Protecting a Laptop From Sophisticated Attacks 169
mike_cardwell sends in a detailed writeup of how he went about protecting a Ubuntu laptop from attacks of varying levels of sophistication, covering disk encryption, defense against cold boot attacks, and even simple smash-and-grabs. (He also acknowledges that no defense is perfect, and the xkcd password extraction tool would still work.) Quoting:
"An attacker with access to the online machine could simply hard reboot the machine from a USB stick or CD containing msramdmp to grab a copy of the RAM. You could password protect the BIOS and disable booting from anything other than the hard drive, but that still doesn't protect you. An attacker could cool the RAM, remove it from the running machine, place it in a second machine and boot from that instead. The first defense I used against this attack is procedure based. I shut down the machine when it's not in use. My old Macbook was hardly ever shut down, and lived in suspend to RAM mode when not in use. The second defense I used is far more interesting. I use something called TRESOR. TRESOR is an implementation of AES as a cipher kernel module which stores the keys in the CPU debug registers, and which handles all of the crypto operations directly on the CPU, in a way which prevents the key from ever entering RAM. The laptop I purchased works perfectly with TRESOR as it contains a Core i5 processor which has the AES-NI instruction set."
And all of this effort will not protect you from (Score:3, Funny)
The real enemy, which is the alien space zebra vampires that are out to suck your blood.
Seriously, this much effort is excessive considering the value of what anybody in a normal situation should have on their laptop. If you have a genuine need for this, you should be on the level of the person carrying the Football, and as such, you would be better investing in the Secret Service equivalent.
Re: (Score:3, Insightful)
Re: (Score:2)
It is a neat experiment.
Unfortunately, some people need to have a laptop and move around in the field. I am not talking about executives either. So this is hardly worthless.
Regardless of what he said, I am reminded about the security principle of "Once the equipment is out of your possession, there is no security".
To make sure we have always been secure, we don't store sensitive data on the laptops themselves, but remote in and do work on different machines. Windows Server 2008 remote desktop sessions ar
Re: (Score:2)
Yes.
TFA's a fine intellectual exercise, but as explicitly pointed out, the willingness to commit kidnapping and inflict torture rather pathetically trumps all of that.
Interesting. Not completely practical, but interesting.
Re: (Score:3)
Yes.
TFA's a fine intellectual exercise, but as explicitly pointed out, the willingness to commit kidnapping and inflict torture rather pathetically trumps all of that.
Interesting. Not completely practical, but interesting.
Well, it depends on how you define practical - and what kind of situation you're in.
I mean, if it were my laptop? Sure, probably not worth this kind of security. Someone could get credit card numbers, site passwords perhaps, and possibly enough personal information to do some identity theft scheme... Damaging stuff, potentially, but probably not worth their while to extract the data, or worth my while to protect it.
But let's say it contained some sensitive, valuable information from my job - so that steal
Re: (Score:2)
Customs Agent: Please open and log on to your laptop.
Honeypot Owner: Yessir! (logs on to functional Win 7 partition while his private stuff is nicely hidden away)
The problem for me is that an 8 gig partition is not viable.
Re: (Score:2)
In general, when law enforcement has an instance where someone won't give up a password, they just put you in jail anyway, effectively that is just as good as finding you guilty, either way, you end up in jail. You lose.
Re: (Score:2)
In the US at least, contempt of court has a prison term of 'until you comply with the court order.'
Re: (Score:2)
Still untested for all practical purposes, but...
The fifth amendment here in the US *should* protect you from being compelled to give up passwords that are not written down, including punishment via contempt of court.
-nB
Re: (Score:2)
Re: (Score:2)
Failing that you take the Screwed less test:
Will disclosing the key screw me more or less than keeping it secret?
If the answer is less, well, give up the key.
If it is more give up the key with a typo or two.
(Ollie North style)
"I'm sorry sir I don't recall"
Re: (Score:2)
Re: (Score:2)
Isn't there a truecrypt feature that allows you to have 2 passwords, each one showing a different partition. This allows you plausible deniability. Just hand over the dummy password and they can see the stuff you want them to see.
And if you don't have a second one, they're assume you do anyway, and torture you until you give up the 'other' password.
Re: (Score:2)
That's why fixing this bug will help more for plausible deniability than Truecrypt's "feature": https://bugs.launchpad.net/ubuntu/+bug/148440 [launchpad.net]
When "everyone" has an encrypted partition/file whether they use it or not, it's much easier to deny using it.
Re: (Score:2)
Re: (Score:2)
Really?
Where was this?
Re: (Score:2)
Impossible in my jurisdiction.
Harmless fun (Score:2)
this much effort is excessive
Oh let the guy fantasize that he's Johnny Mnemonic or whatever. It's preferable to playing with guns and pretending he's The Terminator
Re: (Score:2)
It's preferable to playing with guns and pretending he's The Terminator
As long as he only blows out their kneecaps, they'll live.
Re: (Score:2)
The real enemy, which is the alien space zebra vampires that are out to suck your blood.
Seriously, this much effort is excessive considering the value of what anybody in a normal situation should have on their laptop. If you have a genuine need for this, you should be on the level of the person carrying the Football, and as such, you would be better investing in the Secret Service equivalent.
I think the education of the author and indirectly those who read the post goes far beyond the value of protecting that particular laptop. I don't have the patience to spend as much time as he did researching and experimenting, but now I can benefit for his work by implementing some of the same protections. The logical extension of this project would be to produce an install disk making it possible for anyone to have the same level of security on her laptop with only slightly more effort than a standard Ubu
Re: (Score:2)
Only if you're a Packers or Lions fan.
Re: (Score:2)
wow (Score:2, Funny)
you must value your pron a whole lot more than i do.
Really? (Score:1)
An attacker could cool the RAM, remove it from the running machine, place it in a second machine and boot from that instead.
Is this the whole "freeze electrons in place" nonsense? I'd love to see a real world example of this actually working.
Sounds like the whole "well if you dont wipe your drive with zeros a hundred times a guy with a tunneling electron microscope could count the off spin of the variant quarks.. blah blah " ie; theoretically possible with infinite funding, but not feasible in real life
Re: (Score:3)
I was surprised to read that too, but apparently freezing RAM in liquid nitrogen can retain the data stored in it for up to a week. All RAM modules have some data remanence, apparently [wikipedia.org], and data can last for a few seconds or even minutes in RAM after power loss at room temperature (which is why the hard reset attack works at all) and longer if the modules are cooled (even without liquid nitrogen). I imagine a can of compressed air held upside down would do the trick in a pinch. I was surprised too, but it
Re: (Score:2)
Re: (Score:3)
as an undergrad, I interfaced a DRAM chip (with internal refresh logic) to an FPGA connected to an ADC and DAC with microphone and speaker. The FPGA was configured to contain a soft processor of my own design, which ran a hard coded program that simply read from the ADC and wrote to sequential ram positions when one button was pressed, and read from ram and wrote to DAC when the other was pressed. The DRAM thus contained uncompressed PCM data.
If I recorded myself saying something, and then pulled the plug a
Re: (Score:2)
Re: (Score:2)
Umm - no.
Permittivity of the dielectric is pretty much constant with temperature.
Leakage current through that dielectric is strongly influenced by temperature.
Who needs registers (Score:2)
Although I am having my suspicions that the little bugger is selling information to the north korean hamsters...
Paranoid Much? (Score:2)
There's caring about the safety and security of your data, then there's being obsessed about the safety and security of your data, and way over the horizon is this guy.
Re:Paranoid Much? (Score:5, Insightful)
Think of it like a hobby. It may not be really practical, but it's interesting to some people.
Re: (Score:2)
Those people arent using Ubuntu, though, thats the really absurd thing.
Re: (Score:2)
There is also just being interested and wondering if you can do it. There is also the possibility of doing it because someone large like a major national government's thugs (china, US, etc) want your data, or the data of the people you are developing the procedures to help.
of course, if thats the case, then.... this is perhaps not over the horizon at all, they are, in fact, inadequate protections.
Course, nothing will protect you from the "$5 wrench" scenario (not that any government would ever pay that litt
Re: (Score:2)
Unless he's talking abut color codes and security clearances I don't think he's being overly paranoid. Although tampering with a computer is highly suspicious.
A lot of work for little gain (Score:3)
TRESOR is an implementation of AES as a cipher kernel module which stores the keys in the CPU debug registers, and which handles all of the crypto operations directly on the CPU, in a way which prevents the key from ever entering RAM.
Awesome, its stores the keys in the cpu debug registers when in use. The data to recreate them still has to flow into the CPU from ram, so all you're taking out is the path between ram and the CPU for an intermediate step. So all you get is a speed boost, no security gain since the attacker already knows the algorithm your using and all the data you provided to the CPU. The speed boost is nice if its being used all over the place (like for an encrypted FS) but otherwise its not that big of a deal and its certainly not new.
As for the rest, cryptfs or bitlocker with your screensaver/lock setup to throw out your keys when the screen blanks/suspends/whatever.
So basically Win7 with BitLocker enabled or whatever alternative setup results in the same thing on Linux. Its not even a little hard, and you've already got well past the point where they'll just beat the password out of you.
If you did it to learn, good for you. If you did it for some sort of practical value, then this really is one place where epic fail applies.
Re: (Score:2)
I believe the idea is to load the keys into the debug registers, and then erase the keys from memory. Then cold-boot attacks won't work.
Yes, the keys do go into RAM, but you significantly reduce the amount of time that they are there. Normally, keys are in RAM as long as there is a mounted cryptfs.
Re: (Score:2)
The massive, gigantic problem with all of this is that "weakest link" applies here. Theyre not going to wait for you to turn off your compter and walk away so they can do a RAM dump, theyre simply going to modify your bios or bootloader or insert a keylogger inbetween the keyboard and motherboard, and find out your passphrase.
So at the end of the day TRESOR and all the rest is wonderful, but it doesnt prevent the hardware from being tampered with except in the most theoretical and irrelevant manner.
Re: (Score:3)
theyre simply going to modify your bios or bootloader or insert a keylogger inbetween the keyboard and motherboard, and find out your passphrase.
That's a significantly different threat model. It presumes that the attacker can gain access to your hardware, modify it, then return it to you without you noticing it was gone or that it was modified, and then take your machine again.
Not that this is impossible, but it raises the stakes and the difficulty significantly.
Re: (Score:2)
If youre worried about encrypting the contents of RAM, youre trying to protect against an attack which needs far more physical access than booting off of a CD and loading a malicious MBR onto the drive.
Re: (Score:2)
If youre worried about encrypting the contents of RAM, youre trying to protect against an attack which needs far more physical access than booting off of a CD and loading a malicious MBR onto the drive.
Right, you have to take the laptop. So? In many contexts this is significantly easier than getting control of it twice, with the owner none the wiser in between.
Re: (Score:3)
The security gain comes from the fact that it is feasible to perform a side-channel attack on RAM but infeasible to perform a side-channel attack on CPU registers. The data to recreate the keys is scrubbed from RAM; the keys never leave RAM. I have done work on a similar project to TRESOR, called Loop-Amnesia [livejournal.com], which uses MSRs instead of the debug registers to perform the same task and does not require AES-NI support.
---linuxrocks123
Re: (Score:2)
Sorry, the keys never leave the debug registers -- the keys are not computable from anything in RAM.
BitLocker comparison (Score:2)
Since I recently set up BitLocker on a Windows 7 laptop (requires Ultimate or Enterprise which are not cheap) - if you have a TPM chip it's convenient to use in the default setup with keys held in the TPM, but if the laptop is stolen it doesn't stop anyone booting it and trying passwords, though it does stop them booting from CD/USB drive to read the disk, or putting the disk in another PC.
TrueCrypt and commercial Windows tools such as PointSec which require a separate disk decryption password every time yo
Re: (Score:2)
TRESOR is an implementation of AES as a cipher kernel module which stores the keys in the CPU debug registers, and which handles all of the crypto operations directly on the CPU, in a way which prevents the key from ever entering RAM.
Awesome, its stores the keys in the cpu debug registers when in use. The data to recreate them still has to flow into the CPU from ram, so all you're taking out is the path between ram and the CPU for an intermediate step. So all you get is a speed boost, no security gain since the attacker already knows the algorithm your using and all the data you provided to the CPU. The speed boost is nice if its being used all over the place (like for an encrypted FS) but otherwise its not that big of a deal and its certainly not new.
As for the rest, cryptfs or bitlocker with your screensaver/lock setup to throw out your keys when the screen blanks/suspends/whatever.
So basically Win7 with BitLocker enabled or whatever alternative setup results in the same thing on Linux. Its not even a little hard, and you've already got well past the point where they'll just beat the password out of you.
If you did it to learn, good for you. If you did it for some sort of practical value, then this really is one place where epic fail applies.
You clearly didn't read much of TFA and only demonstrate your own ignorance. The speed benefit for AES encryption comes from the AES-NI instructions in recent Intel CPUs regardless of where the key is stored. There is not a speed benefit from using TRESOR (which does use AES-NI when available), but it does make cold boot attacks on systems with encrypted disks much more difficult. This is because the key used to decrypt the disk contents only needs to exist in RAM long enough to copy it to CPU registers. Af
Re: (Score:2)
non removable memory (Score:2)
An attacker could cool the RAM, remove it from the running machine, place it in a second machine and boot from that instead
Half of my netbook's memory isn't removable and if the author is actually worried about this kind of thing he can get a similar model and bite the bullet on performance by operating it with only the internal ram. I doubt the residual charge would last through unsoldering the chips and attaching them to a board to be put in another machine.
Re: (Score:2)
Re: (Score:2)
this begs the question (Score:2, Insightful)
Re: (Score:3)
Worse. Photos of kittens playing with balls of yarn! Something that he can't let his colleagues see lest he be shamed for the rest of his life.
Re: (Score:2)
What does he have on his laptop that's so gd important that he has to go through this much hassle to secure it....kiddie porn?
Security does not imply criminality. Go fuck up some other thread, you asswipe troll.
Re: (Score:2)
If it leaves my side, I will consider it tainted, and do a reinstall. I really am willing to be that anal
Sure does seem like a lot of hassle to go through for not hiding something.
Re: (Score:2)
He has very important secrets.. Things so important, that he trusts a single USB drive to continue to work so that he can access it (since that is where he stores his FDE key. Oh, and a smartcard for his PGP) So two things to lose (or someone that wants to prevent him from pubiishing or whatever, just has to destroy..
Solving the wrong problem (Score:2)
If your laptop is valuable enough that someone would go through the effort of chilling the RAM and booting the machine, you should probably not be laying your laptop out on the table at Starbucks. In fact, if your laptop is that valuable, you've done something incredibly stupid in your systems design.
Encrypt the data (either individual files, your homedir, or the whole drive), and don't use a really stupid password. If that's not good enough for your data, then your data belongs on a system which is not p
Re: (Score:2)
Err, booting it in a different machine. Though I suppose one can imagine a criminal saying "Aww man, it's turned off. Well, off to find an easier target!". :)
boot partition on usb disk (Score:2)
"Man, i can't boot anymore, that sucks!"
"How come?"
"A fish ate my USB disk"
Interesting and overkill at the same time... (Score:2)
However, I live by a basic rule that's served me well. Laptops are fundamentally weak places to keep data.
Here's a protip: (Score:2)
Partial solution (Score:2)
USB and Firewire Ports, meet Mister Hot Glue Gun. Mister Hot, the heat is on, do your thing, get some holes lubed up, do the old in-out, fill 'em up good with the creamy goodness.
Re: (Score:3)
Re: (Score:2, Funny)
Re: (Score:2)
Go for it, not like it'll affect his karma.
Re: (Score:3)
Your not the new one.... someone needs to tell Soulskill the obligatory XKCD belongs in the comments not the summary.
Jeez, taco's gone for one day and posters start slacking.
Re: (Score:3)
Gee, I wonder how that link got planted into your mind...
INCEPTION
Re: (Score:2, Funny)
Re: (Score:2)
Unless they know what they want and don't find it in your primary encrypted drive, in which case they'll continue to beat you. What, you don't think they also know about plausibly deniable encryption?
Re: (Score:3)
Unless they know what they want and don't find it in your primary encrypted drive, in which case they'll continue to beat you. What, you don't think they also know about plausibly deniable encryption?
With pretty much every nation either already being a police state or quickly becoming one, I don't see any scenario in which they would actually avoid the sadistic pleasure of beating on a suspect, whether or not they really think they could get what they want.
Re: (Score:2)
Re: (Score:3, Informative)
Let me put my tinfoil hat on for a moment... Beatings aren't necessary, the US gov't can simply use the NSAKEY [google.com] to decrypt anything encrypted using Microsoft libraries...
This story is about an Ubuntu laptop. I doubt any Microsoft libraries were used.
Re: (Score:2)
Oh, wait now - let's not take our tinfoil hats off to quickly! You don't think that Canonical took a bribe from the US government to use Microsoft libraries on their machine do you? Hey, they might be disguised with a new name or something!
Thanks for your post though - when I read GP post, I was sort of scratching my head. "Didn't I read Ubuntu in the summary?" My brain works slow when I wake up, but it does work, LOL
Re: (Score:2)
Re: (Score:2, Informative)
Fairly easy to detect, if you have access to the target machine multiple times.
Take bit-level snapshot of hard drive on first visit.
On subsequent visits, take bit-level snapshots and compare them. If the "random" data changes between snapshots, then something is touching it and your plausibility goes out the window.
Re: (Score:2)
Re: (Score:2)
"how much you want to keep the data compared to how much you want to keep it secret."
Exactly. When the data becomes a liability, then you wipe it.
Re:Or for even better security... (Score:4, Funny)
Doesn't protect you from Murlocs or Aquaman.
Aquaman is out to get you, that's why he has been using his aquatic telepathy to convince you to throw your laptop overboard.
The concrete is to protect it from the pressure.
He's very cunning. You have to be with such a lame power.
Re: (Score:2)
Re: (Score:2)
Ah yes, the Marinara trench, located not far from the Leaning Tower of Pizza in Italy. ;)
Re: (Score:3)
The only people who I could reasonably see being at risk for this would be people like national leaders, diplomats and other REALLY IMPORTANT PEOPLE. I can't imagine such an attack being used against average people, and beyond that even in the case of REALLY IMPORTANT PEOPLE, it's going to have to be done pretty bloody quickly, and I still question how much data you're going to get out of it in real world conditions.
I'm putting this under "paranoid schizophrenic".
Re: (Score:2)
When it comes to security, the question is not "are you paranoid?", it's "are you paranoid enough?". Sure, for most people, the answer is "yes", but this is a useful resource nonetheless.
If I ever end up having to move a file of social security numbers or medical records on a portable device, I'll definitely be referring to this and choosing an appropriate level of paranoia.
Re: (Score:2)
The more sensible thing at that point would be not to store it on any kind of portable computer at all, but rather on an encrypted drive of some kind.
Re:Bullshit! (Score:4, Informative)
It is a theoretical possibility and has been shown to be possible.
Lets be honest though.... it is just not that likely of an attack. Lets not forget you can't encrypt your initrd... Unless you store your boot partition on a USB key and carry it with you, then it can be modified by an attacker. All he has to do it reboot the machine, install a key logger in the initrd, and get the passphrase the next time you type it in.
That or install one between the keyboard and machine. Hell, can probably do everything he needs from the USB bus. Did they ever fix that USB bus problem where a USB device could get full DMA without any OS help required? Hell the USB device could even be installed inside the laptop so its active and invisible while you use it.
Thats before we even talk about things like, installing a pinhole camera to record your keystrokes....oh or using audio, as its been demonstrated that you can reliably recover typed information from recordings of the typing.
Without physical security there is no security. You can't prevent your hardware from being booby trapped... and there are people out there with entire labs devoted to producing this sort of clandestine equipment. Hell, the FBI is known in some instances to have put a tarp in front of a whole house at night, with a print of the original house on it...just so they could work undetected.
Its all a matter of who wants your data and what they are willing to get it.
-Steve
Re: (Score:3)
Lets not forget you can't encrypt your initrd...
You can compute its hash, though, and fail to boot if the hash has changed. See TrustedGrub.
Re: (Score:2)
Awesome ... except I can also update the hash when I hax0r your initd args.
Hell, I could just throw a custom hypervisor in the boot process and you'd never even know.
Re: (Score:2)
No, actually, you can't. Read up on TrustedGrub if you want to comment intelligently.
USB devices don't "get DMA" (Score:3)
You are thinking of firewire.
Re: (Score:2)
Doesn't USB3 have a DMA mode? ISTR reading something that made me think that USB3 was coming to the same wide world. Of course, if your platform has a working IOMMU it's potentially not a problem anyway.
Re: (Score:2)
All flavors of USB have DMA but they require the CPU to setup the transfer while with Firewire it can be initiated from the device.
Re: (Score:3)
It is a theoretical possibility and has been shown to be possible.
If he is referring to "putting the RAM into another PC" and "booting from the ram", hes full of crap and isnt qualified to defend against these attacks. Every theoretical attack I have heard of relies on specialized hardware to read the RAM without altering it.
Re: (Score:2)
Its all a matter of who wants your data and what they are willing to get it.
It's my wife. To get my data, she's willing to do anything except have sex with me
*cries*
Re: (Score:2)
Not to mention that protecting laptops from sophisticated attacks is not the problem right now.
Protecting servers from unsophisticated attacks is what we apparently need.
Re: (Score:2)
Care to elaborate? It's really not very hard at all to put the RAM in another machine, and boot that machine with a little bootloader/program that just dumps to contents of RAM to a file.
The dude even linked to the tool and the technical explanation: http://www.mcgrewsecurity.com/tools/msramdmp/ [mcgrewsecurity.com]
Re: (Score:2)
Re: (Score:2)
Question: Wouldnt sticking the RAM into another computer be a MASSIVE risk, given the POST ram checks etc, and the fact that you really dont know what parts of RAM the boot CD will overwrite?
Re: (Score:2)
Many middle- and almost all high-end servers have hot-swappable RAM. When you're dealing with large numbers of RAM modules, and downtime is expensive, you want to be able to swap as much as possible at run-time.
Re: (Score:2)
Obviously you don't know modern RAM. DRAM needs to be refreshed a lot, but it is surprisingly stable. The longer data is held static in DRAM, the more likely it'll last between boot sessions.
I've done it to debug an OS - the OS logged to RAM, and when it crashed, I merely powercycled the board and could access t
Re: (Score:2)
Here's a deep and dark secret about digital electronics: it really analog and subject to the same laws of physics as everything else. The only reason why we call it digital is because of how we treat those analog signals. Voltages between 0 V and 0.8 V may be considered as a 'zero', voltages between 2.8 V and 3.5 V may be considered as 'one'. And, of course you don't have a clean transition between those two states either. The transition is defined by the properties of the materials. The properties of
Re: (Score:2)
The hard drive is encrypted, with a password entered in the boot process to decrypt the disk. So removing the hard drive without knowing the encryption key is useless.
Re: (Score:2)
Especially if you use Bitcoin.;)
Re: (Score:2)
Trusted Computing requires that you don't have the master key for your computer. That's evil.
Protected boot sequence (it has another name, I won't bother to search it, sorry) is not inherently evil. It is only evil if used with Trusted Computing.