CRIME prevent unauthorized booting of PC

From: Shaun Savage (savages@private)
Date: Wed Oct 09 2002 - 23:07:50 PDT

  • Next message: Robert Johnston: "RE: CRIME An article from CBS.MarketWatch.com"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    HI
    
    A while agoa it was talked about a laptop that was more secure bu
    preventing unauthorized booting.  I did a proof of concept a year ago on
    the subject but I would like to release a GPLed HOWTO and code so it is
    more formalized.
    
    The whole concept is based on the linux encrypted loopback feature.  You
    can mount a file or partition as a seperate encrypted filesystem. RedHat
    8.0 supports the encrypted loopback out of the box.  The command for
    this is
    
    | losetup -e aes -k 256 /dev/loop? [filename|partition]
    
    this command creates a device that uses AES (Advance Encryption
    Standard) with a 256 bit key.  The loop? is a number starting at 0 up to
    16 (loop0...loop16).
    
    the next command is
    
    | mke2fs -j /dev/loop?
    Password:
    
    This makes a journal files system that has been encrypted using the
    password you enter at the prompt.
    
    |mount /dev/loop? directory
    
    This mounts the encrypted filesystem on the directory.
    
    Now when you write files to the directory they will be encrypted.
    
    to remove it
    
    |umount directory
    |losetup -d /dev/loop/
    
    now it will require a password to mount it again.
    
    
    The next question is what do we want to protect?
    the whole computer? the users data? ??
    
    WE also want the DATA, harddisk to be safe even if it removed and put
    into another computer.  Lets assume we want to protect data and
    meta-evidence (logs). Lets also assume that we want an external device
    that is needed to unlock the system (ibutton, USB memorystick)
    
    
    Now lets talk about the booting processs
    1> BIOS
    2>boot manager (GRUB| LILO)  GRUB perfered
    3> boot the kernel
    4> the init program
    5> inittab, rc.d , services......
    6> user login
    
    NOw the question here is at what point do wee add the checking hardware
    key and decrypting data.
    
    We don't have BIOS SOURCE so we can't change it, we can't intovate here.
    
    The boot manager, we have source but not the linux encryption support.
    We can check if the hardware is there not not decrypt it.  1st CHECK
    
    Next kernel loads
    
    Now the init program. We have source and encryption support. We now can
    decrypt the data on the pluging device and use thoses passwords to
    decrypt the parts of the system that are encrypted.
    
    It the hardware device is not there, the system will not finish booting.
    Question:  do we want to know the master key to the hardware device  or
    do we want the machine to make it?
    
    after the critical parts are mounted the the system finishes booting.
    
    Now when we login, we add a PAM module to ask for the password to unlock
    data on the hardware plug that get us the key the users data
    
    So two passwords are needed one for system login and one for the
    hardware plug user keys.
    
    This means all passwords the are used to decrypt the computer are on the
    hardware plug.
    
    The directories that could be encrypted are
    "/etc" this system setup info
    "/var"  this is system data
    "/home"  this is all the users data directory
    "/home/user"  each user has their own key
    
    Any Ideas
    
    Shaun
    
    
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.0 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
    
    iD8DBQE9pRk0n6I06Opz+XURAiKcAJ0XiZxUSFchrzNu7U2E/Ujd70OiAgCgmtJo
    gyOS//LjgjJb53Vb03mroX8=
    =j7Jx
    -----END PGP SIGNATURE-----
    



    This archive was generated by hypermail 2b30 : Wed Oct 09 2002 - 18:06:49 PDT