From owner-freebsd-security Tue Dec 22 10:07:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA24981 for freebsd-security-outgoing; Tue, 22 Dec 1998 10:07:25 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA24972 for ; Tue, 22 Dec 1998 10:07:21 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id TAA45326; Tue, 22 Dec 1998 19:07:11 +0100 (CET) (envelope-from des) To: Robert Watson Cc: Dag-Erling Smorgrav , cjclark@home.com, Janos Mohacsi , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: From: Dag-Erling Smorgrav Date: 22 Dec 1998 19:07:10 +0100 In-Reply-To: Robert Watson's message of "Tue, 22 Dec 1998 12:16:13 -0500 (EST)" Message-ID: Lines: 52 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson writes: > On 21 Dec 1998, Dag-Erling Smorgrav wrote: > > "Crist J. Clark" writes: > > > "There is no security without physical security." > > Well, you can translate physical access to the computer into physical > > access to a more manageable item, such as a Java ring, if you use some > > kind of hardware device which strongly encrypts your disks and keep > > the encryption key on the Java ring. The idea is that you can't boot > > the computer without the ring, and you can't decrypt the contents of > > the disk drive without it either (not within reasonable amounts of > > time, anyway). > I'm actually not sure this is a solution. If I have physical access to > the machine, I can induce (via hardware or software) a mechanism to > capture your key when or before you attach the key to the machine so that > the decryption can occur. We're making different assumptions. You're making the assumption that you can get access to my machine, install your snooper and get out undetected. I'm making the assumption that you can get access to my machine and try to reboot it into single-user mode (perhaps using a boot disk) but that afterwards, I know you've been there and will take appropriate measures (examine the hardware for traces of tampering, etc.) > I think there is a fairly strong evidence that > 'tamper-proof hardware' simply cannot exist, at least not economically, if > not at all. If your key was required to perform the disk-decryption > operations, presumably that is a step in the right direction, but if it > just transfers the key, I come in and set something up to intercept the > key when you arrive to boot the machine. Yes, I was envisaging a system where the floppy contains a short program which downloads the key to the cryptographic hardware, and proceeds to boot the OS. Obviously, if you can snoop the key you're in. But it would be trivial (in the sense of "it's been done before") to implement a challenge-response protocol which makes playback attacks impossible. You then have two keys: one which is used to encrypt and decrypt harddisk data, and one which is used for downloading the other key to the controller (or for negotiating a session key, or whatever). The controller has one half of the negotiation key stored in NVRAM and uses it to generate challenges; the iButton has the other half, which it uses to generate responses. When the controller and the iButton are satisfied that they are talking to the intended protagonist, the iButton transfers the encryption key, encrypted with the negotiation key or a one-time session key to the controller. I don't think this is particularly revolutionary stuff; in fact I wouldn't be surprised if there were already systems on the market that behave as I described. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message