware to US and worldwide military (F-16, C-130, F-22, F-35 to name but few interesting Lockheed “products”).

On May 31 Wired reported that another defence contractor, L-3, was targeted using SecurID stolen data even if it is not clear whether the hackers were successful in the penetration or not.

Both attacks show a certain interest for data managed by military contractors which manufacture some of the most sophisticated and sensitive US (and foreign) military equipment; weapon systems currently used in both Iraq, Afghanistan and Libya. However, as Paolo Passeri commented:

I wonder if military contractors are the only targets or if they have been the only ones capable to detect the attempts because of their strict security protocols and policies.

Certainly, defense contractors’ networks contain many classified data about current and future US projects. However, such data is usually secured in closed networks that are not interconnected with corporate LANs or that require additional authentication procedures. I have already explained, when I commented the hack into the F-35 Lightning II JSF (Joint Strike Fighter) project that network intrusions or data leakage not always imply a significant loss. It all depends on the information that is actually stolen.

Image: Lockheed Martin

For sure, Advanced Persistent Threats as well as RSA SecurID weakness, are something that, defense contractors and Government agencies, facing a huge and growing Cyber risk, must be able to deal with.  First of all, companies should follow the example of  Raytheon (another Defense Contractor) that has declared to have taken immediate companywide actions, as soon as the RSA incident information was made public, to prevent a widespread disruption of their network but, to enhance the effectiveness of their security countermeasure, I think, sooner or later, all corporates/agencies will have to consider the opportunity to use more costly biometric devices (usually seen in movies like Star Trek, Minority Report, X-Men, Planet of the Apes  and few others) that perform user authentication by means of voice analysis, face recognition, iris scan, keystroke dynamics identification, etc.

A multi-role Italian Eurofighter Typhoon?

When the following pictures (courtesy of zetamimmo) appeared on the Italian Vipers forum someone thought that, finally, the Aeronautica Militare (Italian Air Force, ItAF), had begun thinking to the Eurofighter Typhoon as a multi-role aircraft, something contrasting the previous vision, according to which, the F-2000 should be only used as an air superiority fighter.

However, the pictures, taken at Decimomannu airbase in February, depicts a TF-2000A that, although wearing the Reparto Sperimentale Volo (RSV – Test Unit Wing of the ItAF), it’s currently flown by both Alenia Aeronautica and RSV to conduct testing activities. For example, during my visit to Decimomannu for the F-15E deployment the aircraft serialled MM X-614/IPA 2 was involved in supersonic runs (see pictures at the end of this article), while it carried GBUs to test the aircraft’s autopilot during flights in heavy configurations.
The last part of my article titled “Italian Typhoon”, published in the April 2010 issue of Air Forces Monthly ended with the following words, which explain the past (and current!) vision of the Italian Air Force about the role of the F-2000:

Under Tranche 3A, by 2013, Italy will receive 21 Typhoons bringing the total to 95 (comprising 27 Trance 1 and 47 Tranche 2 examples). The aircraft will be used in the air superiority role, as Italy, due to the cost associated with the envisaged upgrades required by the integration of the air-to-ground weapons, has always been skeptical about a multi-role Eurofighter. At the end of 2008, answering some questions about the JSF (Joint Strike Fighter), Gen. Vincenzo Camporini, former ItAF Chief of Staff, current Defence Chief of Staff, affirmed that: “There’s no competition or conflict between the JSF and the Eurofighter. The Eurofighter was designed for the Air Defence, a role that the aircraft is perfectly able to fulfil, but it can’t perform the attack role in an economically sustainable manner”. That vision hasn’t changed with the Tranche 3 contract signed in July 2009. In a recent interview, Gen. Giuseppe Bernardis, Air Force Deputy Chief of Staff, said that Italy did not completely rule out the use of Eurofighters for air-to-ground missions, since both T2 and T3 aircraft will have the ability to carry Paveway and JDAM (Joint Direct Attack Munition) that are already used by the Tornado and the AMX, and will be carried in the future by the F-35s (that Italy plans to acquire in 109 examples: 69 conventional take-off and landing F-35As and 40 short take-off and vertical landing F-35Bs). Hence, the air-to-ground mission is viewed as secondary for the Typhoon; provided their ability to use the ordnance in inventory for other aircraft, the Eurofighter will be possibly be used as “back up” attack platforms until 2040.

Fighter generations comparison chart

The appearance of the new J-20 (unofficially dubbed “Black Eagle”) raised many questions about the Chinese stealth fighter. Some experts think it will be more capable than the F-22; others (and I’m among these ones) think that the real problem for the US with the J-20 is not with the aircraft’s performance, equipment and capabilities (even if the US legacy fighters were designed 20 years earlier than current Chinese or Russian fighters of the same “class”); the problem is that China will probably build thousands of them.

Anyway, comparing the US and Chinese fighters, everybody referred to “fifth generation planes” bringing once again the concept of “fighter generation” under the spotlight.

Generations are a common way to classify jet fighters. Often, generations have been “assigned” to fighters in accordance with the timeframes encompassing the peak period of service entry for such aircraft.

The best definition I’ve found so far of fighter generations is the one contained in an article published in 2009 by Air Force Magazine, that proposes a generations breakdown based on capabilities:

Generation 1: Jet propulsion

Generation 2: Swept wings; range-only radar; infrared missiles

Generation 3: Supersonic speed; pulse radar; able to shoot at targets beyond visual range.

Generation 4: Pulse-doppler radar; high maneuverability; look-down, shoot-down missiles.

Generation 4+: High agility; sensor fusion; reduced signatures.

Generation 4++: Active electronically scanned arrays; continued reduced signatures or some “active” (waveform canceling) stealth; some supercruise.

Generation 5: All-aspect stealth with internal weapons, extreme agility, full-sensor fusion, integrated avionics, some or full supercruise.

Potential Generation 6: extreme stealth; efficient in all flight regimes (subsonic to multi-Mach); possible “morphing” capability; smart skins; highly networked; extremely sensitive sensors; optionally manned; directed energy weapons.

In order to give the readers a rough idea of the type of aircraft belonging to each generation based on the above breakdown I’ve prepared the following table with the help of Tom Cooper / ACIG.org and Ugo Crisponi / Aviatiographic.com, who provided the profiles. It’s not meant to show all the aircraft theoretically belonging to a generation and includes only the profiles available at the time of writing…

As I’ve already said on Twitter, what such a table should let you understand at a glance is that capabilities and appearance are inversely proportional: former generations aircraft look much better than more modern fighters…..

Salva

Salva

Salva

How to Fly the Harrier Jump Jet | Danger Room | Wired.com

A few days ago, I published a post to explain how the F-35 JSF flies in both conventional and STOVL (Short Take Off Vertical Landing) Harrier-like mode. The following article provides some interesting info and images about the AV-8B, a version much similar to the one flown by the Marina Militare (Italian Navy):

The Harrier made its final flight with the British RAF last week, marking one end to the jet famous for being able to take off and land vertically. The jet’s recently declassified flight manual shows just how extraordinary it is.

read the rest here: How to Fly the Harrier Jump Jet | Danger Room | Wired.com.

Aircraft carriers with no aircraft…..

The following defense news article deserves a read:

RAF: Harrier Retirement Won’t Hurt F-35C Skills
By ANDREW CHUTER
Published: 17 Dec 2010 08:55
One of Britain’s senior Royal Air Force commanders has rebutted suggestions that retiring the Harrier GR9 will damage the ability to regenerate skills to operate the new F-35C variant of the Joint Strike Fighter off a new aircraft carrier when it enters service around 2020. “Anybody who thinks that operating a Harrier today was somehow going to link you with the F-35C on the Queen Elizabeth-class aircraft carrier is . It is just not true,” said Air Officer Commanding No. 1 Group Air Vice Marshal Greg Bagwell.
The Harrier is a short-takeoff-and-vertical-landing aircraft, while the F-35C is a conventional aircraft requiring catapults and arrestor wires to operate. The latter aircraft is destined to be used on the new 65,000-ton carriers now being built by a BAE Systems-led alliance. Britain originally intended to acquire the STOVL F-35B version of the Joint Strike Fighter, but as part of the strategic defense and security review in October opted to switch to the conventional F-35C variant. At the same time, the British government decided to immediately ax the joint RAF/Royal Navy Harrier GR9 force and decommission the aircraft carrier Ark Royal, leaving Britain without a maritime air strike capability until 2020, when the F-35C and the Queen Elizabeth-class warship are available. Britain’s joint force of 79 Royal Air Force and Royal Navy Harrier GR9’s aircraft took off into retirement Nov. 15 from their base at Cottesmore in eastern England and will now be scrapped, unless they can be sold or a new use for them is found. The Daily Telegraph newspaper said earlier this week the MoD was looking at a proposal to create a reserve squadron using the Harriers. The decision to decommission the Harrier and the Ark Royal has caused huge controversy, in part because its opponents say it will be difficult to regain the skills needed to run carrier strike operations in the future. Bagwell said he does not underestimate the challenges and risks involved in building the F-35C operation, but he thinks the RAF and the RN forces would have faced the issue regardless of whether the Harrier had stayed in service.
“The techniques and procedures to recover a conventional carrier aircraft using catapult launches and arrestor gear recoveries, or ‘cats and traps,’ are totally different from that of a STOVL aircraft,” he said. “That is just as true for the aircrew as it is for the ships crew. Whilst the Harrier would have preserved the requisite skill sets for the F35B STOVL variant of the Joint Combat Aircraft” – the name the British called their JSF program – “they are largely irrelevant to that needed to operate the F35C.
“Effectively, we need to build the skill sets for the new aircraft and carrier configuration from scratch. We all ready have plans in place to begin that build up over the next 10 years with our allies and partners.” He said it was a “tall order,” but regaining carrier skills is a problem Britain had previously faced and overcome. One senior Royal Navy commander agreed with Bagwell’s assessment and said there was a much bigger question mark over regaining deck skills than the capabilities of pilots Bagwell, who commands all of Britain’s fast jet operations, said the RAF and the RN “have 10 years to get our act in gear and understand what operating the F-35C variant means for training and other preparation. Some we will have to learn from the USA and France,” he said. The British already have a pilot exchange program with the U.S. with officers flying carrier operations with the F-18. Bagwell said he was confident British pilots would also be flying French Navy jets as well “We will be flying Rafales from French carriers within a few years. I’m sure of it,” he said.
The British are targeting the availability of a single squadron of F-35Cs by 2020 to equip a joint RAF/RN operation. Briefing reporters last week, Bagwell said that would require an initial order for about 40 aircraft. How the aircraft will be employed in the future has yet to be worked out, but said he thought the aircraft would not be tied to the aircraft carrier. “They are there to project air power. It’s irrelevant where they are launched from. The Royal Navy will hate me for this, but sometimes they will be launched from the deck of an aircraft carrier for good reason. Other times it will be in-country closer to the problem,” he said. Either way, he said the F-35C gave the British better deep penetration, ISTAR and other capabilities than the more limited STOVL F-35B.

Anything weird? Apparently, not. As Bagwell affirms, the Harrier could not contribute to generate the skills required to fly the F-35C since the conventional carrier variant has not a STOVL (Short Take Off Vertical Landing) capability. Right. Unfortunately, what must be underlined is that Britain had originally chosen the STOVL variant before the Strategic Defense and Security Review in October deciced to switch to the C variant making the Harrier GR9s APPARENTLY useless. It’s a matter of logic: the Harrier was not scrapped because of the C variant; the C variant was chosen because the Harrier was sacrificed (along with the Ark Royal aircraft carrier). With this decision, UK will not have aircraft to equip aircraft carriers until 2020. Since the development of the F-35 is taking more than expeceted in both terms of time and costs, was this the right pick? I don’t think so.

Below, a of RN Sea Harrier FA.2

Two RAF Harrier GR7s (the left one photographed during an air-to-air refueling mission on board a Spanish KC-130 from Aviano in 2000; the right one taking off during RIAT 2002).

Is it Italy facing the same risk? Absolutely not. The current scenario offers just two options for the Italian Navy that can’t afford building a new catapult-equipped aircraft carrier in the short-mid period:

1) the F-35B is axed and the I GrupAer AV-8B+ will keep flying from the Cavour aircraft carrier until the aircraft lifetime expires

2) the Italian Harriers are replaced by the STOVL F-35B as soon as it becomes available.

Below, AV-8B+ Harrier of the Marina Militare refueling from a B707 tanker.