View previous topic :: View next topic |
Author |
Message |
dmitrio Tux's lil' helper
Joined: 10 Dec 2002 Posts: 115 Location: Pago Pago
|
Posted: Wed Apr 23, 2003 11:52 pm Post subject: :. How to hide an encryption key in the hardware? |
|
|
Hi!
Suppose we have an encrypted FS.
What an option do we have to hide a key inside a hardware?
or maybe use as a paraphrase some hardware setting (like serial number or something else)
I mean that particular system should loadup only in combination of the same hardware.
(minimal check would be the system board and the hard drive)
At boot time it should not ask for any passwords - just check hardware config and if it OK then boot up.
And wouldn't bootup if you'll plug the HDD in to the other computer.
Any ideas? _________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
Back to top |
|
|
kashani Advocate
Joined: 02 Sep 2002 Posts: 2032 Location: San Francisco
|
Posted: Thu Apr 24, 2003 12:19 am Post subject: |
|
|
I've heard rumors of people who have attached some hardware (RSA??) serial device to the serial port. The machine would query that before doing various tasks. The problem then becomes, if they can steal the hard drive why not a serial device too.
kashani _________________ Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
Back to top |
|
|
dmitrio Tux's lil' helper
Joined: 10 Dec 2002 Posts: 115 Location: Pago Pago
|
Posted: Thu Apr 24, 2003 12:58 am Post subject: |
|
|
kashani wrote: | I've heard rumors of people who have attached some hardware (RSA??) serial device to the serial port. The machine would query that before doing various tasks. The problem then becomes, if they can steal the hard drive why not a serial device too. |
yes, i agree with it, i don't wont to use any floppy, usb keys, hardlock keys and so on
samething like put together serial number from HDD and a chip on systemboard or something like it..
any idea would be really helpfull! _________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
Back to top |
|
|
puggy Bodhisattva
Joined: 28 Feb 2003 Posts: 1992 Location: Oxford, UK
|
Posted: Thu Apr 24, 2003 1:09 am Post subject: |
|
|
I think you'd definitley be sacrificing security to do this.
If someone stole your whole computer for instance...
Also, serial numbers etc can be faked...
Puggy _________________ Where there's open source , there's a way. |
|
Back to top |
|
|
dmitrio Tux's lil' helper
Joined: 10 Dec 2002 Posts: 115 Location: Pago Pago
|
Posted: Thu Apr 24, 2003 2:30 am Post subject: |
|
|
puggy wrote: | I think you'd definitley be sacrificing security to do this.
If someone stole your whole computer for instance...
Also, serial numbers etc can be faked...
|
yes, i know this,
but i would like to set things up, so it will work only in particular hardware configuration, not anybody else,
even if it mirrored to another HDD it wouldn't work. _________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
Back to top |
|
|
xming Guru
Joined: 02 Jul 2002 Posts: 441
|
Posted: Thu Apr 24, 2003 10:48 am Post subject: |
|
|
Code: | root # hdparm -i /dev/hda
/dev/hda:
Model=HITACHI_DK23DA-30, FwRev=00J1A0G2, SerialNo=113SGP
Config={ HardSect NotMFM HdSw>15uSec Fixed DTR>10Mbs }
RawCHS=16383/16/63, TrkSize=0, SectSize=0, ECCbytes=4
BuffType=DualPortCache, BuffSize=2048kB, MaxMultSect=16, MultSect=16
CurCHS=16383/16/63, CurSects=16514064, LBA=yes, LBAsects=58605120
IORDY=yes, tPIO={min:240,w/IORDY:120}, tDMA={min:120,rec:120}
PIO modes: pio0 pio1 pio2 pio3 pio4
DMA modes: mdma0 mdma1 mdma2
UDMA modes: udma0 udma1 udma2 udma3 udma4 *udma5
AdvancedPM=yes: mode=0x80 (128) WriteCache=enabled
Drive conforms to: ATA/ATAPI-5 T13 1321D revision 3: 2 3 4 5
|
|
|
Back to top |
|
|
dmitrio Tux's lil' helper
Joined: 10 Dec 2002 Posts: 115 Location: Pago Pago
|
Posted: Thu Apr 24, 2003 1:47 pm Post subject: |
|
|
xming wrote: | Code: | root # hdparm -i /dev/hda
|
|
Thanx xming, it's a one piece of the mosaic _________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
Back to top |
|
|
xming Guru
Joined: 02 Jul 2002 Posts: 441
|
Posted: Thu Apr 24, 2003 2:26 pm Post subject: another one |
|
|
ifconfig eth0, then you have the mac address (I know macs are changeable but in combination with serial id from the hd, it should be reaaly uniq)
oh and cat /proc/bus/usb/devices might give you more data
xming |
|
Back to top |
|
|
dmitrio Tux's lil' helper
Joined: 10 Dec 2002 Posts: 115 Location: Pago Pago
|
Posted: Thu Apr 24, 2003 3:04 pm Post subject: Re: another one |
|
|
xming wrote: | ifconfig eth0, then you have the mac address (I know macs are changeable but in combination with serial id from the hd, it should be reaaly uniq)
oh and cat /proc/bus/usb/devices might give you more data
|
MAC address should be unique, nice tip! tnx
i have nothing on usb - so it wouldn't work
is here any possibilities to get something like CPU serial number
or maybe info from chips on system board? _________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
Back to top |
|
|
Diggen n00b
Joined: 27 Feb 2003 Posts: 17 Location: Germany
|
Posted: Thu Apr 24, 2003 4:03 pm Post subject: |
|
|
Whats about
#cat /proc/pci |
|
Back to top |
|
|
axxackall l33t
Joined: 06 Nov 2002 Posts: 651 Location: Toronto, Ontario, 3rd Rock From Sun
|
Posted: Thu Apr 24, 2003 5:05 pm Post subject: |
|
|
Whereever you hide the key, if it on the computer - I steal and I have and I use it without any problem.
The only thing you can steal from me is myself, specifically the combination of my knowledge (not spoken yet!) and my (alive!) body.
Basically, I advise to use biometric devices, which can read the image of you (retina or fingerprint), ask you the password, encode the image with your password into your bio-pattern and compare it to the pattern from the DB (must be encrypted agian with your bio-pattern).
Now if I steal your PC I cannot use it without your bio-pattern. If I steal the password - I don't have you body for image. If I kill you - I don't know the password and, besides, good biometrics devices recognize the dead body by personal (usually invisible) micro-motions of your eye retina.
Expensive? Perhaps. But how much is your risk to loose your data from HD? |
|
Back to top |
|
|
axxackall l33t
Joined: 06 Nov 2002 Posts: 651 Location: Toronto, Ontario, 3rd Rock From Sun
|
Posted: Thu Apr 24, 2003 5:05 pm Post subject: |
|
|
BTW, it might be cheaper to buy an account in remote network storage and mount that space through a password-encrypted secure-tunnel. |
|
Back to top |
|
|
dmitrio Tux's lil' helper
Joined: 10 Dec 2002 Posts: 115 Location: Pago Pago
|
Posted: Thu Apr 24, 2003 5:43 pm Post subject: |
|
|
Hi
question that the computer is in russia - so all the expensive stuff wouldn't work
and it should work in autopilot mode,
but if somebody will try to get hands on will get nothing (without root password) (case of masks-show)
i know a little bit about how is recovery of HDD going on - so it will be pretty reliable to bind hdd encryption to hardware enviroment. _________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
Back to top |
|
|
axxackall l33t
Joined: 06 Nov 2002 Posts: 651 Location: Toronto, Ontario, 3rd Rock From Sun
|
Posted: Thu Apr 24, 2003 6:43 pm Post subject: |
|
|
dmitrio wrote: | Hi
question that the computer is in russia - so all the expensive stuff wouldn't work
and it should work in autopilot mode,
but if somebody will try to get hands on will get nothing (without root password) (case of masks-show)
i know a little bit about how is recovery of HDD going on - so it will be pretty reliable to bind hdd encryption to hardware enviroment. |
1. You're right, in Russia all hardware is expensive, but the labour cost is almost free. So, encrypt the disk three times and give each password to 3 different people. Make sure that those men are available to type their passwords when the system reboots. I guess, those men (pick very cheap ones) must be included as a part of the "auto-pilot" mode (sort of biometrics, but using someone else's data)
2. The lack of the root password is not a problem. I can "repair" the system with "lost" root password having an access to unencrypted boot sector, if the sector reads the key from the repeatable hardware source in order open the root (and/or other) partitions. Russian goverment special forces have enough talents doing it on a daily basis.
3. For those of us who doesn't know what is maski-show, it's an unofficial name for the official procedure of russian federal tax (and not only tax) police forces to search for financial (and not only financial) criminal evidences. They use to wear their black-color face-masks, when they come having their search warrant (and their weapon). The guy is trying to protect details of someone's "activity" from the russian goverment. Don't be shocked, in Russia it's a normal life. |
|
Back to top |
|
|
dmitrio Tux's lil' helper
Joined: 10 Dec 2002 Posts: 115 Location: Pago Pago
|
Posted: Thu Apr 24, 2003 8:33 pm Post subject: |
|
|
axxackall wrote: |
1. You're right, in Russia all hardware is expensive, but the labour cost is almost free. So, encrypt the disk three times and give each password to 3 different people. Make sure that those men are available to type their passwords when the system reboots. I guess, those men (pick very cheap ones) must be included as a part of the "auto-pilot" mode (sort of biometrics, but using someone else's data)
|
I would like to exclude any human factor since it's a weakes link (IMO)
axxackall wrote: |
2. The lack of the root password is not a problem. I can "repair" the system with "lost" root password having an access to unencrypted boot sector, if the sector reads the key from the repeatable hardware source in order open the root (and/or other) partitions. Russian goverment special forces have enough talents doing it on a daily basis.
|
this solution looks pretty elegant: root encryption to prevent it
axxackall wrote: |
3. For those of us who doesn't know what is maski-show, it's an unofficial name for the official procedure of russian federal tax (and not only tax) police forces to search for financial (and not only financial) criminal evidences. They use to wear their black-color face-masks, when they come having their search warrant (and their weapon). The guy is trying to protect details of someone's "activity" from the russian goverment. Don't be shocked, in Russia it's a normal life. |
BTW thanks for the explanation - i didn't think, that some ppl may have no idea what i'm talking about
I would like to introduce solution to discuss a possible security holes in it /or maybe other possibilites/ and how to fix it.
Any opinion is highly appreciated.
Upon bootup initrd gathering information from different pieces of hardware
then it will put together a some of that information
and use it as a paraphrase for unencryption of the encrypted root partition
in emergency case, we have to boot up with another initrd (or other source) and put the paraphrase manually.
(since we know which parts of hardware ID we used for paraphrase
so it wouldn't be any problem to bootup with correct password) _________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
Back to top |
|
|
axxackall l33t
Joined: 06 Nov 2002 Posts: 651 Location: Toronto, Ontario, 3rd Rock From Sun
|
Posted: Thu May 01, 2003 5:04 am Post subject: |
|
|
dmitrio wrote: | I would like to exclude any human factor since it's a weakes link (IMO)
...[snip]...
this solution looks pretty elegant: root encryption to prevent it
|
Whatever you do - you boot-sector is unencrypted (unless you order a special PC with BIOS, which can read encrypted boot-sector, decrypt it and then execute it - but make sure that I don't have a copy of that BIOS). So, I can boot from alternative boot device (floppy, CDROM, if not presented - I open PC and install the missed hardware by my hands), then read your boot sector (it's unecrypted, remember?), trace it (it's not big, so it won't take long) and see where it gets the key and what algoritm is used to decrypt the rest of the system. It's not a big deal for me as the boot sector gathers your hardware parameters, which are repeatable or predictable or calculable information. So, I'll break such security in no time, especially if big money behind
There is no way to protect your system without gathering the source of paraphrase from unrepeatable sources. Any randomization device won't work as it's also random for decryptor (in other words - it doesn't give a real password), but it's not uniq among similar devices (in other words - no way to recognise the identifying style of the device).
The only way to gather such information is to get it from external sources, which must give in unrepeatable way (otherwise I can get it too as yesterday I've opened your PC and installed a small bug in your bootsector, which watch (spy) the paraphrase (I can wipe out the change by correcting the CRC algorithm in the boot sector).
So, the real solution for you is using special decryption device, which the person wears with him/her, connects at the moment of authentication, the boot sector distributes the task of decrption to that device, the root is decrypted, the device is disconnected. Then I am "a weak link" in hands of Russian Govt and your boss may sleep without problems.
How about the guy with that device? It's your boss. That's right, he is the only guy whom your boss trusts and he is the guy who boots the system, while you make sure that uptime is enough to tolerate long trips of your boss. |
|
Back to top |
|
|
dmitrio Tux's lil' helper
Joined: 10 Dec 2002 Posts: 115 Location: Pago Pago
|
Posted: Thu May 01, 2003 9:35 pm Post subject: |
|
|
after a little search in different docs, including our thread, i'm turn around and looking for information about external devices, and you saying that it can be traceable.
looks like i have couple choses
1. get a unique BIOS with encription support
2. use a authentification key with person
some of the computers are locked - so nobody have access to it, accept admin, so person with ID key wouldn't work
is it any other ways to secure the system, using external devices, without human intervention? _________________
... Leaving ground, destination is unknown,
into the darkness and far away from home,
Will your dream come true and what will you find,
when fate is your guide ... |
|
Back to top |
|
|
panserg Apprentice
Joined: 16 Apr 2003 Posts: 188
|
Posted: Thu May 01, 2003 10:11 pm Post subject: |
|
|
dmitrio,
Don't forget to check NIST about security, National Institute of Standartization. Check there "Drafts" and "Special Publications", especially "800 series". It's a set of classic articles about IT security, with very well done analytical and classificational materials. IT security practice in US goverment has been build based on it. I am sure that Russian govt is using very similar guidelines. Also, the goverment may use those guidelines to prepare the practivce of breaking enimy's IT security. Thus, knowing such guidelines may help you to build the system better protected from your goverment.
Another source of information would be The National Security Agency, but they don't have much of articles published. BTW, they are the guys who sponsor SE-Linux.
One more article explains what mean "C2 Trusted" security level and what is the problem of "boot floppy". |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|