premio
join:2002-02-17
Antelope, CA
| reply to Daniel
Re: Disk encryption may not be secure enough
said by Daniel  :said by premio :said by Daniel :Risk to home users: LOW Risk to most corporate users: LOW Risk to some very specific users in certain industries: MED to HIGH I disagree with the most corporate users rating. This method is so easy that a script kiddie will be able to do this in months. But they still need the recently-logged-into corporate asset before they can even try. That's the point -- it's two pieces. They need the know-how PLUS physical access. Not only that, but in a few months most vendors will have built controls into their products that reduce the risk even further. Physical access to an important laptop is INCREDIBLY easy if you rae a malicous entity who has already engineered your way into working for the target company. I've seen executives leave their laptops on, and locked, with noone around for hours on end. The chance gets more remote outside of the office, but still there. Until this announcement I for one had always hybernated my laptop when traveling back and forth.
Curious to how they will mitigate it. The programmers example about keeping track of where memory dynamically moves information to is impossible? Won't they have to go to hardware USB dongles? |
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs: 
| reply to jig
said by jig :said by Daniel :Not only that, but in a few months most vendors will have built controls into their products that reduce the risk even further. pthpt. i bet not. the problem has been around for decades. True, but without this kind of attention and an environment where vendors who are so enthusiastic about outdoing each other.
--
dmiessler.com -- grep understanding knowledge |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to swhx7
said by swhx7 :When I suggested, on the 2nd page, that this would solve the current problem (it could also be user-friendly, etc.) - you dismissed the idea saying it would be backdoored.
There is a difference in trusting onto ONE system (TPM) and trusting manufactorer X:s system (encrypted hdd). quote:
All this points to the question of how it can be verified that a hardware device - whether a crypto chip or a hard drive - is free from anti-owner subversions such as crypto backdoors or APIs for DRM. All I can think of is open specs, open schematics, and analysis by independent researchers.
Yes. And also, having many manufactorers who actually make different kinds of those systems also gives more security margin. |
|
jig
join:2001-01-05
Hacienda Heights, CA
| reply to Daniel
said by Daniel :Not only that, but in a few months most vendors will have built controls into their products that reduce the risk even further. pthpt. i bet not. the problem has been around for decades.
other than the DRM aspects of some encryption schemes, there always needs to be some way to get into the encrypted space when the user forgets their password. fuse-based schemes aren't going to work for that, but keeping all data online would. of course, keeping it all online almost precludes the need for a laptop in the first place. and, your password to online access is still sniff-able.
basically, i see this as a public service announcement in three areas:
1) for those who want to carry their laptop overseas, encrypting areas of your HD isn't going to be enough if you've been targeted for a search.
2) for those that keep other's private information on their laptop, for whatever reason, we have yet another way to point out how negligent that can be without some serious rules. at some point someone is going to sue over negligent safeguarding of important data, and a NYTimes article will be great evidence for "should have known".
3) for those that fear a laptop theft, the value of stolen laptops just got bumped a little. if the thief doesn't have to install a new OS AND can access whatever info is on the laptop, he probably gets more money either through collateral operations or in the outright sale (though no smart thief would keep the original OS for long, too many things like lapjack floating around).
it should increase everyone's vigilance in all three areas. |
|
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| reply to jansson_mark
said by jansson_mark :Im just wondering... This is good example why hardware based encryption would be just soooooo much better alternative ... Why the heck there arent any hw-based encryption tools available that ACTUALLY WORK and are secure?!?
When I suggested, on the 2nd page, that this would solve the current problem (it could also be user-friendly, etc.) - you dismissed the idea saying it would be backdoored.
There have already been some proposals for hardware encryption on HDDs and other PC components - but the techie community has rejected them because of the obvious potential for the tech being used for DRM instead of security for the user. In fact, whenever there is some news of such devices being developed, it's clear there is more incentive for the manufacturers to sell the users to the copyright cartel than for anyone to look after users' interests.
So now you're the one proposing it. How do you answer these criticisms? My suggestion, above, was a chip with some of the anti-tamper characteristics of TPM, but with the user control that actual TPMs are designed to prevent.
All this points to the question of how it can be verified that a hardware device - whether a crypto chip or a hard drive - is free from anti-owner subversions such as crypto backdoors or APIs for DRM. All I can think of is open specs, open schematics, and analysis by independent researchers. |
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:
| reply to premio
said by premio :said by Daniel :Risk to home users: LOW Risk to most corporate users: LOW Risk to some very specific users in certain industries: MED to HIGH I disagree with the most corporate users rating. This method is so easy that a script kiddie will be able to do this in months. But they still need the recently-logged-into corporate asset before they can even try. That's the point -- it's two pieces. They need the know-how PLUS physical access.
Not only that, but in a few months most vendors will have built controls into their products that reduce the risk even further.
--
dmiessler.com -- grep understanding knowledge |
|
premio
join:2002-02-17
Antelope, CA
| reply to Daniel
Re: Disk encryption may not be secure enough
said by Daniel :Risk to home users: LOW Risk to most corporate users: LOW Risk to some very specific users in certain industries: MED to HIGH I disagree with the most corporate users rating. This method is so easy that a script kiddie will be able to do this in months. The Risk to corporate users would be medium, because although the probability is low that a script kiddie will also steal a laptop, it will occur because we all know young h4x0rs will do this; some just to try out this cool new hack. If they feel guilty they can always return the laptop when their done and colect a reward.
Now that the ease is well known, a corporation will have a due digilence to fix the problem. FISMA regulations require sufficient encryption, and now the risk to the company is the cost of negligence and not the actual risk of information. |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| reply to Shamayim
said by Shamayim :said by jansson_mark :There are [a] dozen...NSABACKDOORED... versions How do you know? He works for the NSA and just thought he'd share. |
|
Shamayim
I already have a Messiah.
Premium
join:2002-09-23
| reply to jansson_mark
said by jansson_mark :There are [a] dozen...NSABACKDOORED... versions How do you know?
--
Who is Jesus? and Why it matters (to YOU).
|
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA
 ·Sprint Mobile Broa..
| reply to Daniel
I think your risk evaluation is pretty good. The only place besides Starbucks where I think this may be a concern is in airports/train stations. A group could decide that a significant number of laptops there belong to business travelers. There might be enough machines with trade secrets on them that are in sleep or hibernate to make it worth grabbing whatever they could get their hands on and have a little shop nearby playing RAM games.
I would also be concerned about insiders being able to grab SSL/SSH machine keys at server farms without logging in. Many of the typical recommendations to protect those machines by not allowing booting from removable media, password on GRUB, etc. could be bypassed by removing RAM. I believe the keys are loaded whenever the server is running, whether or not anyone is logged in. Hot swappable RAM is a real risk, they wouldn't even have to power cycle the machine. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to SUMware
Im just wondering...
This is good example why hardware based encryption would be just soooooo much better alternative. Think about it. Think about HDD with build-in encryption:
- Attach it to 5,25" slot like CDrom.
- To use it, you have to put in smart card to its own reader and type in PIN code (reader and keypad are in the same slot/device, easily accesible and visible). Without them, it doesnt even register to BIOS as hdd.
- Seed used for encryption is kept in tamper-proof chip on the device that kills itself if device is tampered.
- Encryption keys are stored encrypted in the tamper-proof smart card.
- Encryption is AES-Twofish-Serpent in XTS mode in both smart card and in hdd.
- Any time you take card off, the hdd goes down and becomes un-registered even from BIOS.
puff.
Why the heck there arent any hw-based encryption tools available that ACTUALLY WORK and are secure?!? There are dozen snakeoil-shitty-DES-ECB-NSABACKDOORED-POS versions available, but nothing thats actually secure and yet pretty easy to use.
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
 ·Verizon Online DSL
2 edits | reply to LanDroid2
said by LanDroid2 :Dave said Then you or the CIO should be fired for gross negligence. Put the records on a secured server in a locked room. There is then little concern about someone stealing the server RAM before it has had time to get cold. Hey cool, way to kick ass, but what you're really saying is anyone who puts data of any value on a laptop is guilty of gross negligence. Is that realistic even if methods like whole disc encryption are used? No! Knowledge of this problem has already expanded from geeky security forums to the NY Times. Stop the finger pointing and get on with solutions... I think what he's saying is more along the lines that anyone who puts "other people's data" on a laptop is guilty of negligence. It cuts right to the heart of a major part of the whole data security issue: who is responsible (and to what degree) for protecting OPD that has come into their possession, particularly sensitive and private data? It is hard to conceive of a valid reason for OPD to be on a laptop in the first place, especially a laptop that is taken out of the facility... that stuff should reside on the organization's secured servers - and stay only on those servers.
That keeping OPD strictly on secured servers is not currently a universal practice indicates clearly the pervasive casual attitude so many players have with regard to OPD. It's not their data - so its loss and the consequences will be somebody else's problem. That results in functional negligence. Excuses used: it's the thiefs fault... it's the airline's fault... it's the hotel's fault... it's the car-rental's fault... it's Microsoft's fault... it's the data subject's fault... it's somebody else's fault. It's the fault of everyone except the people who made the choice (and it is a choice) to expose somebody else's sensitive data to less-than-sensitive handling, either procedurally or personally. Personal convenience is trumping sound custodial responsibility.
The most critical "fix" for attacking this problem is to hold the custodians of OPD (at all corporate levels) legally accountable for mis-handling the data entrusted to their possession - including taking it where it doesn't belong on a mobile laptop. And that needed accountability must first start with the cultural and legal recognition that custodians even have responsibilities in this area. We have such a long way to go...
--
If God wanted us to work with electrons, He'd make them big enough to see... |
|
javaMan
Premium,MVM
join:2002-07-15
San Luis Obispo, CA
| reply to SUMware
Perhaps I've overlooked something but while WDE is the current fad, I don't see it as essential to good security and in a way, overkill. In most cases, unless there is some special custom software on the machine, it is the data that really needs protection. In my case, I use a PGP encrypted volume file to protect my critical data. I mount the volume at startup and there is no key stored in memory to be at risk when the volume is unmounted--it is configured to unmount at sleep as well. Even though the risk from this attack is minimal to most users, it seems more practical in general to use encrypted virtual disks to protect what really need protection rather than relying on WDE for the entire drive.
By the way, here is a response for PGP users on the topic of this attack for anyone interested.
--
Woe unto them that call evil good, and good evil; that put darkness for light, and light for darkness. . . Isa. 5:20 |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
 ·Verizon FIOS
| reply to russotto
said by russotto : Great news for police who grab criminals computers and can now get the encrypted data off. At least for a while anyway.
Not really. If the criminals pull the plug when they hear the "BLAM BLAM BLAM Police", too much time will have passed. If they don't pull the plug at all, the issue is moot. Only if they pull the plug when the cop is right on top of them (and ready with some freeze spray) does it make a difference. Yes, exactly. The sky is not, in fact, falling on most users.
----
There seem to be two cases where this is useful:
1) The system is shut down as soon as the physical attack starts, and is captured within a few minutes - the only place the 'secret' exists is in decaying RAM.
In short, this approach prolongs the data-at-risk window by a few minutes, nothing more. As you point out, if they haven't powered off the machine, then this new attack is not going to be used.
2) The system is captured in a powered-up state but its defences cannot be pentrated (strong 'unlock' password, for example)
FWIW, in the second state, persuading it to hibernate seems like a more fruitful approach to attack than RAM transplantation.
Most laptops seem to be configured for hybrid suspend (sleep then hibernate), so I think they'll obligingly store those volatile RAM keys to persistent storage, which is much more convenient for attackers. (And remember, we're dealing with careless laptop owners, so I don't think one can claim they'll have turned that feature off). |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
·AT&T U-Verse
·AT&T Midwest
| reply to Daniel
The best scenario here is someone at Starbucks being identified as the head of XYZ corporation that holds highly sensitive information. A group of professional criminals track him, stalk him, and then steal his laptop and do the cold-RAM trick within moments after getting it.
Very possible, but not a serious risk for most users. Yes, that was also my assessment of the risk. It isn't anything I will be losing sleep over, but then I don't work for the XYZ corporation.
--
AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.12 |
|
Shamayim
I already have a Messiah.
Premium
join:2002-09-23
| reply to TKJunkMail
said by TKJunkMail :Great news for police who grab criminals suspects' computers and can now get the encrypted data off. At least for a while anyway. There, that's better.
--
Who is Jesus? and Why it matters (to YOU).
|
|
russotto
join:2000-10-05
Collegeville, PA
| reply to TKJunkMail
Great news for police who grab criminals computers and can now get the encrypted data off. At least for a while anyway.
Not really. If the criminals pull the plug when they hear the "BLAM BLAM BLAM Police", too much time will have passed. If they don't pull the plug at all, the issue is moot. Only if they pull the plug when the cop is right on top of them (and ready with some freeze spray) does it make a difference. |
|
Daniel
Premium,MVM
join:2000-06-26
Pleasanton, CA
clubs:
1 edit | reply to SUMware
Risk to home users: LOW
Risk to most corporate users: LOW
Risk to some very specific users in certain industries: MED to HIGH
So, the attacker needs to:
1. Have physical access to the system.
2. But not while the computer's been off for any significant period of time.
The best scenario here is someone at Starbucks being identified as the head of XYZ corporation that holds highly sensitive information. A group of professional criminals track him, stalk him, and then steal his laptop and do the cold-RAM trick within moments after getting it.
Very possible, but not a serious risk for most users.
The other issues arise from using sleep mode when sensitive data is in RAM, but that still requires 1) the theft, and 2) the high-level criminal group that both knows there's worthwhile data there and is able to pull off what they need to do.
And for the home user I just don't see much of a risk at all. Remember, the requirement is INDIVIDUAL targeting for a LOCAL attack. What criminal is going to take the risk of a breaking/entering or assault or even a vanilla bag snatch for a target that isn't guaranteed to have valuable data on it?
Thoughts?
--
dmiessler.com -- grep understanding knowledge |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ | reply to SUMware
Great news for police who grab criminals computers and can now get the encrypted data off. At least for a while anyway. |
|
