Re: CRIME Microsoft Windows XP question

From: Crispin Cowan (crispin@private)
Date: Fri Jan 03 2003 - 02:16:13 PST

Next message: Alan: "Re: CRIME Microsoft Windows XP question"

Previous message: Shaun Savage: "Re: CRIME Microsoft Windows XP question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan wrote:

>On Thu, 2003-01-02 at 21:14, Crispin Cowan wrote:
>
>>To make this work, you have to encrypt the entire file system. THAT will 
>>prevent the hostile boot media from corrupting files & programs.
>>    
>>
>No it won't.  It will prevent them from reading it, not corrupting it.
>(A few bits here... A few bits there...  And you have a real mess on
>your hands.)  
>
Er, kinda. It's a subtle point. It is true that the attacker can corrupt 
the file system, inserting random garbage and making the file system 
unusable. But without the encryption key, the attacker cannot make 
*deliberate* changes to the file system, such as inserting a password.

>It also does not prevent media from rewriting the partition table. (Such
>as some of the newer partitioning schemes from Microsoft.) 
>
True: the attacker can re-partition the drive, add entire new operating 
systems, etc. There are few limits on the damage a physical attacker can do.

At best, software security techniques can detect when the attacker has 
done something and raise a red flag, because the attacker can

>Smart cards or physical tokens are a possibility.  (Although there are
>evidently ways to recover private keys from both.) 
>
They are subject to the removal problem I described earlier: leave the 
token in place, and the security value is shot. Remove the token, and 
the system cannot automatically re-boot, e.g. after power failure.

>There is evidently a DARPA project that is working on a proximity-based
>drive encryption.  The system is only unencrypted when you are
>physically close to the machine.  When you move away, it starts
>encrypting the hard drive.  Not certain how practical it would be in
>practice, but it is an interesting idea.
>
Got a pointer for that? I have a hard time imagining it as anything more 
than a kludge where some RF is used to detect proximity, public key is 
used to authenticate the proximity, and everything else is boring & 
predictable. And you *still* have the removal problem that means your 
server goes down and stays down when you go out to lunch.

Crispin

-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX                      http://wirex.com/~crispin/
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html
			    Just say ".Nyet"

application/pgp-signature attachment: stored

Next message: Alan: "Re: CRIME Microsoft Windows XP question"
Previous message: Shaun Savage: "Re: CRIME Microsoft Windows XP question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 03 2003 - 09:11:59 PST