No 1 | 2017

Crypto SmartProtect
The highest level of cyber defence

Dear Readers
Digital transformation is moving full steam ahead as
is the networking based on public networks that is
associated with it. That is why the threats from cyber-
space are likewise increasing worldwide. This trend
affects not just companies but public authorities and
organisations as well. In many cases, the attackers
target the terminal equipment of the employees. This
approach enables, for instance, customised malware to
be smuggled into a government ministry, data to be
drawn out, and great harm to be done. To be guarded
against these highly professional cyberattacks, multi-
ple-level security elements are required to protect the
primary attack targets, the computing platforms.
CryptoSmartProtect, the unique high-security com-
puting technology developed by Crypto AG, elimi-
nates this security risk and reliably wards off cyberat-
tacks. At the same time, work can proceed with its
usual convenience in the familiar user environment.
In this issue of CryptoMagazine, you will find more on
this new technology as well as on important fields of
action in cyber defence and possible systems of
protection.
Giuliano Otth
President and
Chief Executive Officer
Focus
Attacks from cyberspace
3 | FOCUS
Attacks from
cyberspace
IT system operators have to arm themselves against a growing variety of attacks from cyberspace that
also applies to organisations with highly professional defence systems. After all, the larger the number of
networked devices and the more complex the structures, the more difficult it is to provide effective protection
6 | INTERVIEW
against dangers. Besides attack entry points on the technical side, employees must also be prevented from
Interview with Bernhard Hmmerli, becoming risk factors.
IT professor at Lucerne University
of Applied Sciences and Arts
The increase in networking, automation, digitisation, and Multifaceted attacks
10 | The enemy in the system digital transformation is also driving the rapid expansion of Attacks from cyberspace come in a variety of forms. Basically,
cyberspace the virtual space that encompasses all IT systems all aspects of information security are affected. Advanced
14 | Crypto SmartProtect for total  that are globally connected over the Internet or similar net- persistent threats (APTs), for example, are attacks on the
Information Security and works. Attack surfaces for information, applications, processes, confidentiality of information. They are targeted attacks on
maximum ease of use and communication between all these systems are constantly organisations or government authorities. In the process, the
increasing as a result. attacker gains permanent access to a victim network and
18 | Government-supported successively expands that access. APTs require excellent tech-
Cyber defence therefore involves the struggle for information nical expertise plus the use of extensive resources and are ge-
protection systems
security, i.e. for the availability, authenticity, integrity and confi- nerally difficult to detect. Incidents in which non-authorised
21 | Chat securely dentiality of digital data and systems that process data. Organi- parties gain access to data are designated as data losses or data
sations, companies and government authorities in particular leaks this applies both to serious cases such as APTs and to
22 | SUCCESS STORY are making efforts to prevent data outflows. Yet the frequency less far-reaching penetration into IT systems.
of innovation is high both among those attacked, who have to
Document exchange in
protect themselves constantly against new attacks, and among
government contexts with the attackers.
end-to-end protection
Publication details
Published twice a year | Print run | 4,200 (German, English,
French, Spanish, Russian, Arabic)
Publisher | Crypto AG, P.O. Box 460, 6301 Zug, Switzerland,
www.crypto.ch
Editor-in-chief | Anita von Wyl, Crypto AG, T +41 41 749 77 22,
F +41 41 741 22 72, anita.vonwyl@crypto.ch
Reproduction | Free of charge with the consent of the editorial office.
Courtesy copies requested. Copyright by Crypto AG
Illustrations/photo credits | Crypto AG: Cover, pp. 2, 14, 21, 22 |
Keystone: p. 18 | Prof. Dr. Bernhard M. Hmmerli: p. 7 |
Shutterstock: pp. 3, 8, 9, 10, 13, 20
CryptoMagazine 1/17 | 3
 Focus
Cyber war
IT system
Digitisation
exploitation
Computer
network
Botnet
Cyberattack
Social engineering
Defacement
Distributed Denial-
Advanced persistent threats Cyber risk
Cyberspace
of-Service
Malware
Computer Computer network attacks
network
Command and Control Servers
defence
Typical attacks on the integrity and authenticity of data,
two further aspects of information security, are known as de-
facements. The content of a website is changed and falsified
in the process to mislead visitors to the defaced Internet pages.
This tactic is also common in connection with attempts to
use phishing to access passwords. Attackers try to employ fake
websites, e-mail addresses or short messages to obtain a users
personal data and thereby commit identity theft. The term is
derived from "password" and "fishing", and means "fishing
for passwords".
All aspects of information security affected
The availability of data is prevented, say, through launch of
denial-of-service (DoS) attacks that render individual services,
websites or entire networks unreachable for users. If a DoS
attack is undertaken by several systems at the same time, it
is known as a distributed DoS or a DDoS attack (distributed
denial-of-service attack). DDoS attacks are characterised by the
large number of computers and services in use as a rule,
botnets are used. A botnet is a group of computers, all of which
are compromised by a malicious code. The code turns them
into bots a term taken from "robot". The affected computers
are monitored and controlled by botnet operators through a
command and control server. Another method of impairing
the availability of data is to use ransomware i.e. malicious
software that installs itself unnoticed. It restricts the availability
of the data until the user of a system pays a ransom or satisfies
another demand from the attacker.
4 | CryptoMagazine 1/17
Cyber crime
Denial-of-Service
Critical infrastructure
Resilience
Phishing
Ransomware
Social media
Workplaces in the sights of attackers
There has been an upsurge in attacks on terminal equipment.
Some are used as a springboard to penetrate further levels of
an IT system. It is therefore crucial that organisations and
government authorities maintain high standards of workplace
security. That is true regardless of location but to a special
extent particularly for employees active outside their usual
work environment, for instance, travelling or at home. It is
precisely the employees who must be reachable at all times
who need especially secure infrastructure. In this context, it is
important to keep in mind that the required safety processes
must be kept as convenient as possible, so employees are
not tempted to disregard security standards for reasons of
practicality.
Conversely, the use of private applications at work say, social
media open entry points for attacks. Social engineering is
employed to mislead victims into divulging data of their own
accord, circumventing protective measures or installing mal-
ware. The perpetrators exploit human weaknesses such as
curiosity or fear to manipulate the victims. Consequently, the
latter click on links that covertly install malware, for example,
or they divulge passwords and other sensitive information.
Crime in cyberspace
Digital space is limitless, which often makes it difficult, or in
many cases hardly possible, to identify attackers. Nonetheless,
various types are recognisable, both among victims and
among attackers. The latest highly professional attacks show
the following: In many cases, the attacks are undertaken by
groups that act systematically to pursue political, economic
or anti-governmental goals.
Attacks from cyberspace
affect all aspects of information
security.
Attacks primarily aimed at enrichment or economic harm are
known as cyber crimes. Offences such as identity theft or
business espionage generally fall into this case group as well.
But cyberspace is likewise a place where war is waged. It is
uncontested that warfare in the information age always also
involves digital components. In mid-2016, NATO officially
declared cyberspace to be a war zone. That means attacks
conducted there can trigger consequences akin to attacks on
the ground, in the air or by sea.
A cyber war can therefore cause an enormous amount of
damage. Military conflicts conducted with IT resources in
cyberspace are often categorised as being of three types: If an
attacker's aim is to paralyse or destroy the opponents network
capacities, the actions are known as computer network attacks
(CNAs). Computer network exploitation (CNE), for its part,
pertains to actions aimed at obtaining intelligence information
from the opposing sides computers. Actions taken to protect
ones own computers and computer systems are known as
computer network defence (CND).
Focus
In actual practice, it is often difficult to distinguish between
cyber war and cyber crime. For one thing, the attackers are
often impossible to identify; for another, attacks against private
companies can also be in pursuit of military goals. These goals
include, for instance, interfering with the everyday social and
economic life of a country. They can be pursued by means of
attacks against private companies responsible for providing the
power supply or similar critical infrastructure.
Rapid developments expected
Two developments are accelerating the spiralling attacks and
countermeasures. One is the proliferation of electronic devices
and their networking. The other is the growing complexity of
the tasks that these devices can perform. Industry 4.0 entails
process-integrated cooperation across companies and organi-
sations and is creating whole new dimensions of networking.
A look at this and similar trends clearly shows that not only a
wealth of possibilities is opening up but that new attack
surfaces are also being created.
In the development of effective protective mechanisms, it is
all the more important not only to create measures aimed at
protecting data during transmission but likewise to keep an eye
on the growing number of terminals. Not least, privately used
devices must be taken into account in security considerations
so that even the tiniest loopholes can be closed before attackers
gain access through them to entire systems.
CryptoMagazine 1/17 | 5
INTERVIEW
"A promising approach is for
organisations to pursue diverse
strategies at the same time."
A massive upsurge in attacks from cyberspace has been observed along with a dramatic rise in the profession-
alism of attackers. In this interview, Bernhard Hmmerli, IT professor at Lucerne University of Applied Sciences
and Arts, classifies the attacks and their perpetrators and examines ways in which organisations and govern-
ment authorities can efficiently protect themselves.
Cyber risks have risen markedly in recent years. How would
you describe the status quo of the cyber security situation
for companies and government authorities?
The World Economic Forum estimates that the cost of cyber
crime in 2015 as applied to Switzerland totals about US$ 5 billion.
This figure is four times as large as in 2013. By contrast, the
outlays for national precautionary measures in Switzerland
amount to only about US$ 70 million. The trend in estimated
damage from cyber incidents indicates, on the one hand,
dramatic growth, and on the other, in my opinion, a discre-
pancy between the estimated losses and the investments made
in countermeasures.
What is the reason for this trend?
On the one hand, the level of professionalism among attackers
has risen enormously in recent years. The point is no longer
recognition, as it was with the first hackers, but rather tangible
financial gains. And dominance in cyberspace especially
with respect to governmental action in this area.
How is effective protection against cyber risks structured?
Until about a decade ago, many organisations assumed that
investments in protective measures would suffice to prevent
damage from attacks. The assumption was correct for a long
time. Yet the attacks have increased massively. In the mean-
time, government authorities and large organisations are
under almost constant attack. And these attacks involve
substantial risks for information security in other words,
they endanger the availability and authenticity of digital data
as well as its integrity and confidentiality.
6 | CryptoMagazine 1/17
What is the appropriate response to these developments?
There are two fundamental strategies: One is to rely on
deterrence at the policy level, through strict penalties for
instance. The second is for the organisation to be prepared if
something does happen. This latter strategy is summarised
with the catchwords "detection and response". In other words,
attacks must be detected promptly and countermeasures taken
quickly. In addition, the security architecture must be designed
so that an attack on one workstation does not render the entire
IT system vulnerable in one fell swoop.
Could you comment on the perpetrators of attacks and
their motives?
For one thing, there is a financial motive; for another, attacks
from cyberspace pursue political goals. It is not uncommon to
have a subset of motives combining financial and political goals.
Could you describe a typology of the most frequent victims,
also with an eye to making a distinction between cyber war
and cyber crime?
This distinction is difficult because combinations are com-
monplace. Among victims, all conceivable players can be
found, from private individuals who get taken in by a phish-
ing e-mail, or companies whose business secrets have been
spied into, to countries who are watching each other in cyber-
space to base their actions on the information they glean.
What are common types of attacks on companies and
government authorities?
There is a whole range of attacks. Often, the point is to tempt
users into clicking on something be it a link or an attachment
sent by e-mail. This is a way of installing malware that can be
used, say, to extract data. Malware of this kind is often the first
springboard for penetrating the IT system of an entire organi-
sation. Besides surveillance, attacks may also be aimed at
impairing functionality. Prof. Dr. Bernhard M. Hmmerli has been teaching
information technology since 1992 at the Lucerne Univer-
What types of attacks are particularly heinous and why? sity of Applied Sciences and Arts and since 2009 also at
There are no hard and fast rules on that. It depends on the the Norwegian University of Science and Technology.
activities of an organisation and the goals of an attack. What He focuses on teaching and research in the fields of
is uncontested, however, is that serious problems can arise if a communication, networks and information security. He is
hack into an IT system goes undetected for an extensive period a specialist in the protection of critical infrastructures.
of time. On the one hand, the activities of an organisation Since 2012, he has headed up the ICT Security Platform
could be monitored in this way over a longer period of time; of the Swiss Academy of Engineering Sciences (SATW).
on the other, attackers would be able to wait for the optimum
time to attack their target. That is why a "detection and res-
ponse" team is so pivotal. There are known cases of attackers
having access to critical IT systems for years on end.
How can government authorities protect themselves
and national companies?
This task requires situation centres that continuously monitor
activities in cyberspace and provide information about dangers:
Efforts in this area should be intensified in Switzerland. With
the Reporting and Analysis Centre for Information Assurance,
known by its German acronym MELANI for short, we already
have a centre in Switzerland focused mainly on reporting
incidents and subsequently analysing them. Moreover, inter-
national collaboration on communicating about threats and
vulnerabilities is to be further intensified.
CryptoMagazine 1/17 | 7

How big is the risk emanating from human beings? Studies
shows that more than 50 percent of the primary attack entry
points are attributable to employees behaving incorrectly.
In fact, the success of the initial infection of an IT system can
quite often be traced to an exploitation of incorrect human be-
haviour. Assume we have a government agency with 10,000 em-
ployees. Within one year, they all receive 100 e-mails from an
attacker sent with the objective of initiating the download of
malware. That means a total of one million attacks, which can
be carried out with relatively little effort. If just one employee
clicks a single time on the link, the attacker has achieved his
objective. Now, the probability of an error occurring in one
out of one million cases is quite high.
What is the best way to keep the "human factor"
under control?
A promising approach is generally for organisations to pursue
diverse strategies at the same time. On the one hand, the point
on the technical side is to create largely self-contained spaces
within the IT system so damage caused by penetration in an
IT system remains clearly limited. It is also recommended to
virtualise activities whenever possible. Finally, a central factor
is to sensitise employees continuously with an eye to awareness,
attitudes and behaviour.
8 | CryptoMagazine 1/17
When the level of information security is high, user conveni-
ence is frequently limited. Do IT security managers have no
choice but to live with this compromise?
The situation in the past actually was that nearly all IT security
measures were subsequently retrofitted and it was often quite
unpleasant for users to follow them. Usability is given a lot of
attention nowadays and the products currently on the market
have integrated security functions virtually free of restrictions
on operating convenience.
Where do you think the key areas of action will be in the
future when it comes to cyber defence?
There are a number of starting points. I would like to cite an
example briefly. To my mind, it is crucial that forensic skills be
expanded at national level. In other words, attacks should be
able to be investigated on site more efficiently and effectively.
Particularly smaller countries, such as Switzerland, regularly
have to resort to private providers of forensic services in some
cases from abroad even in cases where questions of national Crypto cSeminars
security are at stake. For companies and organisations, I think
it is important to pursue a holistic approach that takes into With its Crypto cSeminars, Crypto AG addresses specialists
account the different dimensions of information security. Users entrusted with the information security of companies
should not see their ease of use be restricted despite a high level and organisations. Experienced experts convey profound
of information security. Instead, they should be able to work expertise about information security, cyber crime, and
efficiently, comfortably and very securely in their familiar user cryptography. In this age of digitisation, solid expertise
environment wherever possible. regarding cyber defence is crucial. Participants in the
Crypto cSeminars have this expertise and can use it for
comprehensively protecting sensitive information and the
ICT infrastructure within a company.
The Crypto cSeminars are held at the Crypto Academy
Cyberattacks involve substantial in Steinhausen/Zug, Switzerland. Further information
risks for information security is available at www.crypto.ch/seminars.
they endanger the availability and
authenticity of digital data as well
as its integrity and confidentiality.
Existing security systems often fail to stop customised attacks
on terminal equipment. How can we assure information
security in terminal equipment?
The problems involve several components: Each user no longer
has just one device but often has two to as many as five devices
in use. With mobile device management (centralised manage-
ment) and virtual desktops (virtualising the PC desktop in the
data centre), the security situation in a company can be im-
proved enormously. Once again, the employees play a role in
this process. Continuous training on correct behaviour helps in
this context, as was already mentioned. Nonetheless, it can be
assumed that even those efforts will not achieve one hundred
percent security. To attain a higher level of protection, all as-
pects of a security architecture must be taken into account. That
way the confidentiality of the information is assured at all times.
CryptoMagazine 1/17 | 9
The enemy
in the system
Even organisations keenly aware of IT security are
not immune from cyberattacks. Attacks that amaze
experts and the general public alike keep getting
publicised. That is because supposedly highly secure
companies or government authorities became victims
of attackers who targeted the terminal equipment of
the employees. For IT security architecture, one rule
applies more than ever: Pay attention to the terminal
equipment of the employees and keep them consist-
ently separate from public networks.

No one expected this situation. The government authorities

wrongly believed they were secure. People were convinced
of being fully protected against any kind of cyberattacks.
The shock was all the greater when IT security managers were
forced to realise that cyber criminals had been entering and
exiting their supposedly secure IT system at will for months or
perhaps even years on end. What remained behind were mostly
question marks. In retrospect, it was no longer possible to re-
construct all the details involved in the attack. One can only
speculate which information and data was taken, how the
attackers gained access to the internal networks, and which
systems were infected.

An investigative report commissioned by the government was

written and published. Its object was to enable other companies
and government authorities to arm themselves more effectively
against attacks of these kinds. The identity of the perpetrators
still remains a mystery.

Using known software to enter an internal network undetected

The cyber criminals in this case proceeded with the utmost
care. It is therefore not known for sure when they commenced
activity. What is certain is that they utilised known malware for
years consisting of different Trojans. The good camouflage in
the system is a feature of this technology. For example, it does
not require any administrator rights, which causes many classic
anti-virus programmes to start up.

Attackers proceed with the utmost

care and move undetected.

10 | CryptoMagazine 1/17 CryptoMagazine 1/17 | 11

The attackers were also extremely patient. They confined
their attacks within the government authority to victims they
could expect something from. They found that out by closely
observing the computer activities of the individual employees
through the malware they had smuggled in. Moreover, the
perpetrators probably obtained further information from the
status of the observed individuals in the organisation for
instance, also information that is freely accessible on social
media networks.
The main target of the attack was initially the active directory
of the IT system. It is the central address book and from there,
other applications and devices can be accessed. The attackers
were also careful when it came to actual theft. To avoid creating
any anomalies in network traffic, there were times during the
During actual infection, the perpetrator moves in the network
via various attack tools. Often, an initial reconnaissance tool
with modest capabilities is installed for this purpose. It is later
replaced by a comprehensive malware that entrenches itself
in the system. The attacker can use this malware to move
laterally in the system and look for information. Typical of
this lateral movement is that the attacker obtains additional
permissions and privileges over time by spying out pass-
words, for example. To avoid detection by monitoring tools,
the data flows are often sent indirectly rather than directly.
For the actual theft, the data is often sent compressed and
fragmented and to a certain extent, encrypted so the attack
is not discovered during this crucial stage.

The goal is to make life as difficult

attack when the level of activity was high but also ones when
it was low.
From a technical standpoint, something called command and
control servers were utilised for the attack. They activated
what are known as waterholes. This term refers to Internet sites
manipulated by the hackers that are frequently visited by the
victims and therefore trusted by them. The report said that jobs
were sent to the infected devices from these servers a large
number of them were in operation. It was an ingenious system
comprising a host of non-locatable servers, a feature which
likewise prevented the attacks from being noticed for quite
some time.
Professional data theft
The investigative report called the attack on the government
authorities exemplary. Experts distinguish the following
general stages in large-scale hacker attacks: victim evaluation,
the initial infection and infection, and the actual exfiltration.
as possible for the attackers. The
decisive aspect is that ones own
system is monitored constantly
and closely to discover traces of
ongoing attacks immediately.
IT security intensified through the exchange of information
The authors of the investigative report concluded that attacks of
this kind can hardly be prevented. The goal, however, has to be
to make the life of the attackers as difficult as possible. The de-
cisive aspect is that ones own system is monitored constantly
and closely to discover traces of ongoing attacks immediately.
It is likewise important to share information about infections
that have occurred or been attempted.

The point of the evaluation stage is to collect as much
information as possible about the target of the attack. That
includes a collection of IP addresses and diagrams as to
how the potential victims move within the IT system. This
information can initially be collected passively but later also
actively. Prior to the actual attack, the perpetrators must set
up the waterholes, i.e. tamper with the Internet pages fre-
quently visited by victims. Alternatively, they can also pre-
pare e-mails as a means by which to conduct the attack.
The initial infection stage is characterised by waterhole
activation or manipulated e-mails. The actual attack begins.
If it succeeds the victims behaviour is carefully examined and
a suitable attack tool is selected based on the findings. These
actions are referred to as social-manipulative attacks.
This assessment is also conveyed by the experts from Crypto AG.
Effective system monitoring is deemed an essential part of a
comprehensive defence arrangement. It provides the opportunity
to detect illogical connections or other anomalies. To be able
to assure maximum IT security, there are also ways of building
IT systems today so they are fully protected against attacks of this
kind, thanks to major ICT advances.
The decisive factor in these efforts is that different security levels
are assigned within an organisation and communication occurs
exclusively within these zones. Classified information at the top
secret level, for example, is never allowed to leave the high-secu-
rity zone. In addition, as few users as possible should have access
to this information. For subordinate security zones, the data that
is present is less sensitive and the security aspect is consequently
less central. However, these zones, too, must be sealed so as not
to endanger the security of the overall system.
The high-security zone is an isolated zone and does not have
access to the Internet. From the secure zone, the Internet can
be accessed securely only via protection at the perimeter.
Experts believe the key problem in the hacker attack mentioned
above was that although different security zones had been de-
fined, there were probably "holes" between them. The attackers
exploited this fact. These gaps were the only reason they were
able to advance laterally through the system and become privy
to company secrets step by step.
Experts from Crypto AG say it has been no problem for quite
some time to assure highly secure communication within a
security zone. Even if people are working externally on a laptop,
for instance, data can still be transported through protected
virtual private network (VPN) tunnels. This is achieved through
the direct integration of hardware-based components with which
myriad secure VPN tunnels can be created. These tunnels, in
turn, can be individually encrypted with keys that are independ-
ent of each other. Until now, if sensitive data was edited on a
terminal device, this task was done with minimum protection
and offered an easy target for cyber criminals.
Crypto AG has now succeeded in closing this security gap by
protecting terminal equipment with a combination of several
hardware and software security elements. Crypto SmartProtect is
the new technology for this purpose and furnishes full protection
for sensitive information in civilian and military fields of appli-
cation. For more on Crypto SmartProtect, check out the
following article on page 14.

12 | CryptoMagazine 1/17 CryptoMagazine 1/17 | 13

Crypto SmartProtect for
total Information Security and
maximum ease of use
"Complexity is the worst enemy of security," is a favourite saying of IT experts. But IT systems of organisations,
companies, and government authorities are in fact becoming more and more complex. IT security managers
are increasingly facing a dilemma between demands involving information security on the one hand and ease
of use on the other. Crypto SmartProtect resolves this apparent contradiction.
The circumstances of given situations require quick action:
Say, an employee is travelling abroad when headquarters
sends classified top secret data to him on his computer. His
task now is to make excerpts of this classified information
available to other individuals with the same level of authori-
14 | CryptoMagazine 1/17
sation. He modifies the data and then sends it over the
Internet. In the process, the object is to follow the restrictive
security regulations of the organisation while also assuring
the confidentiality, integrity, and authenticity of the sensitive
information.
A scenario of this kind poses major challenges not only
for employees but also for the IT security manager. He is
responsible for providing the key staff with IT infrastructure
and workplaces that are user friendly but also highly secure.
Until now, this balancing act between security and ease of
use required compromises. Not least, the scenario called for
multiple systems true to this principle: "Only physical
separation assures maximum information security."
With Crypto SmartProtect, Crypto AG makes a technology
available that satisfies all the demands of highly secure,
local data processing on terminal equipment and its secure
transport while also taking into full account the tough
requirements and needs of todays working world. During
development the main focus was on maximum ease of use,
including maximum security, with the ease of use remaining
unrestricted by the security requirements that have risen
sharply due to increasing cyberattacks which will continue
due to the trend towards digital transformation.
Until now, IT security managers had to be careful, on the one
hand, not to put overly tight constraints on users. If restric-
tions are too stringent, they impair efficiency or, in extreme
cases, are circumvented altogether. On the other hand, many
employees need secure access to sensitive information at all
times, regardless of their location or the platform they are
using. The crux in such cases is that classified, unclassified
and public information can be handled simultaneously and
conveniently, in particular also utilising the familiar user
environment. In addition, direct access from the workplace
to external sources of information, say the Internet, must be
provided in order to furnish employees with an efficient and
familiar work environment.
Crypto SmartProtect reliably
shields against cyberattacks
and enables secure and con-
venient work in a familiar
environment.
Attack patterns change
In the past, all IT systems were generally assigned to a common
network, whose interface with the Internet comprised a central
security gateway solution that was responsible for information
security. This security architecture may have met the demand
for simplicity but it provided insufficient information security
(refer to the article on page 10). Once an attacker overcame this
security gateway, the entire network and all its components
were open to him. For this reason, different security zones were
set up allowing data to be assigned according to classification;
i.e. a three-level model consisting of a high-security zone, a
secure zone and a trusted zone. The classification is there to
enable information to be filed according to its importance
or confidentiality.
Access across zone lines is banned, ensuring additional
security. This principle prevents attackers from being able
to exploit a compromised system with weaker security
measures as a springboard into the entire network. If an
IT system is compromised, only the IT systems belonging to
the same zone and organisational entity are in danger. This
architecture delivers a high level of information security, but
allows access to classified and unclassified information only
via separate notebooks or PCs, an arrangement that does not
promote user friendliness and tends to be cumbersome.
CryptoMagazine 1/17 | 15
Technology architecture for full protection
against cyberattacks
The compromises between information security and ease of use
are not the only continuing source of irritation for IT manag-
ers. The ever greater complexity of off-the-shelf operating
systems and applications pose problems as well. These systems
are geared to compatibility, functionality and performance and
are based on codes several millions of lines long. Needless to
say, massive security risks lie dormant in these types of
architectures. A workplace today would be inconceivable
without modern operating systems and applications. For these
In the event that one and the same terminal device requires
access to different security zones or separate networks, multiple
protected Compartments that are mutually isolated from each The Crypto SmartProtect computing platform comprises
other can be operated simultaneously. Thus a person can work user environments in isolated Compartments along with
in one Compartment in a self-contained, trustworthy user a security operating system and protected hardware
environment online and offline while at the same time utilising
public networks in a second Compartment. The two user
environments are completely separate from each other and the
information in the trustworthy Compartment remains protect- Compartment A Compartment B Compartment C
ed at all times.

User environments
operating environments to be able to be run securely, they The Crypto SmartProtect Security Module is at the core part of
must be contained in a secure Compartment that effectively the hardware. It contains the boot image of the Crypto Smart-

Application

Application

Application

Application

Application

Application

Application

Application

Application
protects them against attacks from the outside. This protection Protect OS plus all encryption and authentication services.
is achieved with the secure operating system Crypto Smart- These security elements are all fully protected by the Crypto
Protect OS. The security operating system provides fully Security Architecture and are therefore unassailable. The four
insulated Compartments. The user environments in these fundamental security goals of confidentiality and integrity, Standard Standard Standard
Compartments are executed on the same processor by means availability and authenticity can be assured. Included are tried- operating system operating system operating system

of the security operating system and under the watchful eye of and-tested features such as secure boot, secure login, and disk
the microkernel, with consistent separation prevailing. The encryption. The first-named executes a comprehensive security
Virtualisation Virtualisation Virtualisation
architecture of the security operating system is based on the check on every boot. Booting is continued only if this check

Security operating system

principle of security by design. All components are structured,
isolated, and independently verifiable. The authorisations for
using the services of the individual components are unchange-
ably anchored, a feature consistently enforced by the microker-
nel. This approach averts all attacks on the Crypto Smart-
Protect OS and thus also on the user environments.
When using Crypto SmartProtect,
employees can create, edit, save,
confirms the integrity of the entire hardware and software. Crypto SmartProtect OS
The second feature, secure login, assures unequivocal evidence
of identity based on multi-factor authentication. Finally, disk
encryption performs automatic and permanent encryption on
all data. Depending on application requirements, the Crypto
SmartProtect Security Module can be enhanced by the addition
of IP VPN encryption or file encryption.
Microkernel
Back to the cited scenario: When using Crypto SmartProtect,
employees can create, edit, save, delete and send data on their
computers simultaneously in different security zones in

delete and send data on their com- consistently separate Compartments yet still access public Crypto SmartProtect Security Module Encrypted disk

networks. Consequently, employees work in their familiar and

puters simultaneously in different absolutely secure user environments without having to make

Hardware
Monitor Touchpad
security zones in consistently any sacrifices in terms of ease of use or being limited in data A
Keyboard Processor
handling by restrictive security precautions. Tasks can be
separate Compartments. performed in a manner that is not only highly secure but
B
Mouse RAM
also efficient and convenient. C

Optional

Crypto Security Architecture Secure login Secure boot IP VPN encryption

Crypto SmartProtect OS Disk encryption File encryption

16 | CryptoMagazine 1/17 CryptoMagazine 1/17 | 17

 Nuclear power stations are among
the best protected kinds of industrial
property and have comprehensive
protection plans.

Government-supported
protection systems
Malfunctions and failures of critical infrastructures (CIs) have serious consequences. Comprehensive protec-
tive measures are all the more important, especially to minimise cyber risks. With the "National strategy for
Switzerlands protection against cyber risks (NCS)", the Confederation points out where action needs to be
taken and offers government bodies, assistance for CI operators.
The infrastructures of a country are its lifelines. Their proper
and reliable operation guarantees stability, order, and security
basic requirements for the smooth functioning of society,
business and government. There is a special focus in this
context on critical infrastructures (CIs) from the sectors of
government authorities, energy, transport, public security,
waste disposal, finance, health, food, industry as well as
information and communication. CI protection is considered
extremely important. Along with strictly physical protection,
suitable protection against cyber risks has really come to the
fore in recent years.
It is estimated that 90 percent of key infrastructure areas in
industrialised countries rely on information technologies (IT).
The use of IT improves efficiency on the one hand, not least
due to networking among the different areas. On the other
hand, there is rapid growth in dependency and increased
susceptibility to malfunctions and manipulations. All in all,
business, society, even whole countries have become more
vulnerable, boosting the need for effective protective measures
the information with their actions enabling them to read, delete
in information security. In light of the complex types of digital
networking under way in various areas, it no longer suffices to
protect these areas separately. Integrated protection approaches
are called for instead in order to minimise the ramifications of
incidents on the economy and the general public and to restore
life to normal as quickly as possible.
Attack on information systems
The "National strategy for Switzerlands protection against
cyber risks (NCS)" was passed by the Swiss Confederation in
2012 and reads as follows: "Cyberattacks on critical infrastruc-
ture can have particularly severe consequences, as they can
compromise vitally important functions or trigger fatal chain
reactions. Therefore, (often private) CI operators play a key role
as providers of important services with overriding security
implications."
Cyberattacks are launched on computers, networks and data.
These attacks are aimed at interfering with the integrity of the
data or the functioning of the infrastructure as well as limiting
or interrupting their availability. Among their goals, the
attackers want to impair the confidentiality or authenticity of
dual stakeholders are responsible themselves for implementing
and modify data, overburden connections or server services,
spy on information channels, or intentionally tamper with
monitoring or performance systems.
90 percent of the important
infrastructure areas depend on
IT and protected communication
technology.
and specially protected means of communication, and that
The effects of cyberattacks could have horrendous consequenc-
es for the entire population and the economy. For instance,
after a cyberattack, a blackout in the power supply would
paralyse critical infrastructures as well as the entire national
economy. The ensuing effects for the general population would
include, for instance, failure of lighting, heating and other
electronically controlled articles of daily use without which
everyday life would be inconceivable.
Keener awareness for cyber risks
Basically, the attitude taken in the strategy is that the indivi-
and optimising protective measures against cyber risks. Accor-
ding to the strategy, this has the following consequences for
CI operators: The risks are not allowed to be handled according
to solely economic principles. Instead, CI operators must make
efforts above and beyond that to minimise the risks.
The Confederation notes, however, that there is still a lack of
awareness in several sectors as to the threats emanating from
cyber risks. Integral thinking is likewise not yet established
everywhere. This approach says that cyber risks can be reduced
not just with technical measures such as fail-safe, alternative
information and data must be explicitly protected. Equally
important, are organisational issues (such as the classification
of information or the regulation of access rights) and staff
issues (i.e. security checks or behavioural training).

18 | CryptoMagazine 1/17 CryptoMagazine 1/17 | 19

Government providing subsidiary aid
With regard to the role of the Condederation in protecting
against cyber risks, the strategy states the following: "The state
provides subsidiary services to protect against cyber risks,
e.g. through the exchange of information and intelligence
findings." The Reporting and Analysis Centre for Information
Assurance (MELANI) has a chief role to play. MELANI is
operated jointly by the Federal IT Steering Unit (FITSU)
and the Federal Intelligence Service (FIS).
The task of this body is to give operators of critical infrastruc-
tures subsidiary assistance with the information security
process. It does so by collecting and evaluating information
about incidents and threats and then sharing the resulting
findings with CI operators. MELANI offers, among other
things, situational assessments and analyses of early detection
of attacks or incidents, evaluates their ramifications, and
examines malicious programmes if the need arises.
MELANI supports risk management of critical infrastructures
in the process, thereby helping to strengthen their resilience.
Viewed overall, the resilience of critical infrastructures is
composed of four components: the robustness of the systems,
the availability of redundancies, the ability to mobilise support-
ing measures, and the speed and efficiency of supporting
measures if the worst comes to the worst.
20 | CryptoMagazine 1/17
The increasing digitisation and automation plus the standard-
isation of the technologies used (e.g. the concentration on
IP protocols) will bring along new and additional dangers.
The affected sectors are called on to consider the possible new
risks in developing their systems and products and in designing
their processes. At the same time, the Swiss Confederation
notes that absolute protection against cyberattacks is unachiev-
able. Well-functioning and far-sighted cooperation between
government authorities and the operators of critical infrastruc-
tures is all the more important. It enables quick and secure
responses to be made to real cyber threats as they emerge and
the necessary groundwork to be laid for a protected and robust
information security system.
Blackout in a major city possibly
triggered by a cyberattack
Chat securely
Voice and text messages have long been a part of everyday life. For the last several months, providers
of messaging applications have been offering protected ways of exchanging messages. How do they work
and how secure are they? This article also delves into the high-security solutions Crypto AG has developed
on this subject.
Encryption is a subject on everyones lips these days since The customer operates his infrastructure autonomously, so his
various providers of messaging applications have made avai- data is always under his control. The encryption is carried out
lable end-to-end encryption for their services. The descriptions in the ruggedised mobile phone in a secure hardware environ-
on the various applications being promoted say that neither ment where the customer uses his own encryption algorithm.
providers nor third parties can read the messages. The pro- Only the customer himself possesses and manages his keys that
viders claim that encryption is available to everyone with the were created by a true random generator.
latest version of the applications.
The scenario for sending encrypted messages is as follows: Voice and text messages are
First, the recipient creates his own pair of keys. The public key
is conveyed to the sender over the server, so the latter can use it
protected at all times and places
to encrypt the message. With his own private key, the recipient with the Crypto Mobile HC-9100.
can then decrypt the message. A possible weakness, however, is
that the provider can assign the sender a new public key, say,
when equipment is replaced or re-installed. That would mean, For the exchange of text messages, the message of up to
for instance, that the sender would then use the key generated 1,000 characters in length is encrypted in the worlds tiniest
by the supplier to encrypt messages not yet received by the high-security encryption device integrated directly in the
recipient. This would put the provider in a position to decrypt phone and sent directly to the recipient. The sender promptly
the messages with his new private key. Further, the terminal finds out that the message has arrived at the recipient. As soon
equipment itself could have potential entry points for attacks. as the message is handed over to the security application,
Key terms indicate this fact, such as the lack of integration security is assured not only for the transmission but also in
protection for the application, the lack of a genuine random both terminal devices. The message is saved in the secure data
number generator or also overly short key pairs. store of the HC-9100, specifically only in the sending and
receiving devices. This feature of the high-security solution
Encrypted chat from Crypto AG marks a major difference from the off-the-shelf models.
Crypto AG has offered an appealing and highly secure com-
munication solution for several years with a specially rugge-
dised mobile phone. Ruggedised means that an unauthorised
modification of the device is reported immediately. Voice and
text messages are protected at all times and places with the
Crypto Mobile HC-9100.
CryptoMagazine 1/17 | 21
SUCCESS STORY
Document exchange in
government contexts with
end-to-end protection
A government minister is told that secure communication between himself and his staff and the heads of the
various government ministries is protected against third parties without compromise and constantly guaran-
teed. An exchange of editable documents subject to the top level of encryption meets these requirements.
The cooperation with various offices in a government ministry
takes a variety of forms: The government minister is supported
by his staff in exercising his political duties. Offices of the
ministry must be supervised but everyday administrative tasks
also have to be performed. In the performance of all these
responsibilities, the highly secure transmission of classified
documents and information must be assured for all employees.
The suitable security platform is used based on the location of
the given individuals. Central security management to control
the communication relationships and user groups is essential in
this process.
The highly secure exchange of
classified information is possi-
ble at all times and in all places
22 | CryptoMagazine 1/17
Government
Mobile office (President) administration
Internet /
Private IP Network
HC-7835
HC-9300
Highly secure exchange of editable documents
The Internet or also a private IP network can be used for the
highly secure communication of the stationary or mobile
office of a head of state for government administration or the HC-9300
government ministers. IP telephony has won the day through
CMS-1200
the global expansion of data networks and the performance
capabilities associated with it. The confidential e-mailing of Crypto
encrypted and editable documents is assured with the use of Small office (Minister) Management
the multi-application platform Crypto Desktop HC-9300 and
the security application Message / File Encryption HA-6650. Highly secure communication is constantly
assured for stationary or mobile offices over
the Internet or over a private IP network
Even when travelling, the government minister can also If need be, a backup communication channel based on satellite
encrypt data and send it securely to his staff using Crypto communication can be set up to assure constantly available and
Mobile Client HC-7835. The Crypto Management Suite fail-safe capabilities. The Crypto Deployable Secure Mobile
CMS-1200 assures the centralised security management of Office provides a compact office infrastructure that can be
the Crypto platforms. Furthermore, the CMS-1200 has a operated by satellite communication at any desired location
customised user and authorisation management system and that covers the customary office components.
with authentication mechanisms.
With this product, Crypto AG offers a security solution for
communication and collaboration with end-to-end protection
that meets the highest standards.
Highly secure transmission of
classified documents and infor-
mation must be assured for all
employees at all times.
CryptoMagazine 1/17 | 23
 Zug

Abu Dhabi
Muscat

Kuala Lumpur

Rio de Janeiro

Crypto cSeminars

cSeminar Information Security Specialists

2 to 6 October 2017

cSeminar Technical Vulnerability Testing

Restricted Crypto AG. All rights reserved. 672029/EN/1704

9 to 13 October 2017

Crypto AG cSeminar Contemporary Cryptography

P.O. Box 460 16 to 20 October 2017
6301 Zug
Switzerland The seminars are held at the Crypto Academy
T +41 41 749 77 22 in Steinhausen / Zug, Switzerland.
F +41 41 741 22 72
crypto@crypto.ch Contact and further information
www.crypto.ch www.crypto.ch/seminars